Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into educonvert

windows/deployment/deploy-whats-new.md

@@ -7,7 +7,6 @@ ms.localizationpriority: medium
 ms.prod: w10
 ms.sitesec: library
 ms.pagetype: deploy
-ms.date: 12/18/2018
 author: greg-lindsay
 ---
 
@@ -20,22 +19,28 @@ author: greg-lindsay
 
 This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization.
 
-- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index).
+- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://docs.microsoft.com/en-us/windows/whats-new/index).
 - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history).
 
 ## Recent additions to this page
 
-[SetupDiag](#setupdiag) 1.4 is released.
+[SetupDiag](#setupdiag) 1.4 is released.<br>
+[MDT](#microsoft-deployment-toolkit-mdt) 8456 is released.<br>
+New [Windows Autopilot](#windows-autopilot) content is available.<br>
+The [Microsoft 365](#microsoft-365) section was added.
 
 ## The Modern Desktop Deployment Center
 
 The [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
 
-## Windows 10 servicing and support
+## Microsoft 365
 
-Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions).  These support policies are summarized in the table below.
+Microsoft 365 is a new offering from Microsoft that combines 
+- Windows 10
+- Office 365
+- Enterprise Mobility and Security (EMS). 
 
-![Support lifecycle](images/support-cycle.png)
+See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [M365 Enterprise poster](deploy-m365.md#m365-enterprise-poster).
 
 ## Windows 10 servicing and support
 
@@ -60,6 +65,8 @@ Windows Autopilot streamlines and automates the process of setting up and config
 
 Windows Autopilot joins devices to Azure Active Directory (Azure AD), optionally enrolls into MDM services, configures security policies, and sets a custom out-of-box-experience (OOBE) for the end user. For more information, see [Overview of Windows Autopilot](windows-autopilot/windows-autopilot.md).
 
+Recent Autopilot content includes new instructions for CSPs and OEMs on how to [obtain and use customer authorization](windows-autopilot/registration-auth.md) to register Windows Autopilot devices on the customer’s behalf. 
+
 ### SetupDiag
 
 [SetupDiag](upgrade/setupdiag.md) is a standalone diagnostic tool that can be used to obtain details about why a Windows 10 upgrade was unsuccessful. 
@@ -76,7 +83,7 @@ The development of Upgrade Readiness has been heavily influenced by input from t
 
 For more information about Upgrade Readiness, see the following topics:
 
-- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/)
+- [Windows Analytics blog](https://aka.ms/blog/WindowsAnalytics/)
 - [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
 
 
@@ -103,19 +110,16 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
 
 ### Microsoft Deployment Toolkit (MDT)
 
-MDT build 8443 is available, including support for:
-- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016.
-- The Windows ADK for Windows 10, version 1607.
-- Integration with Configuration Manager version 1606.
+MDT build 8456 (12/19/2018) is available, including support for Windows 10, version 1809, and Windows Server 2019.
 
-For more information about MDT, see the [MDT resource page](https://technet.microsoft.com/windows/dn475741).
+For more information about MDT, see the [MDT resource page](https://docs.microsoft.com/en-us/sccm/mdt/).
 
 
 ### Windows Assessment and Deployment Kit (ADK)
 
 The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics:
 
-- [What's new in ADK kits and tools](https://msdn.microsoft.com/windows/hardware/commercialize/what-s-new-in-kits-and-tools)
+- [What's new in ADK kits and tools](https://docs.microsoft.com/en-us/windows-hardware/get-started/what-s-new-in-kits-and-tools)
 - [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
 
 
@@ -151,7 +155,7 @@ The following topics provide a change history for Windows 10 ITPro TechNet libra
 
 [Overview of Windows as a service](update/waas-overview.md)
 <BR>[Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
-<BR>[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)
+<BR>[Windows 10 release information](https://docs.microsoft.com/en-us/windows/windows-10/release-information)
 <BR>[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications)
 <BR>[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
 <BR>[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)

windows/deployment/update/fod-and-lang-packs.md

@@ -1,6 +1,6 @@
 ---
-title: Windows 10 - How to make FoDs and language packs available when you're using WSUS/SCCM
-description: Learn how to make FoDs and language packs available for updates when you're using WSUS/SCCM.
+title: Windows 10 - How to make FoD and language packs available when you're using WSUS/SCCM
+description: Learn how to make FoD and language packs available when you're using WSUS/SCCM
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -14,10 +14,10 @@ ms.date: 10/18/2018
 
 > Applies to: Windows 10
 
-As of Windows 10, version 1709, you can't use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) and language packs for Windows 10 clients. Instead, you can pull them directly from Windows Update - you just need to change a Group Policy setting that lets clients download these directly from Windows Update. You can also host Features on Demand and language packs on a network share, but starting with Windows 10, version 1809, language packs can only be installed from Windows Update.
+As of Windows 10 version 1709, you cannot use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) (FOD) and language packs for Windows 10 clients locally. Instead, you can enforce a Group Policy setting that tells the clients to pull them directly from Windows Update. You can also host FOD and language packs on a network share, but starting with Windows 10 version 1809, language packs can only be installed from Windows Update.
  
-For Active Directory and Group Policy environments running in a WSUS\SCCM environment change the **Specify settings for optional component installation and component repair** policy to enable downloading Features on Demand directly from Windows Update or a local share. This setting is located in Computer Configuration\Administrative Templates\System in the Group Policy Editor.
- 
-Changing this policy only enables Features on Demand and language pack downloads from Windows Update - it doesn't affect how clients get feature and quality updates. Feature and quality updates will continue to come directly from WSUS\SCCM. It also doesn't affect the schedule for your clients to receive updates.
+For Windows domain environments running WSUS or SCCM, change the **Specify settings for optional component installation and component repair** policy to enable downloading language and FOD packs from Windows Update. This setting is located in `Computer Configuration\Administrative Templates\System` in the Group Policy Editor.
 
-Learn about other client management options, including using Group Policy and ADMX, in [Manage clients in Windows 10](https://docs.microsoft.com/windows/client-management/).
+Changing this policy does not affect how other updates are distributed. They continue to come from WSUS or SCCM as you have scheduled them.
+
+Learn about other client management options, including using Group Policy and administrative templates, in [Manage clients in Windows 10](https://docs.microsoft.com/windows/client-management/).

windows/deployment/update/waas-configure-wufb.md

@@ -63,10 +63,6 @@ Starting with Windows 10, version 1703, users can configure the branch readiness
 
 After you configure the servicing branch (Windows Insider Preview or Semi-Annual Channel), you can then define if, and for how long, you would like to defer receiving Feature Updates following their availability from Microsoft on Windows Update. You can defer receiving these Feature Updates for a period of up to 365 days from their release by setting the `DeferFeatureUpdatesPeriodinDays` value.  
 
->[!IMPORTANT]
->
->You can only defer up to 180 days on devices running Windows 10, version 1703.
-
 For example, a device on the Semi-Annual Channel with `DeferFeatureUpdatesPeriodinDays=30` will not install a feature update that is first publicly available on Windows Update in September until 30 days later, in October.
 
 
@@ -274,4 +270,4 @@ When a device running a newer version sees an update available on Windows Update
 - [Walkthrough: use Intune to configure Windows Update for Business](waas-wufb-intune.md)
 - [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
 - [Deploy Windows 10 updates using System Center Configuration Manager](waas-manage-updates-configuration-manager.md)
-- [Manage device restarts after updates](waas-restart.md)
+- [Manage device restarts after updates](waas-restart.md)

windows/deployment/update/waas-manage-updates-wufb.md

@@ -7,7 +7,6 @@ ms.sitesec: library
 author: jaimeo
 ms.localizationpriority: medium
 ms.author: jaimeo
-ms.date: 11/16/2018
 ---
 
 # Deploy updates using Windows Update for Business
@@ -76,7 +75,7 @@ The group policy path for Windows Update for Business has changed to correctly r
 
 ## Managing Windows Update for Business with MDM
 
-Starting with Windows 10, version 1709, Windows Update for Business was changed to correctly reflect its association to Windows Update for Business and provide the ability to easily manage Windows Insider Preview builds in 1709.
+Starting with Windows 10, version 1709, the Windows Update for Business settings in MDM were changed to correctly reflect the associations with Windows Update for Business and provide the ability to easily manage Windows Insider Preview builds in 1709.
 
 | Action | Windows 10 versions prior to 1709 | Windows 10 versions after 1709 |
 | --- | --- | --- |

windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

@@ -8,7 +8,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 10/29/2018
 ms.localizationpriority: medium
 ---
 
@@ -209,7 +208,8 @@ If you want to stop using Upgrade Readiness and stop sending diagnostic data to
 2.  Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**:
 
   **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
-  **Windows 10**: Follow the instructions in the [Configure Windows diagnostic data in your organization](/configuration/configure-windows-diagnostic-data-in-your-organization.md) topic.
+
+  **Windows 10**: Follow the instructions in [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization).
 
 3.	If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0".  The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
 4.	**Optional step:** You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". 

windows/deployment/update/windows-update-troubleshooting.md

@@ -49,7 +49,44 @@ The Settings UI is talking to the Update Orchestrator service which in turn is t
 2. Launch Services.msc and check if the following services are running:  
    - Update State Orchestrator 
    - Windows Update 
- 
+
+## Feature updates are not being offered while other updates are
+On computers running [Windows 10 1709 or higher](#BKMK_DCAT) configured to update from Windows Update (usually WUfB scenario) servicing and definition updates are being installed successfully, but feature updates are never offered.
+
+Checking the WindowsUpdate.log reveals the following error:
+```
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           * START * Finding updates CallerId = Update;taskhostw  Id = 25
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           Online = Yes; Interactive = No; AllowCachedResults = No; Ignore download priority = No
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           ServiceID = {855E8A7C-ECB4-4CA3-B045-1DFA50104289} Third party service
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           Search Scope = {Current User}
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           Caller SID for Applicability: S-1-12-1-2933642503-1247987907-1399130510-4207851353
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            Got 855E8A7C-ECB4-4CA3-B045-1DFA50104289 redir Client/Server URL: https://fe3.delivery.mp.microsoft.com/ClientWebService/client.asmx""
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            Token Requested with 0 category IDs.
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            GetUserTickets: No user tickets found. Returning WU_E_NO_USERTOKEN.
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] Method failed [AuthTicketHelper::GetDeviceTickets:570]
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] Method failed [AuthTicketHelper::GetDeviceTickets:570]
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] GetDeviceTickets
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] Method failed [AuthTicketHelper::AddTickets:1092]
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] Method failed [CUpdateEndpointProvider::GenerateSecurityTokenWithAuthTickets:1587]
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] GetAgentTokenFromServer
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] GetAgentToken
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] EP:Call to GetEndpointToken
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Misc            *FAILED* [80070426] Failed to obtain service 855E8A7C-ECB4-4CA3-B045-1DFA50104289 plugin Client/Server auth token of type 0x00000001
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  ProtocolTalker  *FAILED* [80070426] Method failed [CAgentProtocolTalkerContext::DetermineServiceEndpoint:377]
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  ProtocolTalker  *FAILED* [80070426] Initialization failed for Protocol Talker Context
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           Exit code = 0x80070426
+YYYY/MM/DD HH:mm:ss:SSS PID  TID  Agent           * END * Finding updates CallerId = Update;taskhostw  Id = 25
+``` 
+
+The 0x80070426 error code translates to:
+```
+ERROR_SERVICE_NOT_ACTIVE - # The service has not been started.
+```
+
+Microsoft Account Sign In Assistant (MSA or wlidsvc) is the service in question. The DCAT Flighting service (ServiceId: 855E8A7C-ECB4-4CA3-B045-1DFA50104289) relies on the Microsoft Account Sign In Assistant (MSA) to get the Global Device ID for the device. Without the MSA service running, the global device ID will not be generated and sent by the client and the search for feature updates never completes successfully.
+
+In order to solve this issue, we need to reset the MSA service to the default StartType of manual.
+
 ## Issues related to HTTP/Proxy 
 Windows Update uses WinHttp with Partial Range requests (RFC 7233) to download updates and applications from Windows Update servers or on-premises WSUS servers. Because of this proxy servers configured on the network must support HTTP RANGE requests. If a proxy was configured in Internet Explorer (User level) but not in WinHTTP (System level), connections to Windows Update will fail. 
  
@@ -115,7 +152,7 @@ Check the output for the Name and OffersWindowsUPdates parameters, which you can
 |Output|Interpretation| 
 |-|-|
 |- Name: Microsoft Update <br>-OffersWindowsUpdates: True| - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.<br>- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) |
-|- Name: DCat Flighting Prod <br>- OffersWindowsUpdates: False|- The update source is the Windows Insider Program.<br>- Indicates that the client will not receive or is not configured to receive these updates. |
+|- <a name="BKMK_DCAT"></a>Name: DCat Flighting Prod <br>- OffersWindowsUpdates: True |- Starting with Windows 10 1709, feature updates are always delivered through the DCAT service.<br>- Indicates that the client is configured to receive feature updates from Windows Update. |
 |- Name: Windows Store (DCat Prod) <br>- OffersWindowsUpdates: False |-The update source is Insider Updates for Store Apps.<br>- Indicates that the client will not receive or is not configured to receive these updates.| 
 |- Name: Windows Server Update Service <br>- OffersWindowsUpdates: True |- The source is a Windows Server Updates Services server. <br>- The client is configured to receive updates from WSUS. |
 |- Name: Windows Update<br>- OffersWindowsUpdates: True|- The source is Windows Update. <br>- The client is configured to receive updates from Windows Update Online.| 

windows/deployment/upgrade/setupdiag.md

@@ -42,7 +42,7 @@ To quickly use SetupDiag on your current computer:
 8. Use Notepad to open the log file: **SetupDiagResults.log**.
 9. Review the information that is displayed. If a rule was matched this can tell you why the computer failed to upgrade, and potentially how to fix the problem. See the [Text log sample](#text-log-sample) below.
 
-For instructions on how to run the tool in offline more and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below.
+For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below.
 
 The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. 
 
@@ -509,4 +509,4 @@ Refer to https://docs.microsoft.com/windows/deployment/upgrade/upgrade-error-cod
 
 ## Related topics
 
-[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)
+[Resolve Windows 10 upgrade errors: Technical information for IT Pros](https://docs.microsoft.com/windows/deployment/upgrade/resolve-windows-10-upgrade-errors)

windows/deployment/upgrade/upgrade-readiness-deployment-script.md

@@ -135,7 +135,7 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi
 | 51 - RunCensus failed with an unexpected exception. | RunCensus explitly runs the process used to collect device information. The method failed with an unexpected exception. Check the ExceptionHResult and ExceptionMessage for more details. |
 | 52 - DeviceCensus.exe not found on a Windows 10 machine. | On computers running Windows 10, the process devicecensus.exe should be present in the \system32 directory. Error code 52 is returned if the process was not found. Ensure that it exists at the specified location. |
 | 53 - There is a different CommercialID present at the GPO path: **HKLM:\SOFTWARE\Policies\Microsoft \Windows\DataCollection**. This will take precedence over the CommercialID provided in the script. | Provide the correct CommercialID at the GPO location. |
-| 54 - Microsoft Account Sign In Assistant Service is Disabled. | This service is required for devices running Windows 10. The diagnostic data client relies on the Microsoft Account Sign In Assistant (MSA) to get the Global Device ID for the device. Without the MSA service running, the global device ID will not be generated and sent by the client. |
+| 54 - Microsoft Account Sign In Assistant Service is Disabled. | This service is required for devices running Windows 10. The diagnostic data client relies on the Microsoft Account Sign In Assistant (MSA) to get the Global Device ID for the device. Without the MSA service running, the global device ID will not be generated and sent by the client and Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](https://docs.microsoft.com/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are). |
 | 55 - SetDeviceNameOptIn function failed to create registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | The function SetDeviceNameOptIn sets the registry key value which determines whether to send the device name in diagnostic data. The function tries to create the registry key path if it does not already exist. Verify that the account has the correct permissions to change or add registry keys. |
 | 56 - SetDeviceNameOptIn function failed to create property AllowDeviceNameInTelemetry at registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | Verify that the account has the correct permissions to change or add registry keys.|
 | 57 - SetDeviceNameOptIn function failed to update AllowDeviceNameInTelemetry property to value 1 at registry key path: **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** | Verify that the account has the correct permissions to change or add registry keys. |

windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md

@@ -22,7 +22,7 @@ The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Wi
 ## Proof-of-concept environment
 
 
-For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a Windows Server 2012 R2 standard machine, fully patched with the latest security updates, and configured as a member server in the fictional contoso.com domain. PC0003 is a machine with Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+For the purposes of this topic, we will use three machines: DC01, CM01, and PC0001. DC01 is a domain controller and CM01 is a Windows Server 2012 R2 standard machine, fully patched with the latest security updates, and configured as a member server in the fictional contoso.com domain. PC0001 is a machine with Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 
 ![figure 1](../images/upgrademdt-fig1-machines.png)
 
@@ -48,7 +48,7 @@ For full details and an explanation of the task sequence steps, review the full
 ## Create a device collection
 
 
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0003 machine running Windows 7 SP1, with the Configuration Manager client installed.
+After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the Configuration Manager client installed.
 
 1.  On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
     -   General
@@ -65,13 +65,13 @@ After you create the upgrade task sequence, you can create a collection to test
 
             -   Attribute Name: Name
 
-            -   Value: PC0003
+            -   Value: PC0001
 
         -   Select Resources
 
-        -   Select PC0003
+        -   Select PC0001
 
-2.  Review the Windows 10 Enterprise x64 Upgrade collection. Do not continue until you see the PC0003 machine in the collection.
+2.  Review the Windows 10 Enterprise x64 Upgrade collection. Do not continue until you see the PC0001 machine in the collection.
 
 ## Deploy the Windows 10 upgrade
 
@@ -94,9 +94,9 @@ In this section, you create a deployment for the Windows 10 Enterprise x64 Upda
 ## Start the Windows 10 upgrade
 
 
-In this section, you start the Windows 10 Upgrade task sequence on PC0003 (currently running Windows 7 SP1).
+In this section, you start the Windows 10 Upgrade task sequence on PC0001 (currently running Windows 7 SP1).
 
-1.  On PC0003, start the **Software Center**.
+1.  On PC0001, start the **Software Center**.
 2.  Select the **Windows vNext Upgrade** task sequence, and then click **Install**.
 
 When the task sequence begins, it will automatically initiate the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
@@ -143,7 +143,7 @@ Figure 3. The Configuration Manager upgrade task sequence.
 
 ### Create a device collection
 
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0003 machine running Windows 7 SP1, with the next version of System Center Configuration Manager client installed.
+After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of System Center Configuration Manager client installed.
 
 1.  On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
     -   General
@@ -160,13 +160,13 @@ After you create the upgrade task sequence, you can create a collection to test
 
             -   Attribute Name: Name
 
-            -   Value: PC0003
+            -   Value: PC0001
 
         -   Select Resources
 
-        -   Select PC0003
+        -   Select PC0001
 
-2.  Review the Windows 10 Enterprise x64 Upgrade collection. Do not continue until you see the PC0003 machine in the collection.
+2.  Review the Windows 10 Enterprise x64 Upgrade collection. Do not continue until you see the PC0001 machine in the collection.
 
 ### Deploy the Windows 10 upgrade
 
@@ -187,9 +187,9 @@ In this section, you create a deployment for the Windows 10 Enterprise x64 Upda
 
 ### Start the Windows 10 upgrade
 
-In this section, you start the Windows 10 Upgrade task sequence on PC0003 (currently running Windows 7 SP1).
+In this section, you start the Windows 10 Upgrade task sequence on PC0001 (currently running Windows 7 SP1).
 
-1.  On PC0003, start the **Software Center**.
+1.  On PC0001, start the **Software Center**.
 2.  Select the **Windows 10 Enterprise x64 Upgrade** task sequence, and then click **Install.**
 
 When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.

windows/deployment/windows-10-enterprise-subscription-activation.md

@@ -64,7 +64,7 @@ For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products &
 - Devices must be Azure AD-joined or Active Directory joined with Azure AD Connect. Workgroup-joined devices are not supported.
 
     >[!NOTE]
-    >In issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.  To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.
+    >An issue has been identified with Hybrid Azure AD joined devices that have enabled [multi-factor authentication](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-getstarted) (MFA). If a user signs into a device using their Active Directory account and MFA is enabled, the device will not successfully upgrade to their Windows Enterprise subscription.  To resolve this issue, the user must either sign in with an Azure Active Directory account, or you must disable MFA for this user during the 30-day polling period and renewal.
 
 For Microsoft customers that do not have EA or MPSA, you can obtain Windows 10 Enterprise E3 or E5 through a cloud solution provider (CSP). Identity management and device requirements are the same when you use CSP to manage licenses, with the exception that Windows 10 Enterprise E3 is also available through CSP to devices running Windows 10, version 1607. For more information about obtaining Windows 10 Enterprise E3 through your CSP, see [Windows 10 Enterprise E3 in CSP](windows-10-enterprise-e3-overview.md).
 

windows/deployment/windows-autopilot/TOC.md

@@ -24,6 +24,7 @@
 ### [Administering Autopilot via Microsoft 365 Business & Office 365 Admin portal](https://support.office.com/article/Create-and-edit-Autopilot-profiles-5cf7139e-cfa1-4765-8aad-001af1c74faa)
 ## Getting started
 ### [Demonstrate Autopilot deployment on a VM](demonstrate-deployment-on-vm.md)
+## [Customer consent](registration-auth.md)
 ## [Troubleshooting](troubleshooting.md)
 ## [FAQ](autopilot-faq.md)
-## [Support](autopilot-support.md)
+## [Support](autopilot-support.md)

windows/deployment/windows-autopilot/add-devices.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 12/12/2018
 ---
 
 # Adding devices to Windows Autopilot

windows/deployment/windows-autopilot/autopilot-faq.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 11/05/2018
 ---
 
 # Windows Autopilot FAQ
@@ -25,8 +24,9 @@ A [glossary](#glossary) of abbreviations used in this topic is provided at the e
 
 | Question | Answer |
 | --- | --- |
-| In the Partner Center, does the Tenant ID need to be provided with every device file upload (to then allow the business customer to access their devices in MSfB)?     | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be re-used with future device uploads. |
+| In the Partner Center, does the Tenant ID need to be provided with every device file upload? Is this needed to allow the business customer to access their devices in MSfB?     | No. Providing the Tenant ID is a one-time entry in the Partner Center that can be re-used with future device uploads. |
 | How does the customer or tenant know that their devices are ready to be claimed in MSfB?    |  After the device file upload is completed in the Partner Center, the tenant can see the devices available for Windows Autopilot setup in MSfB. The OEM would need to advise the tenant to access MSfB. Auto-notification from MSfB to the tenant is being developed.  |
+| How does a customer authorize an OEM or Channel Partner to register Autopilot devices on the customer’s behalf?   |  Before an OEM or Channel Partner can register a device for Autopilot on behalf of a customer, the customer must first give them consent.  The consent process begins with the OEM or Channel Partner sending a link to the customer, which directs the customer to a consent page in Microsoft Store for Business.  The steps explaining this process are [here](registration-auth.md).  |
 |  Are there any restrictions if a business customer has registered devices in MSfB and later wants those devices to be managed by a CSP via the Partner Center? | The devices will need to be deleted in MSfB by the business customer before the CSP can upload and manage them in the Partner Center. | 
 | Does Windows Autopilot support removing the option to enable a local administrator account?    |  Windows Autopilot doesn’t support removing the local admin account. However, it does support restricting the user performing AAD domain join in OOBE to a standard account (versus admin account by default).|
 | How can I test the Windows Autopilot CSV file in the Partner Center?    |  Only CSP Partners have access to the Partner Center portal. If you are a CSP, you can create a Sales agent user account which has access to “Devices” for testing the file. This can be done today in the Partner Center. <br><br>Go [here](https://msdn.microsoft.com/partner-center/createuseraccounts-and-set-permissions) for more information. |

windows/deployment/windows-autopilot/configure-autopilot.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Configure Autopilot deployment
@@ -32,4 +31,4 @@ When deploying new devices using Windows Autopilot, a common set of steps are re
 
 ## Related topics
 
-[Windows Autopilot scenarios](windows-autopilot-scenarios.md)
+[Windows Autopilot scenarios](windows-autopilot-scenarios.md)

windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Demonstrate Autopilot deployment on a VM

windows/deployment/windows-autopilot/enrollment-status.md

@@ -10,7 +10,6 @@ ms.pagetype: deploy
 ms.localizationpriority: medium
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 12/13/2018
 ---
 
 # Windows Autopilot Enrollment Status page
@@ -63,6 +62,4 @@ For more information on configuring the Enrollment Status page, see the [Microso
 For details about the underlying implementation, see the [FirstSyncStatus details in the DMClient CSP docuementation](https://docs.microsoft.com/windows/client-management/mdm/dmclient-csp).<br>
 For more information about blocking for app installation:
 - [Blocking for app installation using Enrollment Status Page](https://blogs.technet.microsoft.com/mniehaus/2018/12/06/blocking-for-app-installation-using-enrollment-status-page/).
-- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).
-
-
+- [Support Tip: Office C2R installation is now tracked during ESP](https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Office-C2R-installation-is-now-tracked-during-ESP/ba-p/295514).

windows/deployment/windows-autopilot/profiles.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 12/13/2018
 ---
 
 # Configure Autopilot profiles
@@ -58,4 +57,4 @@ The following profile settings are available:
 
 ## Related topics
 
-[Configure Autopilot deployment](configure-autopilot.md)
+[Configure Autopilot deployment](configure-autopilot.md)

windows/deployment/windows-autopilot/registration-auth.md

@@ -0,0 +1,76 @@
+---
+title: Windows Autopilot customer consent
+description: Support information for Windows Autopilot
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune, csp, OEM
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: low
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.author: greg-lindsay
+---
+
+# Windows Autopilot customer consent
+
+**Applies to: Windows 10**
+
+This article describes how a cloud service provider (CSP) partner (direct bill, indirect provider, or indirect reseller) or an OEM can get customer authorization to register Windows Autopilot devices on the customer’s behalf.
+
+## CSP authorization
+
+CSP partners can get customer authorization to register Windows Autopilot devices on the customer’s behalf per the following restrictions:
+
+<table>
+<tr><td>Direct CSP<td>Gets direct authorization from the customer to register devices.
+<tr><td>Indirect CSP Provider<td>Gets implicit permission to register devices through the relationship their CSP Reseller partner has with the customer.  Indirect CSP Providers register devices through Microsoft Partner Center.
+<tr><td>Indirect CSP Reseller<td>Gets direct authorization from the customer to register devices.  At the same time, their indirect CSP Provider partner also gets authorization, which mean that either the Indirect Provider or the Indirect Reseller can register devices for the customer.  However, the Indirect CSP Reseller must register devices through the MPC UI (manually uploading CSV file), whereas the Indirect CSP Provider has the option to register devices using the MPC APIs.
+</table>
+
+### Steps
+
+For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process:
+
+1.	CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf.  To do so:
+    - CSP logs into Microsoft Partner Center
+    - Click **Dashboard** on the top menu
+    - Click **Customer** on the side menu
+    - Click the **Request a reseller relationship** link:
+    ![Request a reseller relationship](images/csp1.png)
+    - Select the checkbox indicating whether or not you want delegated admin rights:
+    ![Delegated rights](images/csp2.png)
+    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in tihs document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal:  https://docs.microsoft.com/en-us/partner-center/customers_revoke_admin_privileges
+    - Send the template above to the customer via email.
+2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
+
+    ![Global admin](images/csp3.png)
+
+    NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
+
+    ![Not global admin](images/csp4.png)
+
+3.	Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously.
+4.	The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSP’s MPC account under their **customers** list, for example:
+
+![Customers](images/csp5.png)
+
+## OEM authorization
+
+Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com.
+
+1.	OEM emails link to their customer.
+2.	Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page:
+
+    ![Global admin](images/csp6.png)
+
+    NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
+
+    ![Not global admin](images/csp7.png)
+3.	Customer selects the **Yes** checkbox, followed by the **Accept** button, and they’re done.  Authorization happens instantaneously.
+
+4.	The OEM can use the Validate Device Submission Data API to verify the consent has completed.  This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, it’s a best practice recommendation for OEM partners to run the API check to confirm they’ve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
+
+## Summary
+
+At this stage of the process, Microsoft is no longer involved; the consent exchange happens directly between the OEM and the customer.  And, it all happens instantaneously - as quickly as buttons are clicked.
+

windows/deployment/windows-autopilot/rip-and-replace.md

@@ -0,0 +1,19 @@
+---
+title: Rip and Replace
+description: Listing of Autopilot scenarios
+keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: high
+ms.sitesec: library
+ms.pagetype: deploy
+author: coreyp-at-msft
+ms.author: coreyp
+ms.date: 06/01/2018
+---
+
+# Rip and replace
+
+**Applies to: Windows 10**
+
+DO NOT PUBLISH.  Just a placeholder for now, coming with 1809.

windows/deployment/windows-autopilot/self-deploying.md

@@ -10,7 +10,6 @@ ms.pagetype:
 ms.localizationpriority: medium
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Windows Autopilot Self-Deploying mode (Preview)

windows/deployment/windows-autopilot/troubleshooting.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Troubleshooting Windows Autopilot

windows/deployment/windows-autopilot/user-driven-aad.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 11/07/2018
 ---
 
 # Windows Autopilot user-driven mode for Azure Active Directory join
@@ -32,4 +31,4 @@ For each device that will be deployed using user-driven deployment, these additi
     -   If using Intune and Azure Active Directory static device groups, manually add the device to the device group.
     -   If using other methods (e.g. Microsoft Store for Business or Partner Center), manually assign an Autopilot profile to the device.
 
-Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic.

windows/deployment/windows-autopilot/user-driven-hybrid.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 11/12/2018
 ---
 
 
@@ -37,4 +36,4 @@ To perform a user-driven hybrid AAD joined deployment using Windows Autopilot:
 
 See [Deploy hybrid Azure AD joined devices using Intune and Windows Autopilot](https://docs.microsoft.com/intune/windows-autopilot-hybrid).
 
-Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 
+Also see the **Validation** section in the [Windows Autopilot user-driven mode](user-driven.md) topic. 

windows/deployment/windows-autopilot/user-driven.md

@@ -10,7 +10,6 @@ ms.pagetype: deploy
 author: greg-lindsay
 ms.date: 11/07/2018
 ms.author: greg-lindsay
-ms.date: 11/07/2018
 ---
 
 # Windows Autopilot user-driven mode

windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Windows Autopilot configuration requirements

windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md

@@ -9,10 +9,8 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
-ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
+
 # Windows Autopilot licensing requirements
 
 **Applies to: Windows 10**

windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Windows Autopilot networking requirements

windows/deployment/windows-autopilot/windows-autopilot-requirements.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 12/13/2018
 ---
 
 # Windows Autopilot requirements
@@ -28,4 +27,4 @@ There are no additional hardware requirements to use Windows 10 Autopilot, beyon
 
 ## Related topics
 
-[Configure Autopilot deployment](configure-autopilot.md)
+[Configure Autopilot deployment](configure-autopilot.md)

windows/deployment/windows-autopilot/windows-autopilot-reset-local.md

@@ -10,7 +10,6 @@ ms.pagetype:
 ms.localizationpriority: medium
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Reset devices with local Windows Autopilot Reset 

windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md

@@ -10,7 +10,6 @@ ms.pagetype:
 ms.localizationpriority: medium
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Reset devices with remote Windows Autopilot Reset (Preview)

windows/deployment/windows-autopilot/windows-autopilot-reset.md

@@ -10,7 +10,6 @@ ms.pagetype:
 ms.localizationpriority: medium
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 10/02/2018
 ---
 
 # Windows Autopilot Reset

windows/deployment/windows-autopilot/windows-autopilot-scenarios.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 12/13/2018
 ---
 
 # Windows Autopilot scenarios

windows/deployment/windows-autopilot/windows-autopilot.md

@@ -9,7 +9,6 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
 ms.author: greg-lindsay
-ms.date: 01/03/2018
 ---
 
 # Overview of Windows Autopilot
@@ -71,4 +70,4 @@ See [Windows Autopilot scenarios](https://docs.microsoft.com/en-us/windows/deplo
 
 ## Related topics
 
-[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)
+[Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/en-us/intune/enrollment-autopilot)