Merge remote-tracking branch 'refs/remotes/origin/master' into live

2025-05-22 10:17:23 +00:00 · 2016-11-30 10:16:29 -08:00 · 2016-11-30 10:16:29 -08:00 · d6e16585f6
commit d6e16585f6
parent 201d0f1b97 5d832a54e2
6 changed files with 26 additions and 7 deletions
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@ -15,6 +15,7 @@ This topic lists new and updated topics in the Surface documentation library.
 |New or changed topic | Description |
 | --- | --- |
 |[Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | Added procedure for viewing certificate thumbprint. |
 |[Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) | New |
--- a/devices/surface/images/surface-ent-mgmt-fig6-enrollconfirm.png
+++ b/devices/surface/images/surface-ent-mgmt-fig6-enrollconfirm.png
--- a/devices/surface/images/surface-ent-mgmt-fig7-semmrecovery.png
+++ b/devices/surface/images/surface-ent-mgmt-fig7-semmrecovery.png
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@ -18,6 +18,8 @@ Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devi
 When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
 There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/en-us/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
 ## Microsoft Surface UEFI Configurator
 The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
@ -101,8 +103,20 @@ These characters are the last two characters of the certificate thumbprint and s
 *Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
 >[!NOTE]
 >Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
 >1. Right-click the .pfx file, and then click **Open**.
 >2. Expand the folder in the navigation pane.
 >3. Click **Certificates**.
 >4. Right-click your certificate in the main pane, and then click **Open**.
 >5. Click the **Details** tab.
 >6. **All** or **Properties Only** must be selected in the **Show** drop-down menu.
 >7. Select the field **Thumbprint**.
 To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file on the intended Surface device. You can use application deployment or operating system deployment technologies such as [System Center Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM.
 For a step-by-step walkthrough of how to enroll a Surface device in SEMM or apply a Surface UEFI configuration with SEMM, see [Enroll and configure Surface devices with SEMM](https://technet.microsoft.com/en-us/itpro/surface/enroll-and-configure-surface-devices-with-semm).
 ### Reset package
 A Surface UEFI reset package is used to perform only one task — to unenroll a Surface device from SEMM. The reset package contains signed instructions to remove the SEMM certificate from the device’s firmware and to reset UEFI settings to factory default. Like a Surface UEFI configuration package, a reset package must be signed with the same SEMM certificate that is provisioned on the Surface device. When you create a SEMM reset package, you are required to supply the serial number of the Surface device you intend to reset. SEMM reset packages are not universal and are specific to one device.
@ -120,6 +134,8 @@ When you use the process on the **Enterprise Management** page to reset SEMM on
 >[!NOTE]
 >A Reset Request expires two hours after it is created.
 For a step-by-step walkthrough of how to unenroll Surface devices from SEMM, see [Unenroll Surface devices from SEMM](https://technet.microsoft.com/en-us/itpro/surface/unenroll-surface-devices-from-semm).
 ## Surface Enterprise Management Mode certificate requirements
 >[!NOTE]
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@ -66,7 +66,9 @@ Anything hosted on the web can be presented in a locked down manner, not just as
 ``` 
 ms-edu-secureassessment:<URL>!enforceLockdown
 ```
-
+   > [!NOTE]  
   > You may want to remove !enforceLockdown for tests that utilizes our lockdown API that checks for running processes before locking down. Removing !enforceLockdown will result in the app not locking down immediately which allows you to close apps that are not allowed to run during lockdown. The test web application may lock down the device once you have closed the apps. 
 2. Distribute the link. You can use the web, email, OneNote, or any other method of your choosing.
 3. To take the test, the student clicks on the link and provides user consent.
--- a/windows/manage/windows-10-mobile-and-mdm.md
+++ b/windows/manage/windows-10-mobile-and-mdm.md
@ -21,11 +21,11 @@ Employees increasingly depend on smartphones to complete daily work tasks, but t
 Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
 **In this article**
-	Deploy
+-	[Deploy](#deploy)
-	Configure
+-	[Configure](#configure)
-	Apps
+-	[Apps](#apps)
-	Manage
+-	[Manage](#manage)
-	Retire
+-	[Retire](#retire)
 ## Deploy
@ -73,7 +73,7 @@ The way in which personal and corporate devices are enrolled into an MDM system
 <td align="left">Organization</td>
 </tr>
 <tr class="odd">
-<td align="left"><strong>Device Innitialization</strong>
+<td align="left"><strong>Device Initialization</strong>
 In the Out-of-the-Box Experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device.</td>
 <td align="left">The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. </td>