Merge remote-tracking branch 'origin/master' into atp-reorg2

2025-05-13 22:07:22 +00:00 · 2018-06-13 15:26:39 -07:00 · 2018-06-13 15:26:39 -07:00 · cd7d69155a
commit cd7d69155a
parent 4b11595d06 e211857d1d
42 changed files with 992 additions and 1199 deletions
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@ -43,14 +43,14 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip
 ### Set up Microsoft Edge to use the Enterprise Mode site list
-You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).
+You must turn on the **Configure the Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).
 > **Note**<br>
 > If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.<p>If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
 **To turn on Enterprise Mode using Group Policy**
-1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Allows you to configure the Enterprise Mode Site list** setting.<p>Turning this setting on also requires you to create and store a site list.<p>![Local Group Policy Editor for using a site list](images/edge-emie-grouppolicysitelist.png)
+1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Enterprise Mode Site List** policy.<p>Turning this setting on also requires you to create and store a site list.<p>![Local Group Policy Editor for using a site list](images/edge-emie-grouppolicysitelist.png)
 2.  Click **Enabled**, and then in the **Options** area, type the location to your site list.
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration
 **To set the default browser as Internet Explorer 11**
-1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
+1.  Open your Group Policy editor and go to the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
 Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
    ![set default associations group policy setting](images/setdefaultbrowsergp.png)
--- a/devices/hololens/hololens-microsoft-layout-app.md
+++ b/devices/hololens/hololens-microsoft-layout-app.md
@ -25,7 +25,7 @@ Microsoft Layout works with a HoloLens, or with a Windows Mixed Reality headset
 | OS requirements                   | Details                                                    |
 |:----------------------------------|:-----------------------------------------------------------|
-| Build 10.0.17134.77 or above | See [Manage updates to HoloLens](hololens-updates.md) for instructions on upgrading to this build. |
+| Build 10.0.17134.77 or above | See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens) for instructions on upgrading to this build. |
 #### Windows Mixed Reality headset requirements
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@ -22,7 +22,7 @@ Some of the HoloLens configurations that you can apply in a provisioning package
 - Set up a Wi-Fi connection
 - Apply certificates to the device
-To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store]((https://www.microsoft.com/store/apps/9nblggh4tx22)) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
+To create provisioning packages, you must install Windows Configuration Designer [from Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) or [from the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). If you install Windows Configurations Designer from the Windows ADK, select **Configuration Designer** from the **Select the features you want to install** dialog box.
--- a/devices/hololens/hololens-setup.md
+++ b/devices/hololens/hololens-setup.md
@ -19,7 +19,6 @@ Before you get started setting up your HoloLens, make sure you have a Wi-Fi netw
 The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. You need to connect HoloLens to a Wi-Fi network with Internet connectivity so that the user account can be authenticated.
 - It can be an open Wi-Fi or password-protected Wi-Fi network.
 - The Wi-Fi network cannot require you to navigate to a webpage to connect.
 - The Wi-Fi network cannot require certificates to connect.
 - The Wi-Fi network does not need to provide access to enterprise resources or intranet sites. 
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@ -12,7 +12,7 @@ ms.date: 04/30/2018
 # Manage updates to HoloLens
-
+>**Looking for how to get the latest update? See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens).**
 Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. As with desktop devices, administrators can manage updates to the HoloLens operating system using [Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@ -44,7 +44,7 @@ Microsoft publishes two types of Surface Hub releases broadly on an ongoing basi
 In order to improve release quality and simplify deployments, all new releases that Microsoft publishes for Windows 10, including Surface Hub, will be cumulative. This means new feature updates and quality updates will contain the payloads of all previous releases (in an optimized form to reduce storage and networking requirements), and installing the release on a device will bring it completely up to date. Also, unlike earlier versions of Windows, you cannot install a subset of the contents of a Windows 10 quality update. For example, if a quality update contains fixes for three security vulnerabilities and one reliability issue, deploying the update will result in the installation of all four fixes.
-The Surface Hub operating system receives updates on the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes). Like other editions of Windows 10, the servicing lifetime ois finite. You must install new feature updates on machines running these branches in order to continue receiving quality updates.
+The Surface Hub operating system receives updates on the [Semi-Annual Channel](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes). Like other editions of Windows 10, the servicing lifetime is finite. You must install new feature updates on machines running these branches in order to continue receiving quality updates.
 For more information on Windows as a Service, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview).
--- a/devices/surface-hub/surface-hub-downloads.md
+++ b/devices/surface-hub/surface-hub-downloads.md
@ -18,7 +18,7 @@ This topic provides links to useful Surface Hub documents, such as product datas
 | --- | --- |
 | [Surface Hub Site Readiness Guide (PDF)](http://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf)  | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)  |
 | [Surface Hub Setup Guide (English, French, Spanish) (PDF)](http://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. |
-| [Surface Hub Quick Reference Guide (PDF)](http://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface Hub Quick Reference Guide_en-us.pdf)  | Use this quick reference guide to get information about key features and functions of the Surface Hub. |
+| [Surface Hub Quick Reference Guide (PDF)](http://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface%20Hub%20Quick%20Reference%20Guide_en-us.pdf)  | Use this quick reference guide to get information about key features and functions of the Surface Hub. |
 | [Surface Hub User Guide (PDF)](http://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. |
 | [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hub’s internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC.  |
 | [Surface Hub SSD Replacement Guide (PDF)](http://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. |
--- a/education/index.md
+++ b/education/index.md
@ -6,6 +6,7 @@ description: Learn about product documentation and resources available for schoo
 author: CelesteDG
 ms.topic: hub-page
 ms.author: celested
 ms.collection: ITAdminEDU
 ms.date: 10/30/2017
 ---
 <div id="main" class="v2">
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@ -68,7 +68,7 @@ We’ve been working on bug fixes and performance improvements to provide you a
 - Bug fixes and performance improvements
 [October 2017](release-history-microsoft-store-business-education.md#october-2017)
- Bug fixes and permformance improvements 
+- Bug fixes and performance improvements 
 [September 2017](release-history-microsoft-store-business-education.md#september-2017)
 - Manage Windows device deployment with Windows Autopilot Deployment
--- a/windows/application-management/app-v/appv-about-appv.md
+++ b/windows/application-management/app-v/appv-about-appv.md
@ -6,7 +6,7 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/18/2018
+ms.date: 06/08/2018
 ---
 # What's new in App-V for Windows 10, version 1703 and earlier
--- a/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-remove-an-administrator-with-the-management-console.md
@ -1,40 +1,34 @@
 ---
 title: How to Add or Remove an Administrator by Using the Management Console (Windows 10)
-description: How to Add or Remove an Administrator by Using the Management Console
+description: How to add or remove an administrator by using the Management Console
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 06/08/2018
 ---
 # How to add or remove an administrator by using the Management Console
-
+>Applies to: Windows 10, version 1607
 # How to Add or Remove an Administrator by Using the Management Console
 **Applies to**
 -   Windows 10, version 1607
 Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) server.
-**To add an administrator using the Management Console**
+## Add an administrator using the Management Console
-1.  Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server.
+1. Open the Microsoft Application Virtualization (App-V) Management Console and select **Administrators** in the navigation pane. The navigation pane will display a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server.
 2. To add a new administrator, select **Add Administrator**. Enter the name of the administrator that you want to add in the **Active Directory Name** field. Make sure to also provide the associated user account domain name. For example, **Domain** \\ **UserName**.
 3. Select the account you want to add and select **Add**. The new account should now appear in the list of server administrators.
-2.  To add a new administrator, click **Add Administrator** Type the name of the administrator that you want to add in the **Active Directory Name** field. Ensure you provide the associated user account domain name. For example, **Domain** \\ **UserName**.
+## Remove an administrator using the Management Console
-3.  Select the account that you want to add and click **Add**. The new account is displayed in the list of server administrators.
+1. Open the Microsoft Application Virtualization (App-V) Management Console and select **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server.
-
+2. Right-click the account to be removed from the list of administrators and select **Remove**.
 **To remove an administrator using the Management Console**
 1.  Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server.
 2.  Right-click the account to be removed from the list of administrators and select **Remove**.
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 ## Related topics
-[Operations for App-V](appv-operations.md)
+* [Operations for App-V](appv-operations.md)
--- a/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-add-or-upgrade-packages-with-the-management-console.md
@ -1,49 +1,44 @@
 ---
 title: How to Add or Upgrade Packages by Using the Management Console (Windows 10)
-description: How to Add or Upgrade Packages by Using the Management Console
+description: How to add or upgrade packages by using the Management Console
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 06/08/2018
 ---
 # How to add or upgrade packages by using the Management Console
 >Applies to: Windows 10, version 1607
-# How to Add or Upgrade Packages by Using the Management Console
+You can use the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**.
-**Applies to**
+## Add a package to the Management Console
 -   Windows 10, version 1607
-You can the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**.
+1. Select the **Packages** tab in the navigation pane of the Management Console display.
 **To add a package to the Management Console**
 1.  Click the **Packages** tab in the navigation pane of the Management Console display.
    The console displays the list of packages that have been added to the server along with status information about each package. When a package is selected, detailed information about the package is displayed in the **PACKAGES** pane.
-    Click the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages.
+    Select the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages.
-2.  To specify the package you want to add, click **Add or Upgrade Packages**.
+2. Select **Add or Upgrade Packages** to specify which package you want to add.
-3.  Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **https://server.1234/file.appv**, and then click **Add**.
+3. Enter the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http<span></span>://server.1234/file.appv**, and then select **Add**.
-    **Important**  
+    >[!IMPORTANT]
-    You must select a package with the **.appv** file name extension.
+    >You must select a package with the **.appv** file name extension.
-     
+4. The page displays the status message **Adding &lt;Packagename&gt;**. Select **IMPORT STATUS** to check the status of a package that you have imported.
-4.  The page displays the status message **Adding &lt;Packagename&gt;**. Click **IMPORT STATUS** to check the status of a package that you have imported.
+    Select **OK** to add the package and close the **Add Package** page. If there was an error during the import, select **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane.
-    Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, click **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane.
+5. Select **Close** to close the **Add or Upgrade Packages** page.
 5.  Click **Close** to close the **Add or Upgrade Packages** page.
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 ## Related topics
-[Operations for App-V](appv-operations.md)
+* [Operations for App-V](appv-operations.md)
--- a/windows/application-management/app-v/appv-administering-appv-with-powershell.md
+++ b/windows/application-management/app-v/appv-administering-appv-with-powershell.md
@ -1,137 +1,53 @@
 ---
-title: Administering App-V by Using Windows PowerShell (Windows 10)
+title: Administering App-V by using Windows PowerShell (Windows 10)
 description: Administering App-V by Using Windows PowerShell
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 06/08/2018
 ---
 # Administering App-V by using Windows PowerShell
 >Applies to: Windows 10, version 1607
-# Administering App-V by Using Windows PowerShell
+Microsoft Application Virtualization (App-V) supports Windows PowerShell cmdlets that give administrators a quick and easy way to manage App-V. The following sections will tell you more about how to use Windows PowerShell with App-V.
-**Applies to**
+## How to administer App-V with Windows PowerShell
 -   Windows 10, version 1607
-Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using Windows PowerShell with App-V.
+The following table lists articles that will tell you more about how to use PowerShell for App-V.
-## How to administer App-V by using Windows PowerShell
+|Name|Description|
 |---|---|
 |[How to load the Windows PowerShell cmdlets for App-V and get cmdlet help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)|Describes how to install the Windows PowerShell cmdlets and find cmdlet help and examples.|
 |[How to manage App-V packages running on a stand-alone computer by using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)|Describes how to manage the client package lifecycle on a stand-alone computer with Windows PowerShell.|
 |[How to manage connection groups on a stand-alone computer by using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)|Describes how to manage connection groups with Windows PowerShell.|
 |[How to modify client configuration by using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)|Describes how to modify the client with Windows PowerShell.|
 |[How to apply the user configuration file by using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)|Describes how to apply a user configuration file with Windows PowerShell.|
 |[How to apply the deployment configuration file by using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)|Describes how to apply a deployment configuration file with Windows PowerShell.|
 |[How to sequence a package by using Windows PowerShell](appv-sequence-a-package-with-powershell.md)|Describes how to create a new package with Windows PowerShell.|
 |[How to create a package accelerator by using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)|Describes how to create a package accelerator with Windows PowerShell. You can use package accelerators to automatically sequence large, complex applications.|
 |[How to enable reporting on the App-V client by using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)|Describes how to enable the computer running the App-V Client to send reporting information.|
 |[How to install the App-V databases and convert the associated security identifiers by using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)|Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.|
 |[How to configure the client to receive package and connection groups updates from the publishing server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)|Describes how to use Windows PowerShell to configure a client after you have deployed the App-V management and publishing servers and added the required packages and connection groups.|
 >[!IMPORTANT]
 >Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell.
-Use the following Windows PowerShell procedures to perform various App-V tasks.
+## Windows PowerShell error handling
-<table>
+The following table describes Windows PowerShell error handling for App-V.
 <colgroup>
 <col width="50%" />
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Name</th>
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>[How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)</p></td>
 <td align="left"><p>Describes how to install the Windows PowerShell cmdlets and find cmdlet help and examples.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to manage the client package lifecycle on a stand-alone computer by using Windows PowerShell.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to manage connection groups by using Windows PowerShell.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to modify the client by using Windows PowerShell.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to apply a user configuration file by using Windows PowerShell.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to apply a deployment configuration file by using Windows PowerShell.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[How to Sequence a Package by Using Windows PowerShell](appv-sequence-a-package-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to create a new package by using Windows PowerShell.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to create a package accelerator by using Windows PowerShell. You can use package accelerators automatically sequence large, complex applications.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to enable the computer running the App-V to send reporting information.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)</p></td>
 <td align="left"><p>Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
 </p></td>
 <td align="left"><p>Describes how to use Windows PowerShell to configure a client after you deploy the App-V management and publishing servers, and add the required packages and connection groups.</p></td>
 </tr>
 </tbody>
 </table>
- 
+|Event|Action|
-
+|---|---|
-**Important**  
+|Using the **RollbackOnError** attribute with embedded scripts|When you use the **RollbackOnError** attribute with embedded scripts, the attribute is ignored for the following events:<br>- Removing a package<br>- Unpublishing a package<br>- Terminating a virtual environment<br>- Terminating a process|
-Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell.
+|Package name contains **$**|If a package name contains the character \$\, you must use a single-quote ( **'** ). <br>For example:<br>```Add-AppvClientPackage 'Contoso$App.appv'```|
 ## Windows PowerShell Error Handling
 Use the following table for information about Windows PowerShell error handling for App-V.
 <table>
 <colgroup>
 <col width="50%" />
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Event</th>
 <th align="left">Action</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Using the RollbackOnError attribute with embedded scripts</p></td>
 <td align="left"><p>When you use the <strong>RollbackOnError</strong> attribute with embedded scripts, the attribute is ignored for the following events:</p>
 <ul>
 <li><p>Removing a package</p></li>
 <li><p>Unpublishing a package</p></li>
 <li><p>Terminating a virtual environment</p></li>
 <li><p>Terminating a process</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Package name contains <strong>$</strong></p></td>
 <td align="left"><p>If a package name contains the character ( <strong>$</strong> ), you must use a single-quote ( <strong>'</strong> ), for example,</p>
 <p><strong>Add-AppvClientPackage 'Contoso$App.appv'</strong></p></td>
 </tr>
 </tbody>
 </table>
 ## Have a suggestion for App-V?
-
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 ## Related topics
-
+* [Operations for App-V](appv-operations.md)
 [Operations for App-V](appv-operations.md)
--- a/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-administering-virtual-applications-with-the-management-console.md
@ -1,116 +1,60 @@
 ---
-title: Administering App-V Virtual Applications by Using the Management Console (Windows 10)
+title: Administering App-V Virtual Applications by using the Management Console (Windows 10)
-description: Administering App-V Virtual Applications by Using the Management Console
+description: Administering App-V Virtual Applications by using the Management Console
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 06/08/2018
 ---
 # Administering App-V Virtual Applications by using the Management Console
 >Applies to: Windows 10, version 1607
-# Administering App-V Virtual Applications by Using the Management Console
+Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers running the App-V client. One or more management servers typically share a common data store for configuration and package information.
 **Applies to**
 -   Windows 10, version 1607
 Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V client. One or more management servers typically share a common data store for configuration and package information.
 The management server uses Active Directory Domain Services (AD DS) groups to manage user authorization and has SQL Server installed to manage the database and data store.
 Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components:
-   Management Server – Use the management server to manage packages and connection groups.
+- The **management server** manages packages and connection groups.
-
+- The **publishing server** deploys packages to computers running the App-V Client.
-   Publishing Server – Use the publishing server to deploy packages to computers that run the App-V client.
+- The **management database** manages the package access publishes the server’s synchronization with the management server.
 -   Management Database - Use the management database to manage the package access and to publish the server’s synchronization with the management server.
 ## Management Console tasks
 Here are some articles that can show you how to perform the most common tasks that the App-V Management Console is used for:
-The most common tasks that you can perform with the App-V Management console are:
+- [How to connect to the Management Console](appv-connect-to-the-management-console.md)
-
+- [How to add or upgrade packages by using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md)
-   [How to Connect to the Management Console](appv-connect-to-the-management-console.md)
+- [How to configure access to packages by using the Management Console](appv-configure-access-to-packages-with-the-management-console.md)
-
+- [How to publish a package by using the Management Console](appv-publish-a-packages-with-the-management-console.md)
-   [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md)
+- [How to delete a package in the Management Console](appv-delete-a-package-with-the-management-console.md)
-
+- [How to add or remove an administrator by using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md)
-   [How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md)
+- [How to register and unregister a publishing server by using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md)
-
+- [How to create a custom configuration file by using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md)
-   [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md)
+- [How to transfer access and configurations to another version of a package by using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md)
-
+- [How to customize virtual application extensions for a specific AD group by using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md)
-   [How to Delete a Package in the Management Console](appv-delete-a-package-with-the-management-console.md)
+- [How to view and configure applications and default virtual application extensions by using the Management Console](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md)
 -   [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md)
 -   [How to Register and Unregister a Publishing Server by Using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md)
 -   [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md)
 -   [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md)
 -   [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md)
 -   [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md)
 The main elements of the App-V Management Console are:
-<table>
+|Management Console tab|Description|
-<colgroup>
+|---|---|
-<col width="50%" />
+|Packages tab|Use the **Packages** tab to add or upgrade packages.|
-<col width="50%" />
+|Connection Groups tab|Use the **Connection Groups** tab to manage connection groups.|
-</colgroup>
+|Servers tab|Use the **Servers** tab to register a new server.|
-<thead>
+|Administrators tab|Use the **Administrators** tab to register, add, or remove administrators in your App-V environment.|
 <tr class="header">
 <th align="left">Management Console tab</th>
 <th align="left">Description</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Packages tab</p></td>
 <td align="left"><p>Use the <strong>PACKAGES</strong> tab to add or upgrade packages.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Connection Groups tab</p></td>
 <td align="left"><p>Use the <strong>CONNECTION GROUPS</strong> tab to manage connection groups.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Servers tab</p></td>
 <td align="left"><p>Use the <strong>SERVERS</strong> tab to register a new server.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Administrators tab</p></td>
 <td align="left"><p>Use the <strong>ADMINISTRATORS</strong> tab to register, add, or remove administrators in your App-V environment.</p></td>
 </tr>
 </tbody>
 </table>
- 
+>[!IMPORTANT]
-
+>The browser you're using to open the Web Management Console must have JavaScript enabled.
 **Important**  
 JavaScript must be enabled on the browser that opens the Web Management Console.
 ## Have a suggestion for App-V?
 Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+## Other resources for this App-V deployment
 ## <a href="" id="other-resources-for-this-app-v-5-1-deployment-"></a>Other resources for this App-V deployment
 -   [Application Virtualization (App-V) overview](appv-for-windows.md)
 -   [Operations for App-V](appv-operations.md)
 - [Application Virtualization (App-V) overview](appv-for-windows.md)
 - [Operations for App-V](appv-operations.md)
--- a/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
+++ b/windows/application-management/app-v/appv-allow-administrators-to-enable-connection-groups.md
@ -6,56 +6,28 @@ ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.prod: w10
-ms.date: 04/19/2017
+ms.date: 06/08/2018
 ---
 # How to allow only administrators to enable connection groups
 >Applies to: Windows 10, version 1607
-# How to Allow Only Administrators to Enable Connection Groups
+You can configure the App-V client so that only administrators, not users, can enable or disable connection groups. In earlier versions of App-V, there was no way to restrict access to disabling connection groups to users.
-**Applies to**
+>[!NOTE]
-   Windows 10, version 1607
+>This feature is supported starting in App-V 5.0 SP3.
 You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks.
 **Note**<br>
 This feature is supported starting in App-V 5.0 SP3.
 Use one of the following methods to allow only administrators to enable or disable connection groups.
-<table>
+|Method|Steps|
-<colgroup>
+|---|---|
-<col width="30%" />
+|Group Policy setting|Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:<br><br>**Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Publishing**|
-<col width="70%" />
+|Windows PowerShell cmdlet|Run the **Set-AppvClientConfiguration** cmdlet with the *-RequirePublishAsAdmin* parameter. <br><br>Parameter values:<br>- **0** – False<br>- **1** – True<br><br>Example: ```Set-AppvClientConfiguration -RequirePublishAsAdmin 1```|
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Method</th>
 <th align="left">Steps</th>
 </tr>
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Group Policy setting</p></td>
 <td align="left"><p>Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:</p>
 <p><strong>Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing</strong></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Windows PowerShell cmdlet</p></td>
 <td align="left"><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p>
 <p>Parameter values:</p>
 <ul>
 <li><p>0 - False</p></li>
 <li><p>1 - True</p></li>
 </ul>
 <p>Example: <strong>Set-AppvClientConfiguration -RequirePublishAsAdmin 1</strong></p></td>
 </tr>
 </tbody>
 </table>
 ## Have a suggestion for App-V?
-Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+Add or vote on suggestions on the [Application Virtualization feedback site](https://appv.uservoice.com/forums/280448-microsoft-application-virtualization).
 ## Related topics
-[Managing Connection Groups](appv-managing-connection-groups.md)
+- [Managing Connection Groups](appv-managing-connection-groups.md)
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
--- a/windows/application-management/app-v/appv-auto-batch-updating.md
+++ b/windows/application-management/app-v/appv-auto-batch-updating.md
@ -41,29 +41,28 @@ Updating multiple apps at the same time requires that you create a **ConfigFile*
        **Example:**
        ```XML
        <?xml version="1.0"?>
-            <Applications>
+        <Applications>
-                <Application>
+            <Application>
-                    <AppName>Skype for Windows Update</AppName>
+                <AppName>Skype for Windows Update</AppName>
-                    <InstallerFolder>D:\Install\Update\SkypeforWindows</InstallerFolder>
+                <InstallerFolder>D:\Install\Update\SkypeforWindows</InstallerFolder>
-                    <Installer>SkypeSetup.exe</Installer>
+                <Installer>SkypeSetup.exe</Installer>
-                    <InstallerOptions>/S</InstallerOptions>
+                <InstallerOptions>/S</InstallerOptions>
-                    <Package>C:\App-V_Package\Microsoft_Apps\skypeupdate.appv</Package>
+                <Package>C:\App-V_Package\Microsoft_Apps\skypeupdate.appv</Package>
-                    <TimeoutInMinutes>20</TimeoutInMinutes>
+                <TimeoutInMinutes>20</TimeoutInMinutes>
-                    <Cmdlet>True</Cmdlet>
+                <Cmdlet>true</Cmdlet>
-                    <Enabled>True</Enabled>
+                <Enabled>true</Enabled>
-                </Application>
+            </Application>
-                <Application>
+            <Application>
-                    <AppName>Microsoft Power BI Update</AppName>
+                <AppName>Microsoft Power BI Update</AppName>
-                    <InstallerFolder>D:\Install\Update\PowerBI</InstallerFolder>
+                <InstallerFolder>D:\Install\Update\PowerBI</InstallerFolder>
-                    <Installer>PBIDesktop.msi</Installer>
+                <Installer>PBIDesktop.msi</Installer>
-                    <InstallerOptions>/S</InstallerOptions>
+                <InstallerOptions>/S</InstallerOptions>
-                    <Package>C:\App-V_Package\MS_Apps\powerbiupdate.appv</Package>
+                <Package>C:\App-V_Package\MS_Apps\powerbiupdate.appv</Package>
-                    <TimeoutInMinutes>20</TimeoutInMinutes>
+                <TimeoutInMinutes>20</TimeoutInMinutes>
-                    <Cmdlet>True</Cmdlet>
+                <Cmdlet>true</Cmdlet>
-                    <Enabled>True</Enabled>
+                <Enabled>true</Enabled>
-                </Application>
+            </Application>
-            </Applications>
+        </Applications>
        </xml>
        ```
 3. Save your completed file under the name **ConfigFile**.
@ -101,29 +100,28 @@ Updating multipe apps at the same time requires that you create a **ConfigFile**
        ```XML
        <?xml version="1.0"?>
-            <Applications>
+        <Applications>
-                <Application>
+            <Application>
-                    <AppName>Skype for Windows Update</AppName>
+                <AppName>Skype for Windows Update</AppName>
-                    <InstallerFolder>D:\Install\Update\SkypeforWindows</InstallerFolder>
+                <InstallerFolder>D:\Install\Update\SkypeforWindows</InstallerFolder>
-                    <Installer>SkypeSetup.exe</Installer>
+                <Installer>SkypeSetup.exe</Installer>
-                    <InstallerOptions>/S</InstallerOptions>
+                <InstallerOptions>/S</InstallerOptions>
-                    <Package>C:\App-V_Package\Microsoft_Apps\skypeupdate.appv</Package>
+                <Package>C:\App-V_Package\Microsoft_Apps\skypeupdate.appv</Package>
-                    <TimeoutInMinutes>20</TimeoutInMinutes>
+                <TimeoutInMinutes>20</TimeoutInMinutes>
-                    <Cmdlet>False</Cmdlet>
+                <Cmdlet>false</Cmdlet>
-                    <Enabled>True</Enabled>
+                <Enabled>true</Enabled>
-                </Application>
+            </Application>
-                <Application>
+            <Application>
-                    <AppName>Microsoft Power BI Update</AppName>
+                <AppName>Microsoft Power BI Update</AppName>
-                    <InstallerFolder>D:\Install\Update\PowerBI</InstallerFolder>
+                <InstallerFolder>D:\Install\Update\PowerBI</InstallerFolder>
-                    <Installer>PBIDesktop.msi</Installer>
+                <Installer>PBIDesktop.msi</Installer>
-                    <InstallerOptions>/S</InstallerOptions>
+                <InstallerOptions>/S</InstallerOptions>
-                    <Package>C:\App-V_Package\MS_Apps\powerbiupdate.appv</Package>
+                <Package>C:\App-V_Package\MS_Apps\powerbiupdate.appv</Package>
-                    <TimeoutInMinutes>20</TimeoutInMinutes>
+                <TimeoutInMinutes>20</TimeoutInMinutes>
-                    <Cmdlet>False</Cmdlet>
+                <Cmdlet>false</Cmdlet>
-                    <Enabled>True</Enabled>
+                <Enabled>true</Enabled>
-                </Application>
+            </Application>
-            </Applications>
+        </Applications>
        </xml>
        ```   
 ### Start the App-V Sequencer interface and app installation process
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@ -33,7 +33,7 @@ To use %AppData% folder redirection, you must:
    * Files under %appdata%\Microsoft\AppV\Client\Catalog
    * Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages
-For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).
+For more information, see [Application publishing and client interaction](appv-application-publishing-and-client-interaction.md#roaming-requirements-and-user-catalog-data-storage).
 ## Unsupported scenarios for App-V folder redirection
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -2048,12 +2048,18 @@ The following diagram shows the Policy configuration service provider in tree fo
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior" id="localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior">LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers" id="localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession" id="localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</a>
  </dd>
@ -2075,6 +2081,9 @@ The following diagram shows the Policy configuration service provider in tree fo
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam" id="localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam">LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm" id="localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm">LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
  </dd>
@ -2084,6 +2093,9 @@ The following diagram shows the Policy configuration service provider in tree fo
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel" id="localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel">LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</a>
  </dd>
  <dd>
    <a href="./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</a>
  </dd>
@ -4407,17 +4419,21 @@ The following diagram shows the Policy configuration service provider in tree fo
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon)
 -   [LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways)
 -   [LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsifclientagrees)
 -   [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccounts)
 -   [LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-donotallowanonymousenumerationofsamaccountsandshares)
 -   [LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictanonymousaccesstonamedpipesandshares)
 -   [LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-donotstorelanmanagerhashvalueonnextpasswordchange)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-addremoteserverexceptionsforntlmauthentication)
 -   [LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic](./policy-csp-localpoliciessecurityoptions.md#localpoliciessecurityoptions-networksecurity-restrictntlm-auditincomingntlmtraffic)
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@ -236,14 +236,14 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Quick Pair and other proximity based scenarios.
+Added in Windows 10, version 1803. This policy allows the IT admin to block users on these managed devices from using Swift Pair and other proximity based scenarios.
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:  
-   0 - Disallow. Block users on these managed devices from using Quick Pair and other proximity based scenarios
+-   0 - Disallow. Block users on these managed devices from using Swift Pair and other proximity based scenarios
-   1 - Allow. Allow users on these managed devices to use Quick Pair and other proximity based scenarios
+-   1 - Allow. Allow users on these managed devices to use Swift Pair and other proximity based scenarios
 <!--/SupportedValues-->
 <!--/Policy-->
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -6,11 +6,14 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: MariciaAlforque
-ms.date: 04/06/2018
+ms.date: 06/05/2018
 ---
 # Policy CSP - LocalPoliciesSecurityOptions
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <hr/>
@ -81,12 +84,18 @@ ms.date: 04/06/2018
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-smartcardremovalbehavior">LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-microsoftnetworkclient-sendunencryptedpasswordtothirdpartysmbservers">LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways">LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways</a>
  </dd>
@ -108,6 +117,9 @@ ms.date: 04/06/2018
  <dd>
    <a href="#localpoliciessecurityoptions-networkaccess-restrictclientsallowedtomakeremotecallstosam">LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm">LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
  </dd>
@ -117,6 +129,9 @@ ms.date: 04/06/2018
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-lanmanagerauthenticationlevel">LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers">LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers</a>
  </dd>
@ -838,15 +853,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -914,15 +920,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -985,15 +982,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -1495,6 +1483,83 @@ GP Info:
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsAlways**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Microsoft network client: Digitally sign communications (always)
 This security setting determines whether packet signing is required by the SMB client component.
 The server message block (SMB) protocol provides the basis for Microsoft file and print sharing and many other networking operations, such as remote Windows administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. This policy setting determines whether SMB packet signing must be negotiated before further communication with an SMB server is permitted.
 If this setting is enabled, the Microsoft network client will not communicate with a Microsoft network server unless that server agrees to perform SMB packet signing. If this policy is disabled, SMB packet signing is negotiated between the client and server.
 Default: Disabled.
 Notes
 All Windows operating systems support both a client-side SMB component and a server-side SMB component. On Windows 2000 and later operating systems, enabling or requiring packet signing for client and server-side SMB components is controlled by the following four policy settings:
 Microsoft network client: Digitally sign communications (always) - Controls whether or not the client-side SMB component requires packet signing.
 Microsoft network client: Digitally sign communications (if server agrees) - Controls whether or not the client-side SMB component has packet signing enabled.
 Microsoft network server: Digitally sign communications (always) - Controls whether or not the server-side SMB component requires packet signing.
 Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
 SMB packet signing can significantly degrade SMB performance, depending on dialect version, OS version, file sizes, processor offloading capabilities, and application IO behaviors.
 For more information, reference: https://go.microsoft.com/fwlink/?LinkID=787136.
 <!--/Description-->
 <!--RegistryMapped-->
 GP Info:  
 -   GP English name: *Microsoft network client: Digitally sign communications (always)*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-microsoftnetworkclient-digitallysigncommunicationsifserveragrees"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees**  
@ -1618,6 +1683,72 @@ GP Info:
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-amountofidletimerequiredbeforesuspendingsession"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Microsoft network server: Amount of idle time required before suspending a session
 This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
 Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
 For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
 Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.
 <!--/Description-->
 <!--RegistryMapped-->
 GP Info:  
 -   GP English name: *Microsoft network server: Amount of idle time required before suspending session*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-microsoftnetworkserver-digitallysigncommunicationsalways"></a>**LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways**  
@ -2051,6 +2182,78 @@ GP Info:
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-allowlocalsystemtousecomputeridentityforntlm"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Network security: Allow Local System to use computer identity for NTLM
 This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.
 If you enable this policy setting, services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.
 If you disable this policy setting, services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.
 By default, this policy is enabled on Windows 7 and above.
 By default, this policy is disabled on Windows Vista.
 This policy is supported on at least Windows Vista or Windows Server 2008.
 Note: Windows Vista or Windows Server 2008 do not expose this setting in Group Policy.
 <!--/Description-->
 <!--RegistryMapped-->
 GP Info:  
 -   GP English name: *Network security: Allow Local System to use computer identity for NTLM*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**  
@ -2246,6 +2449,75 @@ GP Info:
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedclients"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients**  
 <!--SupportedSKUs-->
 <table>
 <tr>
 	<th>Home</th>
 	<th>Pro</th>
 	<th>Business</th>
 	<th>Enterprise</th>
 	<th>Education</th>
 	<th>Mobile</th>
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
 	<td><img src="images/crossmark.png" alt="cross mark" /></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td><img src="images/checkmark.png" alt="check mark" /><sup>5</sup></td>
 	<td></td>
 	<td></td>
 </tr>
 </table>
 <!--/SupportedSKUs-->
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
 This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
 Require NTLMv2 session security: The connection will fail if NTLMv2 protocol is not negotiated.
 Require 128-bit encryption: The connection will fail if strong encryption (128-bit) is not negotiated.
 Default:
 Windows XP, Windows Vista, Windows 2000 Server, Windows Server 2003, and Windows Server 2008: No requirements.
 Windows 7 and Windows Server 2008 R2: Require 128-bit encryption
 <!--/Description-->
 <!--RegistryMapped-->
 GP Info:  
 -   GP English name: *Network security: Minimum session security for NTLM SSP based (including secure RPC) clients*
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-minimumsessionsecurityforntlmsspbasedservers"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers**  
@ -2359,15 +2631,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -2429,15 +2692,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -2499,15 +2753,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -2569,15 +2814,6 @@ GP Info:
 -   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
 <!--/RegistryMapped-->
 <!--SupportedValues-->
 <!--/SupportedValues-->
 <!--Example-->
 <!--/Example-->
 <!--Validation-->
 <!--/Validation-->
 <!--/Policy-->
 <hr/>
@ -3406,6 +3642,7 @@ Footnote:
 -   2 - Added in Windows 10, version 1703.
 -   3 - Added in Windows 10, version 1709.
 -   4 - Added in Windows 10, version 1803.
 -   5 - Added in the next major release of Windows 10.
 <!--/Policies-->
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@ -52,7 +52,7 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi
 12. Enter a friendly name for the configuration.
 10. In **Kiosk Mode**, select **Multi app kiosk**.
 13. Select an app type.
-  - For **Add Win32 app**, enter the **App Name** and **Identifier**.
+  - For **Add Win32 app**, enter a friendly name for the app in **App Name**, and enter the path to the app executable in **Identifier**.
  - For **Add managed apps**, select an app that you manage through Intune.
  - For **Add app by AUMID**, enter the Application User Model ID (AUMID) for an installed UWP app.
 14. Select whether to enable the taskbar.
@ -61,7 +61,8 @@ You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provi
 17. Select **OK**. You can add additional configurations or finish.
 18. Assign the profile to a device group to configure the devices in that group as kiosks.
-
+>[!NOTE]
 >Managed apps are apps that are in the Microsoft Store for Business that is synced with your Intune subscription.
--- a/windows/configuration/setup-kiosk-digital-signage.md
+++ b/windows/configuration/setup-kiosk-digital-signage.md
@ -270,7 +270,9 @@ The following steps explain how to configure a kiosk in Microsoft Intune. For ot
 7. Select **Windows 10 and later** for the platform.
 8. Select **Kiosk (Preview)** for the profile type.
 9. Enter a friendly name for the kiosk configuration.
-10. In **Kiosk Mode**, select **Single full-screen app kiosk**.
+10. Select **Kiosk - 1 setting available**.
 10. Select **Add** to add a kiosk configuration.
 10. Enter a friendly name for the kiosk configuration, and then in **Kiosk Mode**, select **Single full-screen app kiosk**.
 10. Select either **Select a managed app** to choose a kiosk app that is managed by Intune, or **Enter UWP app AUMID** to specify the kiosk app by AUMID, and then select the app or enter the AUMID as appropriate.
 1. For the user account, select either **Autologon** to create a user account for the kiosk that will sign in automatically, or **Local user account** to configure an existing user account to run the kiosk. **Local user account** can be a local standard user account on the device or an Azure Active Directory account.
 14. Select **OK**, and then select **Create**.
--- a/windows/deployment/update/device-health-get-started.md
+++ b/windows/deployment/update/device-health-get-started.md
@ -5,7 +5,7 @@ keywords: Device Health, oms, operations management suite, prerequisites, requir
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.date: 03/20/2018
+ms.date: 06/12/2018
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
@ -24,13 +24,16 @@ Steps are provided in sections that follow the recommended setup process:
-## Add Device Health to Microsoft Operations Management Suite
+## Add Device Health to Microsoft Operations Management Suite or Azure Log Analytics
-Device Health is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). 
+Device Health is offered as a solution in the Microsoft Operations Management Suite (OMS) and Azure Log Analytics, a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/).
-**If you are already using Windows Analytics**, you should use the same Azure Log Analytics workspace you're already using. find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md)  and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already.
+**If you are already using Windows Analytics**, you should use the same Azure Log Analytics workspace you're already using. Find Device Health in the Solutions Gallery. Select the **Device Health** tile in the gallery and then click **Add** on the solution's details page. Device Health is now visible in your workspace. While you're in the Solutions Gallery, you should consider installing the [Upgrade Readiness](../upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md)  and [Update Compliance](update-compliance-monitor.md) solutions as well, if you haven't already.
-**If you are not yet using Windows Analytics or Azure Log Analytics**, use the following steps to subscribe:
+>[!NOTE]
 >If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=DeviceHealthProd) to go directly to the Device Health solution and add it to your workspace.
 **If you are not yet using Windows Analytics or Azure Log Analytics**, follow these steps to subscribe:
 1.	Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.
   [![Operations Management Suite bar with sign-in button](images/uc-02a.png)](images/uc-02.png)
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@ -23,12 +23,16 @@ Steps are provided in sections that follow the recommended setup process:
-## Add Update Compliance to Microsoft Operations Management Suite
+## Add Update Compliance to Microsoft Operations Management Suite or Azure Log Analytics
-Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/). 
+Update Compliance is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud-based servicing for monitoring and automating your on-premise and cloud environments. For more information about OMS, see [Operations Management Suite overview](https://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/).
 If you are already using OMS, skip to step **6** to add Update Compliance to your workspace.
 >[!NOTE]
 >If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=WaaSUpdateInsights) to go directly to the Update Compliance solution and add it to your workspace.
 If you are not yet using OMS, use the following steps to subscribe to OMS Update Compliance:
 1.	Go to [Operations Management Suite](https://www.microsoft.com/en-us/cloud-platform/operations-management-suite) on Microsoft.com and click **Sign in**.   
--- a/windows/deployment/upgrade/upgrade-readiness-get-started.md
+++ b/windows/deployment/upgrade/upgrade-readiness-get-started.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: deploy
 author: jaimeo
 ms.author: jaimeo
-ms.date: 03/20/2018
+ms.date: 06/12/2018
 ms.localizationpriority: high
 ---
@ -35,7 +35,7 @@ When you are ready to begin using Upgrade Readiness, perform the following steps
 To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what diagnostic data Microsoft collects and how that data is used and protected by Microsoft, see the following topics, refer to [Frequently asked questions and troubleshooting Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-FAQ-troubleshooting), which discusses the issues and provides links to still more detailed information.
-## Add Upgrade Readiness to Operations Management Suite
+## Add Upgrade Readiness to Operations Management Suite or Azure Log Analytics
 Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
@ -44,11 +44,14 @@ Upgrade Readiness is offered as a solution in the Microsoft Operations Managemen
 If you are already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Select the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution's details page. Upgrade Readiness is now visible in your workspace. While you have this dialog open, you should also consider adding the [Device Health](../update/device-health-monitor.md) and [Update Compliance](../update/update-compliance-monitor.md) solutions as well, if you haven't already. To do so, just select the check boxes for those solutions.
-If you are not using OMS:
+>[!NOTE]
 >If you are already using OMS, you can also follow [this link](https://portal.mms.microsoft.com/#Workspace/ipgallery/details/details/index?IPId=CompatibilityAssessment) to go directly to the Upgrade Readiness solution and add it to your workspace.
-1.  Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and select **New Customers >** to start the process.
+If you are not using OMS or Azure Log Analytics:
-2.  Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+
-3.  Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
+1.  Go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it.
 2.  Sign in to Operations Management Suite (OMS) or Azure Log Analytics. You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
 3.  Create a new workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
 4.  If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
    > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@ -5,7 +5,7 @@ keywords: windows analytics, oms, operations management suite, prerequisites, re
 ms.prod: w10
 author: jaimeo
 ms.author:
-ms.date: 03/15/2018
+ms.date: 06/12/2018
 ms.localizationpriority: high
 ---
@ -21,7 +21,7 @@ To perform an in-place upgrade, user computers must be running the latest versio
 The compatibility update that sends diagnostic data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Readiness cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
-<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
+<!--With Windows 10, edition 1607, the compatibility update is installed automatically.-->
 If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
@ -32,19 +32,20 @@ See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-1
 ### Windows 10
 Keeping Windows 10 up to date involves deploying a feature update, and Upgrade Readiness tools help you prepare and plan for these Windows updates.
-The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed.  You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). 
+The latest cumulative updates must be installed on Windows 10 computers to make sure that the required compatibility updates are installed. You can find the latest cumulative update on the [Microsoft Update Catalog](https://catalog.update.microsoft.com). 
 While Upgrade Readiness can be used to assist with updating devices from Windows 10 Long-Term Servicing Channel (LTSC) to Windows 10 Semi-Annual Channel, Upgrade Readiness does not support updates to Windows 10 LTSC. The Long-Term Servicing Channel of Windows 10 is not intended for general deployment, and does not receive feature updates, therefore it is not a supported target with Upgrade Readiness. See [Windows as a service overview](../update/waas-overview.md#long-term-servicing-channel) to understand more about LTSC.
-## Operations Management Suite
+## Operations Management Suite or Azure Log Analytics
-Upgrade Readiness is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
+Upgrade Readiness is offered as a solution in Microsoft Operations Management Suite (OMS) and Azure Log Analytics, a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/) or the Azure [Log Analytics overview](https://azure.microsoft.com/services/log-analytics/).
-If you’re already using OMS, you’ll find Upgrade Readiness in the Solutions Gallery. Click the Upgrade Readiness tile in the gallery and then click Add on the solution’s details page. Upgrade Readiness is now visible in your workspace.
+If you’re already using OMS or Azure Log Analytics, you’ll find Upgrade Readiness in the Solutions Gallery. Click the **Upgrade Readiness** tile in the gallery and then click **Add** on the solution’s details page. Upgrade Readiness is now visible in your workspace. You can also 
-If you are not using OMS, go to the [Upgrade Readiness page](https://www.microsoft.com/en-us/windowsforbusiness/simplified-updates) on Microsoft.com and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Readiness solution to it.
+If you are not using OMS or Azure Log Analytics, go to [Log Analytics](https://azure.microsoft.com/services/log-analytics/) on Microsoft.com and select **Start free** to start the setup process. During the process, you’ll create a workspace and add the Upgrade Readiness solution to it.
-Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace.  The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account.  Once the link has been established, you can revoke the administrator permissions.
+>[!IMPORTANT]
 >You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. You also need an Azure subscription to link to your OMS workspace. The account you used to create the workspace must have administrator permissions on the Azure subscription in order to link the workspace to the Azure account. Once the link has been established, you can revoke the administrator permissions.
 ## System Center Configuration Manager integration
--- a/windows/privacy/manage-windows-endpoints.md
+++ b/windows/privacy/manage-windows-endpoints.md
@ -502,8 +502,7 @@ In addition to the endpoints listed for Windows 10 Enterprise, the following end
 | *.search.msn.com | TLSv1.2 | Used to retrieve Windows Spotlight metadata. |
 | *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
 | *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
-| *prod.do.dsp.mp.microsoft.com | TLSv1.2/
+| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. |
 HTTPS | Used for Windows Update downloads of apps and OS updates. |
 | .g.akamaiedge.net | HTTP | Used to check for updates to maps that have been downloaded for offline use. |
 | telecommand.telemetry.microsoft.com | HTTPS | Used by Windows Error Reporting. |
 | 2.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
@ -594,8 +593,7 @@ TLSv1.2 | Used to check for updates to maps that have been downloaded for offlin
 | *.wac.edgecastcdn.net | TLSv1.2 | Used by the Verizon Content Delivery Network to perform Windows updates. |
 | *.wac.phicdn.net | HTTP | Used by the Verizon Content Delivery Network to perform Windows updates. |
 | *.wns.windows.com | TLSv1.2 | Used for the Windows Push Notification Services (WNS). |
-| *prod.do.dsp.mp.microsoft.com | TLSv1.2/
+| *prod.do.dsp.mp.microsoft.com | TLSv1.2\/HTTPS | Used for Windows Update downloads of apps and OS updates. |
 HTTPS | Used for Windows Update downloads of apps and OS updates. |
 | 3.dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
 | 3.dl.delivery.mp.microsoft.com.c.footprint.net | HTTP | Enables connections to Windows Update. |
 | 3.tlu.dl.delivery.mp.microsoft.com | HTTP | Enables connections to Windows Update. |
--- a/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-security-faq.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
 author: brianlic-msft
-ms.date: 05/03/2018
+ms.date: 06/12/2018
 ---
 # BitLocker Security FAQ
@ -27,7 +27,7 @@ The recommended practice for BitLocker configuration on an operating system driv
 ## What are the implications of using the sleep or hibernate power management options?
-BitLocker on operating system drives in its basic configuration (with a TPM but without advanced authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an advanced authentication mode (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires BitLocker authentication. As a best practice, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method.
+BitLocker on operating system drives in its basic configuration (with a TPM but without additional startup authentication) provides additional security for the hibernate mode. However, BitLocker provides greater security when it is configured to use an additional startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. For improved security, we recommend that sleep mode be disabled and that you use TPM+PIN for the authentication method. Startup authentication can be configured by using [Group Policy](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#a-href-idbkmk-unlockpol1arequire-additional-authentication-at-startup) or Mobile Device Management with the [Bitlocker CSP](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp). 
 ## What are the advantages of a TPM?
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@ -71,7 +71,7 @@ Passive mode | Windows Defender AV will not be used as the antivirus app, and th
 Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] 
 Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
-Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
+If you are enrolled in Windows Defender ATP and you are using a third party antimalware product then passive mode is enabled because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
 Automatic disabled mode is enabled so that if the protection offered by a third-party antivirus product expires or otherwise stops providing real-time protection from viruses, malware or other threats, Windows Defender AV will automatically enable itself to ensure antivirus protection is maintained on the endpoint. It also allows you to enable [limited periodic scanning](limited-periodic-scanning-windows-defender-antivirus.md), which uses the Windows Defender AV engine to periodically check for threats in addition to your main antivirus app.
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.md
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md
@ -18,6 +18,7 @@
 ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md)
 ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md)
 ### [Deploy WDAC with a managed installer](use-windows-defender-application-control-with-managed-installer.md)
 ### [Deploy WDAC with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md)
 ### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md)
 ### [Deploy WDAC policies using Intune](deploy-windows-defender-application-control-policies-using-intune.md)
 ### [Use code signing to simplify application control for classic Windows applications](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md)
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-ms.date: 09/21/2017
+ms.date: 06/08/2018
 ---
 # Configure an AppLocker policy for audit only
@ -21,8 +21,6 @@ This topic for IT professionals describes how to set AppLocker policies to **Aud
 After AppLocker rules are created within the rule collection, you can configure the enforcement setting to **Enforce rules** or **Audit only**.
 When AppLocker policy enforcement is set to **Enforce rules**, rules are enforced for the rule collection and all events are audited. When AppLocker policy enforcement is set to **Audit only**, rules are only evaluated but all events generated from that evaluation are written to the AppLocker log.
 >**Note:**  There is no audit mode for the DLL rule collection. DLL rules affect specific apps. Therefore, test the impact of these rules first before deploying them to production. To enable the DLL rule collection, see [Enable the DLL rule collection](enable-the-dll-rule-collection.md).
 You can perform this task by using the Group Policy Management Console for an AppLocker policy in a Group Policy Object (GPO) or by using the Local Security Policy snap-in for an AppLocker policy on a local computer or in a security template. For info how to use these MMC snap-ins to administer AppLocker, see [Administer AppLocker](administer-applocker.md#bkmk-using-snapins).
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 author: jsuther1974
-ms.date: 05/03/2018
+ms.date: 06/08/2018
 ---
 # Microsoft recommended block rules
@ -59,6 +59,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 |Alex Ionescu | @aionescu|
 |Lee Christensen|@tifkin_|
 |Vladas Bulavas | Kaspersky Lab |
 |Lasse Trolle Borup | Langkjaer Cyber Defence |
 <br />
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@ -0,0 +1,97 @@
 ---
 title: Deploy Windows Defender Application Control with Intelligent Security Graph (ISG) (Windows 10)
 description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 author: mdsakibMSFT
 ms.date: 03/01/2018
 ---
 # Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph 
 **Applies to:**
 -   Windows 10
 -   Windows Server 2016
 Application execution control can be difficult to implement in enterprises that do not have processes to effectively control the deployment of applications centrally through an IT managed system. 
 In such environments, users are empowered to acquire the applications they need for work, making accounting for all the applications that would need to be authorized for execution control a daunting task.  
 Windows 10, version 1709 (also known as the Windows 10 Fall Creators Update) provides a new option, known as Intelligent Security Graph (ISG) authorization, that allows IT administrators to automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation. The ISG option helps IT organizations take a significant first step towards going from having no application control at all to a simple means of preventing the execution of unknown and known bad software.
 ## How does the integration between WDAC and the Intelligent Security Graph work? 
 The ISG relies on Microsoft’s vast security intelligence and machine learning analytics to help classify applications as having known good reputation. When users download applications on a system with WDAC enabled with the ISG authorization option specified, the reputation of the downloaded file, commonly an installer, is used to determine whether to run the installer and then that original reputation information is passed along to any files that were written by the installer. When any of these files try to execute after they are installed, the reputation data is used to help make the right policy authorization decision.   
 After that initial download and installation, the WDAC component will check for the presence of the positive reputation information when evaluating other application execution control rules specified in the policy. If there are no deny rules present for the file, it will be authorized based on the known good reputation classification.  
 The reputation data on the client is rechecked periodically and enterprises can also specify that any cached reputation results are flushed on reboot.    
 >[!NOTE]
 >Admins needs to ensure that there is a WDAC policy in place to allow the system to boot and run any other authorized applications that may not be classified as being known good by the Intelligent Security Graph, for example custom line-of-business (LOB) apps. Since the Intelligent Security Graph is powered by global prevalence data, internal LOB apps may not be recognized as being known good. Other mechanisms like managed installer and explicit rules will help cover internal applications. Both System Center Configuration Manager (SCCM) and Microsoft Intune can be used to create and push a WDAC policy to your client machines.  
 Other examples of WDAC policies are available in C:\Windows\schemas\CodeIntegrity\ExamplePolicies and can help authorize Windows OS components, WHQL signed drivers and all Store apps. Admins can reference and customize them as needed for their Windows Defender Application Control deployment or [create a custom WDAC policy](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy). 
 ## Configuring Intelligent Security Graph authorization for Windows Defender Application Control 
 Setting up the ISG authorization is easy regardless of what management solution you use. Configuring the ISG option involves these basic steps: 
 - [Ensure that the ISG option is enabled in the WDAC policy XML](#ensure-that-the-intelligent-security-graph-option-is-enabled-in-the-wdac-policy-xml) 
 - [Enable the necessary services to allow WDAC to use the ISG correctly on the client](#enable-the-necessary-services-to-allow-wdac-to-use-the-isg-correctly-on-the-client) 
 ### Ensure that the Intelligent Security Graph option is enabled in the WDAC policy XML 
 In order to enable trust for executables based on classifications in the ISG, the **Enabled: Intelligent Security Graph authorization** option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the **Enabled:Invalidate EAs on Reboot** option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG. Caution is advised if devices will regularly transition to and from environments that may not be able to access the ISG. The following example shows both options being set. 
 ```code
 <Rules> 
    <Rule> 
      <Option>Enabled:Unsigned System Integrity Policy</Option> 
    </Rule> 
    <Rule> 
      <Option>Enabled:Advanced Boot Options Menu</Option> 
    </Rule> 
    <Rule> 
      <Option>Required:Enforce Store Applications</Option> 
    </Rule> 
    <Rule>
      <Option>Enabled:UMCI</Option>
    </Rule>
    <Rule>
      <Option>Enabled:Managed Installer</Option> 
    </Rule>
    <Rule> 
      <Option>Enabled:Intelligent Security Graph Authorization</Option> 
    </Rule> 
    <Rule> 
      <Option>Enabled:Invalidate EAs on Reboot</Option> 
    </Rule> 
 </Rules> 
 ```
 ### Enable the necessary services to allow WDAC to use the ISG correctly on the client
 In order for the heuristics used by the ISG to function properly, a number of component in Windows need to be enabled. The easiest way to do this is to run the appidtel executable in c:\windows\system32.
 ```
 appidtel start
 ```
 For WDAC policies deployed over MDM using the AppLocker CSP this step is not required as the CSP will enable the necessary components. ISG enabled through the SCCM WDAC UX will not need this step but if custom policies are being deployed outside of the WDAC UX through SCCM then this step is required.   
 ## Security considerations with using the Intelligent Security Graph 
 Since the ISG is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Windows Defender Advanced Threat Protection to help provide optics into what users are doing. 
 Users with administrator privileges or malware running as an administrator user on the system may be able to circumvent the intent of WDAC when the ISG option is allowed by circumventing or corrupting the heuristics used to assign reputation to application executables. The ISG option uses the same heuristic tracking as managed installer and so for application installers that include an option to automatically run the application at the end of the installation process the heuristic may over-authorize.  
 ## Known limitations with using the Intelligent Security Graph
 Since the ISG relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG.  
 Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business. it is straightforward to authorize modern apps with signer rules in the WDAC policy.
 The ISG heuristic does not authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.  
 In some cases, the code integrity logs where WDAC errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, the error is functionally benign as a blocked native image will result in the corresponding assembly being re-interpreted. Review for functionality and performance for the related applications using the native images maybe necessary in some cases. 
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 author: mdsakibMSFT
-ms.date: 03/01/2018
+ms.date: 06/13/2018
 ---
 # Deploy Managed Installer for Windows Defender Application Control
--- a/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/data-storage-privacy-windows-defender-advanced-threat-protection.md
@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 03/06/2018
+ms.date: 06/13/2018
 ---
 # Windows Defender ATP data storage and privacy
@ -27,7 +27,7 @@ This section covers some of the most frequently asked questions regarding privac
 ## What data does Windows Defender ATP collect?
-Microsoft will collect and store information from your configured machines in a database specific to the service for administration, tracking, and reporting purposes.
+Windows Defender ATP will collect and store information from your configured machines in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
 Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as machine identifiers, names, and the operating system version).
@ -51,7 +51,7 @@ In all scenarios, data is encrypted using 256-bit [AES encyption](https://en.wik
 ## Do I have the flexibility to select where to store my data?
-When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the United Kingdom, Europe, or in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States.
+When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Customer data in de-identified form may also be stored in the central storage and processing systems in the United States.
 ## Is my data isolated from other customer data?
 Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
--- a/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/licensing-windows-defender-advanced-threat-protection.md
@ -66,7 +66,7 @@ When accessing the [Windows Defender ATP portal](https://SecurityCenter.Windows.
 	You will need to set up your preferences for the Windows Defender ATP portal.
-3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the United Kingdom, Europe, or The United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
+3. When onboarding the service for the first time, you can choose to store your data in the Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 	> [!WARNING]
 	> This option cannot be changed without completely offboarding from Windows Defender ATP and completing a new enrollment process.
--- a/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@ -36,14 +36,14 @@ For more information, see [Windows 10 Enterprise edition](https://www.microsoft.
 ### Licensing requirements
 Windows Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
-	Windows 10 Enterprise E5
+- Windows 10 Enterprise E5
-	Windows 10 Education E5
+- Windows 10 Education E5
 - Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
 ### Network and data storage and configuration requirements
-When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the United Kingdom, Europe, or United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
 > [!NOTE]
 > -   You cannot change your data storage location after the first-time setup.
--- a/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/troubleshoot-siem-windows-defender-advanced-threat-protection.md
@ -63,9 +63,9 @@ If you encounter an error when trying to get a refresh token when using the thre
    - For Threat intelligence API: `https://WindowsDefenderATPCustomerTiConnector`
 5. Add the following URL:
-   - For US:  `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`.
+  - For the European Union: `https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback`
-   - For Europe: `https://winatpmanagement-eu.securitycenter.windows.com/UserAuthenticationCallback`
+  - For the United Kingdom: `https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback`
-   - For United Kingdom: `https://winatpmanagement-uk.securitycenter.windows.com/UserAuthenticationCallback`
+  - For the United States:  `https://winatpmanagement-us.securitycenter.windows.com/UserAuthenticationCallback`.
 6. Click **Save**.
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 05/30/2018
+ms.date: 06/13/2018
 ---
@ -123,7 +123,7 @@ This rule blocks the following file types from being run or launched from an ema
 ### Rule: Block Office applications from creating child processes
-Office apps, such as Word or Excel, will not be allowed to create child processes. 
+Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, Outlook, and Access.
 This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
@ -174,7 +174,6 @@ This rule attempts to block Office files that contain macro code that is capable
 This rule blocks the following file types from being run or launched unless they meet prevalence or age criteria set by admins, or they are in a trusted list or exclusion list:
 - Executable files (such as .exe, .dll, or .scr) 
 - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
 ### Rule: Use advanced protection against ransomware
@ -187,6 +186,9 @@ Local Security Authority Subsystem Service (LSASS) authenticates users who log i
 >[!IMPORTANT]
 >[Exclusions do not apply to this rule](customize-attack-surface-reduction.md#exclude-files-and-folders).
 >[!NOTE]
 >Some apps are coded to enumerate all running processes and to attempt opening them with exhaustive permissions. This results in the app accessing LSASS even when it's not necessary. ASR will deny the app's process open action and log the details to the security event log. Entry in the event log for access denial by itself is not an indication of the presence of a malicious threat.
 ### Rule: Block process creations originating from PSExec and WMI commands
 This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks.
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 05/10/2018
+ms.date: 06/08/2018
 ms.localizationpriority: high
 ---
@ -169,7 +169,7 @@ In the Feedback and Settings page under Privacy Settings you can now delete the
 ### Security Baselines
-A draft of the new [security baseline for Windows 10 version 1803](https://blogs.technet.microsoft.com/secguide/2018/03/27/security-baseline-for-windows-10-v1803-redstone-4-draft/) has been published. 
+The new [security baseline for Windows 10 version 1803](https://docs.microsoft.com/windows/security/threat-protection/security-compliance-toolkit-10) has been published. 
 ### Windows Defender Antivirus