diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
new file mode 100644
index 0000000000..7f6d64ab86
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -0,0 +1,517 @@
+---
+title: Policy CSP - WindowsDefenderSecurityCenter
+description: Policy CSP - WindowsDefenderSecurityCenter
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 07/06/2017
+---
+
+# Policy CSP - WindowsDefenderSecurityCenter
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+
+
+## WindowsDefenderSecurityCenter policies
+
+
+**WindowsDefenderSecurityCenter/CompanyName**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+  |
+  3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
+
+
Value type is string. Supported operations are Add, Get, Replace and Delete.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableAppBrowserUI**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the app and browser protection area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the app and browser protection area in Windows Defender Security Center.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
+
+> [!Note]
+> If Suppress notification is enabled then users will not see critical or non-critical messages.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) Windows Defender Security Center will display critical and non-critical notifications to users..
+- 1 - (Enable) Windows Defender Security Center only display notifications which are considered critical on clients.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableFamilyUI**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the family options area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the family options area in Windows Defender Security Center.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableHealthUI**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the device performance and health area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the device performance and health area in Windows Defender Security Center.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableNetworkUI**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the firewall and network protection area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the firewall and network protection area in Windows Defender Security Center.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableNotifications**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of Windows Defender Security Center notifications.
+- 1 - (Enable) The users cannot see the display of Windows Defender Security Center notifications.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisableVirusUI**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete. Valid values:
+
+- 0 - (Disable) The users can see the display of the virus and threat protection area in Windows Defender Security Center.
+- 1 - (Enable) The users cannot see the display of the virus and threat protection area in Windows Defender Security Center.
+
+
+
+
+**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
+
+
Value type is integer. Supported operations are Add, Get, Replace and Delete.Valid values:
+
+- 0 - (Disable) Local users are allowed to make changes in the exploit protection settings area.
+- 1 - (Enable) Local users cannot make changes in the exploit protection settings area.
+
+
+
+
+**WindowsDefenderSecurityCenter/Email**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. The email address that is displayed to users. The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+
+
Value type is string. Supported operations are Add, Get, Replace and Delete.
+
+
+
+
+**WindowsDefenderSecurityCenter/EnableCustomizedToasts**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
+
+
Value type is integer. Supported operations are Add, Get, Replace, and Delete. Valid values:
+
+- 0 - (Disable) Notifications contain a default notification text.
+- 1 - (Enable) Notifications contain the company name and contact options.
+
+
+
+
+
+**WindowsDefenderSecurityCenter/EnableInAppCustomization**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709.Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
+
+
Value type is integer. Supported operations are Add, Get, Replace, and Delete. Valid values:
+
+- 0 - (Disable) Do not display the company name and contact options in the card fly out notification.
+- 1 - (Enable) Display the company name and contact options in the card fly out notification.
+
+
+
+
+**WindowsDefenderSecurityCenter/Phone**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users. Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
+
+
Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+
+
+**WindowsDefenderSecurityCenter/URL**
+
+
+
+
+ | Home |
+ Pro |
+ Business |
+ Enterprise |
+ Education |
+ Mobile |
+ MobileEnterprise |
+
+
+ |
+ 3 |
+ 3 |
+ 3 |
+ 3 |
+ |
+ |
+
+
+
+
+
+Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
+
+
Value type is Value type is string. Supported operations are Add, Get, Replace, and Delete.
+
+
+
\ No newline at end of file
diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
index 871ff7e560..41e39dc306 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
@@ -7,40 +7,31 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: high
-author: brianlic-msft
-ms.author: brianlic
+author: eross-msft
+ms.author: lizross
---
# Windows 10, version 1703 basic level Windows diagnostic events and fields
-
**Applies to**
-- Windows 10, version 1703
+- Windows 10, version 1703 and later
+The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information. The Basic level also helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-The Basic level gathers a limited set of information that is critical for understanding the device and its configuration including: basic device information, quality-related information, app compatibility, and Microsoft Store. When the level is set to Basic, it also includes the Security level information.
-
-The Basic level helps to identify problems that can occur on a particular device hardware or software configuration. For example, it can help determine if crashes are more frequent on devices with a specific amount of memory or that are running a particular driver version. This helps Microsoft fix operating system or app problems.
-
-Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data.
-
-You can learn more about Windows functional and diagnostic data through these articles:
-
+Use this article to learn about diagnostic events, grouped by event area, and the fields within each event. A brief description is provided for each field. Every event generated includes common data, which collects device data. You can learn more about Windows functional and diagnostic data through these articles:
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
- [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
-
-
+>[!Note]
+>Updated July 2017 to document new and modified events. We’ve added new fields to several Appraiser events to prepare for upgrades to the next release of Windows and we’ve added a brand-new event, Census.Speech, to collect basic details about speech settings and configuration.
## Common data extensions
### Common Data Extensions.App
-
-
The following fields are available:
- **expId** Associates a flight, such as an OS flight, or an experiment, such as a web site UX experiment, with an event.
@@ -51,8 +42,6 @@ The following fields are available:
### Common Data Extensions.CS
-
-
The following fields are available:
- **sig** A common schema signature that identifies new and modified event schemas.
@@ -60,8 +49,6 @@ The following fields are available:
### Common Data Extensions.CUET
-
-
The following fields are available:
- **stId** Represents the Scenario Entry Point ID. This is a unique GUID for each event in a diagnostic scenario. This used to be Scenario Trigger ID.
@@ -258,8 +245,23 @@ This event lists the types of objects and how many of each exist on the client d
The following fields are available:
+- **DatasourceApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device. on this device.
+- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device.
+- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device.
+- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device.
+- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device.
+- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device.
- **PCFP** An ID for the system that is calculated by hashing hardware identifiers.
-- **InventoryApplicationFile** The total InventoryApplicationFile objects that are present on this device.
+- **InventoryApplicationFile** The total InventoryApplicationFile objects that are present on this device.
- **InventoryMediaCenter** The total InventoryMediaCenter objects that are present on this device.
- **InventoryLanguagePack** The total InventoryLanguagePack objects that are present on this device.
- **InventoryUplevelDriverPackage** The total InventoryUplevelDriverPackage objects that are present on this device.
@@ -274,6 +276,7 @@ The following fields are available:
- **SystemWim** The total SystemWim objects that are present on this device
- **SystemTouch** The total SystemTouch objects that are present on this device.
- **SystemWindowsActivationStatus** The total SystemWindowsActivationStatus objects that are present on this device.
+- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device.
### Microsoft.Windows.Appraiser.General.ChecksumTotalPictureIdHashSha256
@@ -282,6 +285,21 @@ This event lists the types of objects and the hashed values of all the identifie
The following fields are available:
+- **DatasourceApplicationFile_RS3** The total DatasourceApplicationFile objects targeting the next release of Windows on this device.
+- **DatasourceDevicePnp_RS3** The total DatasourceDevicePnp objects targeting the next release of Windows on this device.
+- **DatasourceDriverPackage_RS3** The total DatasourceDriverPackage objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoBlock_RS3** The total DataSourceMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPassive objects targeting the next release of Windows on this device.
+- **DataSourceMatchingInfoPostUpgrade_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DatasourceSystemBios_RS3** The total DatasourceSystemBios objects targeting the next release of Windows on this device.
+- **DecisionApplicationFile_RS3** The total DecisionApplicationFile objects targeting the next release of Windows on this device.
+- **DecisionDevicePnp_RS3** The total DecisionDevicePnp objects targeting the next release of Windows on this device.
+- **DecisionDriverPackage_RS3** The total DecisionDriverPackage objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoBlock_RS3** The total DecisionMatchingInfoBlock objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPassive_RS3** The total DataSourceMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMatchingInfoPostUpgrade_RS3** The total DecisionMatchingInfoPostUpgrade objects targeting the next release of Windows on this device.
+- **DecisionMediaCenter_RS3** The total DecisionMediaCenter objects targeting the next release of Windows on this device.
+- **DecisionSystemBios_RS3** The total DecisionSystemBios objects targeting the next release of Windows on this device.
- **PCFP** An ID for the system that is calculated by hashing hardware identifiers.
- **InventoryApplicationFile** The SHA256 hash of InventoryApplicationFile objects that are present on this device.
- **InventoryMediaCenter** The SHA256 hash of InventoryMediaCenter objects that are present on this device.
@@ -298,6 +316,7 @@ The following fields are available:
- **SystemWim** The SHA256 hash of SystemWim objects that are present on this device.
- **SystemTouch** The SHA256 hash of SystemTouch objects that are present on this device.
- **SystemWindowsActivationStatus** The SHA256 hash of SystemWindowsActivationStatus objects that are present on this device.
+- **Wmdrm_RS3** The total Wmdrm objects targeting the next release of Windows on this device.
### Microsoft.Windows.Appraiser.General.DatasourceApplicationFileAdd
@@ -1617,15 +1636,15 @@ This event is used to gather basic speech settings on the device.
The following fields are available:
-- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device.
-- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
-- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
-- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked.
-- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities.
-- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
-- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices.
-- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities.
-- **RemotelyManaged** Indicates if the device is being controlled by a remote admininistrator (MDM or Group Policy) in the context of speech functionalities.
+- **AboveLockEnabled** Cortana setting that represents if Cortana can be invoked when the device is locked.
+- **GPAllowInputPersonalization** Indicates if a Group Policy setting has enabled speech functionalities.
+- **HolographicSpeechInputDisabled** Holographic setting that represents if the attached HMD devices have speech functionality disabled by the user.
+- **HolographicSpeechInputDisabledRemote** Indicates if a remote policy has disabled speech functionalities for the HMD devices.
+- **KWSEnabled** Cortana setting that represents if a user has enabled the "Hey Cortana" keyword spotter (KWS).
+- **MDMAllowInputPersonalization** Indicates if an MDM policy has enabled speech functionalities.
+- **RemotelyManaged** Indicates if the device is being controlled by a remote administrator (MDM or Group Policy) in the context of speech functionalities.
+- **SpeakerIdEnabled** Cortana setting that represents if keyword detection has been trained to try to respond to a single user's voice.
+- **SpeechServicesEnabled** Windows setting that represents whether a user is opted-in for speech services on the device.
### Census.Storage
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 789b57b03a..d479183398 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -14,6 +14,11 @@ author: jdeckerms
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
+## July 2017
+| New or changed topic | Description |
+| --- | --- |
+|[Windows 10, version 1703 basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)|Updated several Appraiser events and added Census.Speech.
+
## June 2017
| New or changed topic | Description |
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 26766b5852..6af08bd805 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -241,8 +241,22 @@
#### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
+## [Convert MBR partition to GPT](mbr-to-gpt.md)
+## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
+## [Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
+## [Add Microsoft Store for Business applications to a Windows 10 image](add-store-apps-to-image.md)
+## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
+## [Volume Activation [client]](volume-activation/volume-activation-windows-10.md)
+### [Plan for volume activation [client]](volume-activation/plan-for-volume-activation-client.md)
+### [Activate using Key Management Service [client]](volume-activation/activate-using-key-management-service-vamt.md)
+### [Activate using Active Directory-based activation [client]](volume-activation/activate-using-active-directory-based-activation-client.md)
+### [Activate clients running Windows 10](volume-activation/activate-windows-10-clients-vamt.md)
+### [Monitor activation [client]](volume-activation/monitor-activation-client.md)
+### [Use the Volume Activation Management Tool [client]](volume-activation/use-the-volume-activation-management-tool-client.md)
+### [Appendix: Information sent to Microsoft during activation [client]](volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md)
+## [Change history for Deploy and Update Windows 10](change-history-for-deploy-windows-10.md)
## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
new file mode 100644
index 0000000000..ca1d3c293d
--- /dev/null
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -0,0 +1,83 @@
+---
+title: Add Microsoft Store for Business applications to a Windows 10 image
+description: This topic describes how to add Microsoft Store for Business applications to a Windows 10 image.
+keywords: upgrade, update, windows, windows 10, deploy, store, image, wim
+ms.prod: w10
+ms.mktglfcycl: deploy
+localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: DaniHalfin
+ms.author: daniha
+ms.date: 07/07/2017
+---
+
+# Add Microsoft Store for Business applications to a Windows 10 image
+
+**Applies to**
+
+- Windows 10
+
+This topic describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. This will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
+
+>[!IMPORTANT]
+>In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
+
+## Prerequisites
+
+* [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md) for the tools required to mount and edit Windows images.
+
+* Download an offline signed app package and license of the application you would like to add through [Microsoft Store for Business](/store-for-business/distribute-offline-apps#download-an-offline-licensed-app).
+
+* A Windows Image. For instructions on image creation, see [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) or [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+
+>[!NOTE]
+> If you'd like to add an internal LOB Microsoft Store application, please follow the instructions on **[Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)**.
+
+## Adding a Store application to your image
+
+On a machine where your image file is accessible:
+1. Open Windows PowerShell with administrator privileges.
+2. Mount the image. At the Windows PowerShell prompt, type:
+`Mount-WindowsImage -ImagePath c:\images\myimage.wim -Index 1 -Path C:\test`
+3. Use the Add-AppxProvisionedPackage cmdlet in Windows PowerShell to preinstall the app. Use the /PackagePath option to specify the location of the Store package and /LicensePath to specify the location of the license .xml file. In Windows PowerShell, type:
+`Add-AppxProvisionedPackage -Path C:\test -PackagePath C:\downloads\appxpackage -LicensePath C:\downloads\appxpackage\license.xml`
+
+>[!NOTE]
+>Paths and file names are examples. Use your paths and file names where appropriate.
+>
+>Do not dismount the image, as you will return to it later.
+
+## Editing the Start Layout
+
+In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
+
+On a test machine:
+1. **Install the Microsoft Store for Business application you previously added** to your image.
+2. **Pin these apps to the Start screen**, by typing the name of the app, right-clicking and selecting **Pin to Start**.
+3. Open Windows PowerShell with administrator privileges.
+4. Use `Export-StartLayout -path .xml` where ** is the path and name of the xml file your will later import into your Windows Image.
+5. Copy the XML file you created to a location accessible by the machine you previously used to add Store applications to your image.
+
+Now, on the machine where your image file is accessible:
+1. Import the Start layout. At the Windows PowerShell prompt, type:
+`Import-StartLayout -LayoutPath ".xml" -MountPath "C:\test\"`
+2. Save changes and dismount the image. At the Windows PowerShell prompt, type:
+`Dismount-WindowsImage -Path c:\test -Save`
+
+>[!NOTE]
+>Paths and file names are examples. Use your paths and file names where appropriate.
+>
+>For more information on Start customization see [Windows 10 Start Layout Customization](https://blogs.technet.microsoft.com/deploymentguys/2016/03/07/windows-10-start-layout-customization/)
+
+
+## Related topics
+* [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
+* [Export-StartLayout](https://technet.microsoft.com/itpro/powershell/windows/startlayout/export-startlayout)
+* [Import-StartLayout](https://technet.microsoft.com/itpro/powershell/windows/startlayout/import-startlayout)
+* [Sideload LOB apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
+* [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
+* [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
+* [Windows Assessment and Deployment Kit (Windows ADK)](windows-adk-scenarios-for-it-pros.md)
+
+
diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md
index 7353568c47..c9b44a991f 100644
--- a/windows/deployment/change-history-for-deploy-windows-10.md
+++ b/windows/deployment/change-history-for-deploy-windows-10.md
@@ -12,6 +12,11 @@ ms.date: 06/28/2017
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
+## July 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| The table of contents for deployment topics was reorganized.
+
## June 2017
| New or changed topic | Description |
|----------------------|-------------|
diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 0b33aa08b4..15b695c9ad 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -26,24 +26,24 @@ You can use Group Policy settings, mobile device management (MDM) or Registry (n
In Group Policy, within **Configure Automatic Updates**, you can configure a forced restart after a specified instllation time.
-To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the instal**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installtion will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
+To set the time, you need to go to **Configure Automatic Updates**, select option **4 - Auto download and schedule the install**, and then enter a time in the **Scheduled install time** dropdown. Alternatively, you can specify that installation will occur during the automatic maintenance time (configured using **Computer Configuration\Administrative Templates\Windows Components\Maintenance Scheduler**).
**Always automatically restart at the scheduled time** forces a restart after the specified installation time and lets you configure a timer to warn a signed-in user that a restart is going to occur.
While not recommended, the same result can be achieved through Registry. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4**, set the install time with **ScheduledInstallTime**, enable **AlwaysAutoRebootAtScheduledTime** and specify the delay in minutes through **AlwaysAutoRebootAtScheduledTimeMinutes**. Similar to Group Policy, **AlwaysAutoRebootAtScheduledTimeMinutes** sets the timer to warn a signed-in user that a restart is going to occur.
-For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
## Delay automatic reboot
-When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installtion:
+When **Configure Automatic Updates** is enabled in Group Policy, you can enable one of the following additional policies to delay an automatic reboot after update installation:
- **Turn off auto-restart for updates during active hours** prevents automatic restart during active hours.
- **No auto-restart with logged on users for scheduled automatic updates installations** prevents automatic restart when a user is signed in. If a user schedules the restart in the update notification, the device will restart at the time the user specifies even if a user is signed in at the time. This policy only applies when **Configure Automatic Updates** is set to option **4-Auto download and schedule the install**.
You can also use Registry, to prevent automatic restarts when a user is signed in. Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU**, set **AuOptions** to **4** and enable **NoAutoRebootWithLoggedOnUsers**. As with Group Policy, if a user schedules the restart in the update notification, it will override this setting.
-For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
## Configure active hours
@@ -57,7 +57,7 @@ Administrators can use multiple ways to set active hours for managed devices:
- You can use Group Policy, as described in the procedure that follows.
- You can use MDM, as described in [Configuring active hours with MDM](#configuring-active-hours-with-mdm).
-- While not recommended, you can also configure active hours, as descrbied in [Configuring active hours through Registry](#configuring-active-hours-through-registry).
+- While not recommended, you can also configure active hours, as described in [Configuring active hours through Registry](#configuring-active-hours-through-registry).
### Configuring active hours with Group Policy
@@ -77,7 +77,7 @@ Any settings configured through Registry may conflict with any existing configur
You should set a combination of the following registry values, in order to configure active hours.
Under **HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate** use **SetActiveHours** to enable or disable active hours and **ActiveHoursStart**,**ActiveHoursEnd** to specify the range of active hours.
-For a detailed description of these regsitry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
+For a detailed description of these registry keys, see [Registry keys used to manage restart](#registry-keys-used-to-manage-restart).
>[!NOTE]
>To configure active hours manually on a single device, go to **Settings** > **Update & security** > **Windows Update** and select **Change active hours**.
@@ -94,7 +94,7 @@ To configure active hours max range through MDM, use [**Update/ActiveHoursMaxRan
## Limit restart delays
-After an update is installed, Windows 10 attemtps automatic restart outside of active hours. If the restart does not succeed after 7 days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from 7 days to a number of days between 2 and 14.
+After an update is installed, Windows 10 attempts automatic restart outside of active hours. If the restart does not succeed after 7 days (by default), the user will see a notification that restart is required. You can use the **Specify deadline before auto-restart for update installation** policy to change the delay from 7 days to a number of days between 2 and 14.
## Control restart notifications
@@ -123,7 +123,7 @@ To do so through MDM, use [**Update/SetAutoRestartNotificationDisable**](https:/
### Scheduled auto-restart warnings
-Since users are not able to postpone a scheduled restart once the deadline has been reached, you can configure a warning reminder prior to the scheduled a restart. You can also configure a configure a warning prior to the restart, to notify users once the restart is imminent and allow them to save their work.
+Since users are not able to postpone a scheduled restart once the deadline has been reached, you can configure a warning reminder prior to the scheduled restart. You can also configure a warning prior to the restart, to notify users once the restart is imminent and allow them to save their work.
To configure both through Group Policy, find **Configure auto-restart warning notifications schedule for updates** under **Computer Configuration\Administrative Templates\Windows Components\Windows Update**. The warning reminder can be configured by **Reminder (hours)** and the warning prior to an imminent auto-restart can be configured by **Warning (mins)**.
@@ -185,7 +185,7 @@ The following tables list registry values that correspond to the Group Policy se
There are 3 different registry combinations for controlling restart behavior:
- To set active hours, **SetActiveHours** should be **1**, while **ActiveHoursStart** and **ActiveHoursEnd** should define the time range.
-- To schedule a specific instllation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
+- To schedule a specific installation and reboot time, **AUOptions** should be **4**, **ScheduledInstallTime** should specify the installation time, **AlwaysAutoRebootAtScheduledTime** set to **1** and **AlwaysAutoRebootAtScheduledTimeMinutes** should specify number of minutes to wait before rebooting.
- To delay rebooting if a user is logged on, **AUOptions** should be **4**, while **NoAutoRebootWithLoggedOnUsers** is set to **1**.
## Related topics
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index 3fb9bda5d9..c42d403a33 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -21,8 +21,8 @@ With Windows 10, you can quickly upgrade from one edition of Windows 10 to ano
The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
X = unsupported
-✔ (green) = supported; reboot required
-✔ (blue) = supported; no reboot required.
+✔ (green) = supported; reboot required
+✔ (blue) = supported; no reboot required
|Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md
index e61588a105..adf60da2d7 100644
--- a/windows/deployment/windows-10-auto-pilot.md
+++ b/windows/deployment/windows-10-auto-pilot.md
@@ -1,6 +1,6 @@
---
title: Overview of Windows AutoPilot
-description: This topic goes over Auto-Pilot and how it helps setup OOBE Windows 10 devices.
+description: This topic goes over Windows AutoPilot and how it helps setup OOBE Windows 10 devices.
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
@@ -19,21 +19,21 @@ ms.date: 06/30/2017
- Windows 10
Windows AutoPilot is a collection of technologies used to setup and pre-configure new devices, getting them ready for productive use. In addition, you can use Windows AutoPilot to reset, repurpose and recover devices.
-This solution enables the IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
+This solution enables an IT department to achieve the above with little to no infrastructure to manage, with a process that's easy and simple.
## Benefits of Windows AutoPilot
-Traditionally, IT Pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
+Traditionally, IT pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them. Windows AutoPilot introduces a new approach.
From the users' perspective, it only takes a few simple operations to make their device ready to use.
-From the IT Pros' perspective, the only interaction required from the end-user, is to connect to a network and to verify their credentials. Everything past that is automated.
+From the IT pros' perspective, the only interaction required from the end user, is to connect to a network and to verify their credentials. Everything past that is automated.
Windows AutoPilot allows you to:
-* Automatically join devices to Azure Active Directory
-* Auto-enroll devices into MDM services, such as Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
+* Automatically join devices to Azure Active Directory (Azure AD)
+* Auto-enroll devices into MDM services, such as Microsoft Intune ([*Requires an Azure AD Premium subscription*](#prerequisites))
* Restrict the Administrator account creation
-* Create and auto-assign devices to configuration groups based on the devices' profile
+* Create and auto-assign devices to configuration groups based on a device's profile
* Customize OOBE content specific to the organization
### Prerequisites
@@ -41,7 +41,7 @@ Windows AutoPilot allows you to:
* [Devices must be registered to the organization](#registering-devices-to-your-organization)
* Devices have to be pre-installed with Windows 10, version 1703 or later
* Devices must have access to the internet
-* [Azure AD premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
+* [Azure AD Premium P1 or P2](https://www.microsoft.com/cloud-platform/azure-active-directory-features)
* Microsoft Intune or other MDM services to manage your devices
## Windows AutoPilot Scenarios
@@ -55,9 +55,9 @@ The Cloud-Driven scenario enables you to pre-register devices through the Window
The end user unboxes and turns on a new device. What follows are a few simple configuration steps:
* Select a language and keyboard layout
* Connect to the network
-* Provide email address (the email of the user's Azure Active Directory account) and password
+* Provide email address (the email address of the user's Azure AD account) and password
-Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure Active Directory, enrolled in Microsoft Intune (or any other MDM service).
+Multiple additional settings are skipped here, since the device automatically recognizes that [it belongs to an organization](#registering-devices-to-your-organization). Following this process the device is joined to Azure AD, enrolled in Microsoft Intune (or any other MDM service).
MDM enrollment ensures policies are applied, apps are installed and setting are configured on the device. Windows Update for Business applies the latest updates to ensure the device is up to date.
@@ -68,7 +68,7 @@ MDM enrollment ensures policies are applied, apps are installed and setting are
In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf.
-If you would like to capture that information by yourself, the following [PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) will generate a csv file with the devices' hardware ID.
+If you would like to capture that information by yourself, you can use the [Get-WindowsAutoPilotInfo PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo), which will generate a .csv file with the device's hardware ID.
>[!NOTE]
>This PowerShell script requires elevated permissions.
@@ -76,7 +76,7 @@ If you would like to capture that information by yourself, the following [PowerS
By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
Additional options and customization is available through these portals to pre-configure the devices.
-Options available for Windows 10, Version 1703:
+Options available for Windows 10, version 1703:
* Skipping Work or Home usage selection (*Automatic*)
* Skipping OEM registration, OneDrive and Cortana (*Automatic*)
* Skipping privacy settings
@@ -84,19 +84,19 @@ Options available for Windows 10, Version 1703:
We are working to add additional options to further personalize and streamline the setup experience in future releases.
-To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](/store-for-business/add-profile-to-devices.md) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
+To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/add-profile-to-devices) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
### IT-Driven
-If you are planning to use to configure these devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with WCD, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
+If you are planning to use to configure these devices with traditional on-premises or cloud-based solutions, the [Windows Configuration Designer](https://www.microsoft.com/store/p/windows-configuration-designer/9nblggh4tx22) can be used to help automate the process. This is more suited to scenarios in which you require a higher level of control over the provisioning process. For more information on creating provisioning packages with Windows Configuration Designer, see [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package).
### Teacher-Driven
-If you're an IT Pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
+If you're an IT pro or a technical staff member at a school, your scenario might be simpler. The [Set Up School PCs](http://www.microsoft.com/store/p/set-up-school-pcs/9nblggh4ls40) app can be used to quickly set up PCs for students and will get you to a productive state faster and simpler. Please see [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app) for all the details.
## Ensuring your device can be auto-enrolled to MDM
-In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Intune, please follow [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
+In order for your devices to be auto-enrolled into MDM management, MDM auto-enrollment needs to be configured in Azure AD. To do that with Intune, please see [Enroll Windows devices for Microsoft Intune](https://docs.microsoft.com/intune/windows-enroll). For other MDM vendors, please consult your vendor for further details.
>[!NOTE]
->MDM Auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
\ No newline at end of file
+>MDM auto-enrollment requires an Azure AD Premium P1 or P2 subscription.
+ 
+ 
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++
+ ++