Merge branch 'master' into App-v-revision

windows/client-management/mdm/TOC.md

@@ -228,6 +228,7 @@
 #### [RemoteManagement](policy-csp-remotemanagement.md)
 #### [RemoteProcedureCall](policy-csp-remoteprocedurecall.md)
 #### [RemoteShell](policy-csp-remoteshell.md)
+#### [RestrictedGroups](policy-csp-restrictedgroups.md)
 #### [Search](policy-csp-search.md)
 #### [Security](policy-csp-security.md)
 #### [Settings](policy-csp-settings.md)

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -1405,6 +1405,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <ul>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration</li>
 <li>AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold</li>
+<li>Browser/AllowConfigurationUpdateForBooksLibrary</li>
 <li>Browser/AlwaysEnableBooksLibrary</li>
 <li>Browser/EnableExtendedBooksTelemetry</li>
 <li>Browser/UseSharedFolderForBooks</li>
@@ -1454,6 +1455,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>LocalPoliciesSecurityOptions/SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems</li> 
 <li>LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation</li> 
 <li>LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode</li> 
+<li>RestrictedGroups/ConfigureGroupMembership</li>
 <li>Search/AllowCortanaInAAD</li>
 <li>Search/DoNotUseWebResults</li>
 <li>Security/ConfigureWindowsPasswords</li>
@@ -1515,6 +1517,16 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p>
 </td></tr>
 <tr class="odd">
+<td style="vertical-align:top">[RemoteWipe CSP](remotewipe-csp.md)</td>
+<td style="vertical-align:top"><p>Added the following nodes in Windows 10, next major update:</p>
+<ul>
+<li>AutomaticRedeployment</li>
+<li>doAutomaticRedeployment</li>
+<li>LastError</li>
+<li>Status</li>
+</ul>
+</td></tr>
+<tr class="odd">
 <td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
 <td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p>
 </td></tr>

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -434,6 +434,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-allowbrowser" id="browser-allowbrowser">Browser/AllowBrowser</a>
   </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowconfigurationupdateforbookslibrary" id="browser-allowconfigurationupdateforbookslibrary">Browser/AllowConfigurationUpdateForBooksLibrary</a>
+  </dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-allowcookies" id="browser-allowcookies">Browser/AllowCookies</a>
   </dd>
@@ -473,9 +476,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-allowsmartscreen" id="browser-allowsmartscreen">Browser/AllowSmartScreen</a>
   </dd>
-  <!--<dd>
+  <dd>
     <a href="./policy-csp-browser.md#browser-alwaysenablebookslibrary" id="browser-alwaysenablebookslibrary">Browser/AlwaysEnableBooksLibrary</a>
-  </dd>-->
+  </dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-clearbrowsingdataonexit" id="browser-clearbrowsingdataonexit">Browser/ClearBrowsingDataOnExit</a>
   </dd>
@@ -2484,6 +2487,13 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### RestrictedGroups policies
+
+  <dd>
+    <a href="policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership">RestrictedGroups/ConfigureGroupMembership</a>
+  </dd>
+
+
 ### Search policies
 
 <dl>

windows/client-management/mdm/policy-csp-browser.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 01/30/2018
+ms.date: 01/31/2018
 ---
 
 # Policy CSP - Browser
@@ -30,6 +30,9 @@ ms.date: 01/30/2018
   <dd>
     <a href="#browser-allowbrowser">Browser/AllowBrowser</a>
   </dd>
+  <dd>
+    <a href="#browser-allowconfigurationupdateforbookslibrary">Browser/AllowConfigurationUpdateForBooksLibrary</a>
+  </dd>
   <dd>
     <a href="#browser-allowcookies">Browser/AllowCookies</a>
   </dd>
@@ -317,6 +320,64 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="browser-allowconfigurationupdateforbookslibrary"></a>**Browser/AllowConfigurationUpdateForBooksLibrary**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you decide whether Microsoft Edge can automatically update the configuration data for the Books Library.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - Disable. Microsoft Edge cannot retrieve a configuration
+-   1 - Enable (default). Microsoft Edge can retrieve a configuration for Books Library
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="browser-allowcookies"></a>**Browser/AllowCookies**  
 
@@ -2270,6 +2331,62 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
+<!--StartPolicy-->
+<a href="" id="browser-usesharedfolderforbooks"></a>**Browser/UseSharedFolderForBooks**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartScope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--EndScope-->
+<!--StartDescription-->
+This setting specifies whether organizations should use a folder shared across users to store books from the Books Library.
+
+<!--EndDescription-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - No shared folder.
+-   1 - Use a shared folder.
+
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--EndPolicy-->
+<hr/>
 
 Footnote:
 

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -0,0 +1,96 @@
+---
+title: Policy CSP - RestrictedGroups
+description: Policy CSP - RestrictedGroups
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 01/12/2018
+---
+
+# Policy CSP - RestrictedGroups
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+
+<hr/>
+
+<!--StartPolicies-->
+## RestrictedGroups policies  
+
+<dl>
+  <dd>
+    <a href="policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership" id="restrictedgroups-configuregroupmembership">RestrictedGroups/ConfigureGroupMembership</a>
+  </dd>
+</dl>
+
+<hr/>
+<!--StartPolicy-->
+<a href="" id="restrictedgroups-configuregroupmembership"></a>**RestrictedGroups/ConfigureGroupMembership**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>4</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartScope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--EndScope-->
+<!--StartDescription-->
+This security setting allows an administrator to define the members of a security-sensitive (restricted) group. When a Restricted Groups Policy is enforced, any current member of a restricted group that is not on the Members list is removed. Any user on the Members list who is not currently a member of the restricted group is added. You can use Restricted Groups policy to control group membership.  
+
+> [!Note]  
+> This policy is only scoped to the Administrators group at this time.  
+
+Using the policy, you can specify what members are part of a group. Any members that are not specified in the policy are removed during configuration or refresh. For example, you can create a Restricted Groups policy to only allow specified users (for example, Alice and John) to be members of the Administrators group. When policy is refreshed, only Alice and John will remain as members of the Administrators group.
+
+> [!Note]  
+> If a Restricted Groups policy is applied, any current member not on the Restricted Groups policy members list is removed. This can include default members, such as administrators. Restricted Groups should be used primarily to configure membership of local groups on workstation or member servers. An empty Members list means that the restricted group has no members.
+
+<!--EndDescription-->
+<!--SupportedValues-->
+
+<!--/SupportedValues-->
+<!--Example-->
+
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+

windows/client-management/mdm/remotewipe-csp.md

@@ -7,12 +7,15 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 11/13/2017
+ms.date: 01/29/2018
 ---
 
 # RemoteWipe CSP
 
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely wipe a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely wiped after being lost or stolen.
 
 The following diagram shows the RemoteWipe configuration service provider management object in tree format as used by both OMA DM and OMA Client Provisioning. Enterprise IT Professionals can update these settings by using the Exchange Server.
@@ -45,14 +48,27 @@ Supported operation is Exec.
 <a href="" id="doWipePersistUserData"></a>**doWipePersistUserData**  
 Added in Windows 10, version 1709.  Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.
 
-## The Remote Wipe Process
+<a href="" id="automaticredeployment"></a>**AutomaticRedeployment**  
+Added in Windows 10, next major update. Node for the Automatic Redeployment operation.
 
+<a href="" id="doautomaticredeployment"></a>**AutomaticRedeployment/doAutomaticRedeployment**  
+Added in Windows 10, next major update. Exec on this node triggers Automatic Redeployment operation. This works like PC Reset, similar to other existing nodes in this RemoteWipe CSP, except that it keeps the device enrolled in Azure AD and MDM, keeps Wi-Fi profiles, and a few other settings like region, language, keyboard.
 
-The remote wipe command is sent as an XML provisioning file to the device. Since the RemoteWipe Configuration Service Provider uses OMA DM and WAP, authentication between client and server and delivery of the XML provisioning file is handled by provisioning.
+<a href="" id="lasterror"></a>**AutomaticRedeployment/LastError**  
+Added in Windows 10, next major update. Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).
 
-In Windows 10 Mobile, the remote wipe command is implemented on the device by using the **ResetPhone** function. On the desktop, the remote wipe triggers the **Reset this PC** functionality with the **Remove everything** option.
+<a href="" id="status"></a>**AutomaticRedeployment/Status**  
+Added in Windows 10, next major update. Status value indicating current state of an Automatic Redeployment operation. 
 
-> **Note**  On the desktop, the remote wipe effectively performs a factory reset and the PC does not retain any information about the command once the wipe completes. Any response from the device about the actual status or result of the command may be inconsistent and unreliable because the MDM information has been removed.
+Supported values:  
+
+-  0: Never run (not started). The default state. 
+-  1: Complete. 
+-  10: Reset has been scheduled. 
+-  20: Reset is scheduled and waiting for a reboot. 
+-  30: Failed during CSP Execute ("Exec" in SyncML). 
+-  40: Failed: power requirements not met. 
+-  50: Failed: reset internals failed during reset attempt.
 
  
 

windows/client-management/mdm/remotewipe-ddf-file.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 12/05/2017
+ms.date: 01/29/2018
 ---
 
 # RemoteWipe DDF file
@@ -17,7 +17,7 @@ This topic shows the OMA DM device description framework (DDF) for the **RemoteW
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the DDF for Windows 10, version 1709.
+The XML below is the DDF for Windows 10, next major update.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -43,7 +43,7 @@ The XML below is the DDF for Windows 10, version 1709.
                 <Permanent />
             </Scope>
             <DFType>
-                <DDFName></DDFName>
+                <MIME>com.microsoft/1.1/MDM/RemoteWipe</MIME>
             </DFType>
             <Description>The root node for remote wipe function.</Description>
         </DFProperties>
@@ -131,8 +131,94 @@ The XML below is the DDF for Windows 10, version 1709.
               <Description>Exec on this node will perform a remote reset on the device and persist user accounts and data. The return status code shows whether the device accepted the Exec command.</Description>
             </DFProperties>
         </Node>
+        <Node>
+          <NodeName>AutomaticRedeployment</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>doAutomaticRedeployment</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Exec />
+              </AccessType>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>LastError</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DefaultValue>0</DefaultValue>
+              <Description>Error value, if any, associated with Automatic Redeployment operation (typically an HRESULT).</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Status</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DefaultValue>0</DefaultValue>
+              <Description>Status value indicating current state of an Automatic Redeployment operation. 0: Never run (not started). The default state. 1: Complete. 10: Reset has been scheduled. 20: Reset is scheduled and waiting for a reboot. 30: Failed during CSP Execute ("Exec" in SyncML). 40: Failed: power requirements not met. 50: Failed: reset internals failed during reset attempt.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+       </Node>
     </Node>
 </MgmtTree>
+
 ```
 
 ## Related topics

windows/deployment/TOC.md

@@ -8,6 +8,7 @@
 ### [Configure VDA for Subscription Activation](vda-subscription-activation.md)
 ### [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md)
 ## [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
+### [Submit Windows 10 upgrade errors](upgrade/submit-errors.md)
 
 ## [Deploy Windows 10](deploy.md)
 

windows/deployment/update/device-health-get-started.md

@@ -24,7 +24,7 @@ Steps are provided in sections that follow the recommended setup process:
 Device Health has the following requirements: 
 1. Device Health is currently only compatible with Windows 10 and Windows Server 2016 devices. The solution is intended to be used with desktop devices (Windows 10 workstations and laptops). 
 2. The solution requires that at least the [enhanced level of diagnostic data](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#basic-level) is enabled on all devices that are intended to be displayed in the solution. To learn more about Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization). 
-3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint:
+3. The diagnostic data of your organization’s Windows devices must be successfully transmitted to Microsoft. Microsoft has specified [endpoints for each of the diagnostic data services](/windows/configuration//configure-windows-diagnostic-data-in-your-organization#endpoints), which must be whitelisted by your organization so the data can be transmitted. The following table is taken from the article on diagnostic data endpoints and summarizes the use of each endpoint:
 
 Service | Endpoint
 --- | ---

windows/deployment/update/update-compliance-get-started.md

@@ -36,7 +36,7 @@ Update Compliance has the following requirements:
 
  4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Troublehsoot Windows Defender Antivirus reporting](/windows/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md) topic for help on ensuring the configuration is correct.
  
-     For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. 
+     For endpoints running Windows 10, version 1607 or earlier, [Windows diagnostic data must also be set to **Enhanced**](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#enhanced-level), to be compatible with Windows Defender Antivirus. 
     
     See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
 

windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md

@@ -16,17 +16,19 @@ ms.localizationpriority: high
 **Applies to**
 -   Windows 10
 
->**Important**: This topic contains technical instructions for IT administrators. If you are not an IT administrator, see [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors) for more information.
+>**Important**: This topic contains technical instructions for IT administrators. If you are not an IT administrator, see the following topic: [Get help with Windows 10 upgrade and installation errors](https://support.microsoft.com/en-us/help/10587/windows-10-get-help-with-upgrade-installation-errors). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md).
 
 ## In this topic
 
 This topic contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. The following sections and procedures are provided in this guide:
 
+- [Troubleshooting upgrade errors](#troubleshooting-upgrade-errors): General advice and techniques for troubleshooting Windows 10 upgrade errors.<br>
 - [The Windows 10 upgrade process](#the-windows-10-upgrade-process): An explanation of phases used during the upgrade process.<br>
 - [Quick fixes](#quick-fixes): Steps you can take to eliminate many Windows upgrade errors.<br>
 - [Upgrade error codes](#upgrade-error-codes): The components of an error code are explained.
     - [Result codes](#result-codes): Information about result codes.
     - [Extend codes](#extend-codes): Information about extend codes.
+- [Windows Error Reporting](#windows-error-reporting): How to use Event Viewer to review details about a Windows 10 upgrade.
 - [Log files](#log-files): A list and description of log files useful for troubleshooting.
     - [Log entry structure](#log-entry-structure): The format of a log entry is described.
     - [Analyze log files](#analyze-log-files): General procedures for log file analysis, and an example.
@@ -36,19 +38,61 @@ This topic contains a brief introduction to Windows 10 installation processes, a
     - [Other result codes](#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
     - [Other error codes](#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
 
+## Troubleshooting upgrade errors
+
+If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process. 
+
+Briefly, the upgrade process consists of four phases: **Downlevel**, **SafeOS**, **First boot**, and **Second boot**. The computer will reboot once between each phase. 
+
+These phases are explained in greater detail [below](#the-windows-10-upgrade-process). First, let's summarize the actions performed during each phase because this affects the type of errors that can be encountered.
+
+1. **Downlevel phase**: Because this phase runs on the source OS, upgrade errors are not typically seen. If you do encounter an error, ensure the source OS is stable. Also ensure the Windows setup source and the destination drive are accessible. 
+
+2. **SafeOS phase**: Errors most commonly occur during this phase due to hardware issues, firmware issues, or non-microsoft disk encryption software.
+
+    Since the computer is booted into Windows PE during the SafeOS phase, a useful troubleshooting technique is to boot into [Windows PE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/winpe-intro) using installation media. You can use the [media creation tool](https://www.microsoft.com/software-download/windows10) to create bootable media, or you can use tools such as the [Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), and then boot your device from this media to test for hardware and firmware compatibility issues.
+
+    **Do not proceed with the Windows 10 installation after booting from this media**. This method can only be used to perform a clean install which will not migrate any of your apps and settings, and you will be required re-enter your Windows 10 license information.
+
+    If the computer does not successfully boot into Windows PE using the media that you created, this is likely due to a hardware or firmware issue. Check with your hardware manufacturer and apply any recommended BIOS and firmware updates. If you are still unable to boot to installation media after applying updates, disconnect or replace legacy hardware.
+
+    If the computer successfully boots into Windows PE, but you are not able to browse the system drive on the computer, it is possible that non-Microsoft disk encryption software is blocking your ability to perform a Windows 10 upgrade. Update or temporarily remove the disk encryption.
+
+3. **First boot phase**: Boot failures in this phase are relatively rare, and almost exclusively caused by device drivers.  Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade.
+
+4. **Second boot phase**: In this phase, the system is running under the target OS with new drivers. Boot failures are most commonly due to anti-virus software or filter drivers. Disconnect all peripheral devices except for the mouse, keyboard, and display. Obtain and install updated device drivers, then retry the upgrade.
+ 
+If the general troubleshooting techniques described above or the [quick fixes](#quick-fixes) detailed below do not resolve your issue, you can attempt to analyze [log files](#log-files) and interpret [upgrade error codes](#upgrade-error-codes). You can also [Submit Windows 10 upgrade errors using Feedback Hub](submit-errors.md) so that Microsoft can diagnose your issue.
+
 ## The Windows 10 upgrade process
 
-The Windows Setup application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. When performing an operating system upgrade, Windows Setup uses the following phases:
+The **Windows Setup** application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. 
 
-1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Installation components are gathered.
-2. **Safe OS phase**: A recovery partition is configured and updates are installed. An OS rollback is prepared if needed.
-        - Example error codes: 0x2000C, 0x20017
-3. **First boot phase**: Initial settings are applied.
-        - Example error codes: 0x30018, 0x3000D
-4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**.
-        - Example error: 0x4000D, 0x40017
-5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful.
-        - Example error: 0x50000
+When performing an operating system upgrade, Windows Setup uses phases described below. A reboot occurs between each of the phases. After the first reboot, the user interface will remain the same until the upgrade is completed. Percent progress is displayed and will advance as you move through each phase, reaching 100% at the end of the second boot phase.
+
+1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Windows files are copied and installation components are gathered.
+
+    ![downlevel phase](../images/downlevel.png)  
+
+2. **Safe OS phase**: A recovery partition is configured, Windows files are expanded, and updates are installed. An OS rollback is prepared if needed. Example error codes: 0x2000C, 0x20017.
+
+    ![safeOS phase](../images/safeos.png) 
+
+3. **First boot phase**: Initial settings are applied. Example error codes: 0x30018, 0x3000D.
+
+    ![first boot phase](../images/firstboot.png) 
+
+4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**. Example error codes: 0x4000D, 0x40017. 
+
+    At the end of the second boot phase, the **Welcome to Windows 10** screen is displayed, preferences are configured, and the Windows 10 sign-in prompt is displayed.
+
+    ![second boot phase](../images/secondboot.png) 
+
+    ![second boot phase](../images/secondboot2.png) 
+
+    ![second boot phase](../images/secondboot3.png) 
+
+5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful (image not shown). Example error codes: 0x50000, 0x50015.
 
 **Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown):
 
@@ -58,6 +102,7 @@ DU = Driver/device updates.<br>
 OOBE = Out of box experience.<br>
 WIM = Windows image (Microsoft)
 
+
 ## Quick fixes
 
 The following steps can resolve many Windows upgrade problems.
@@ -92,13 +137,16 @@ The following steps can resolve many Windows upgrade problems.
 
 If the upgrade process is not successful, Windows Setup will return two codes:
 
-1. **A result code**: The result code corresponds to a specific Win32 error.
-2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred.  
+1. **A result code**: The result code corresponds to a specific Win32 or NTSTATUS error.
+2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred.
 
 >For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**.
 
 Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/en-us/kb/3159635) then only a result code might be returned.
 
+>[!TIP]
+>If you are unable to locate the result and extend error codes, you can attempt to find these codes using Event Viewer.  For more information, see [Windows Error Reporting](#windows-error-reporting).
+
 ### Result codes
 
 >A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue. <br>To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](#resolution-procedures) section later in this topic.
@@ -201,10 +249,50 @@ The following tables provide the corresponding phase and operation for values of
 
 For example: An extend code of **0x4000D**, represents a problem during phase 4 (**0x4**) with data migration (**000D**).
 
+## Windows Error Reporting
+
+When Windows Setup fails, the result and extend code are recorded as an informational event in the Application log by Windows Error Reporting as event 1001. The event name is **WinSetupDiag02**.  You can use Event Viewer to review this event, or you can use Windows PowerShell.
+
+To use Windows PowerShell, type the following commands from an elevated Windows PowerShell prompt:
+
+```
+$events = Get-WinEvent -FilterHashtable @{LogName="Application";ID="1001";Data="WinSetupDiag02"}
+$event = [xml]$events[0].ToXml()
+$event.Event.EventData.Data
+```
+
+To use Event Viewer: 
+1. Open Event Viewer and navigate to **Windows Logs\Application**.
+2. Click **Find**, and then search for **winsetupdiag02**.
+3. Double-click the event that is highlighted.
+
+Note: For legacy operating systems, the Event Name was WinSetupDiag01. 
+
+Ten parameters are listed in the event:
+<br>
+<table border="0">
+<tr><td>P1: The Setup Scenario (1=Media,5=WindowsUpdate,7=Media Creation Tool)</td></tr>
+<tr><td>P2: Setup Mode (x=default,1=Downlevel,5=Rollback)</td></tr>
+<tr><td>P3: New OS Architecture (x=default,0=X86,9=AMD64)</td></tr>
+<tr><td>P4: Install Result (x=default,0=Success,1=Failure,2=Cancel,3=Blocked)</td></tr>
+<tr><td><b>P5: Result Error Code</b>  (Ex: 0xc1900101)</td></tr>
+<tr><td><b>P6: Extend Error Code</b>  (Ex: 0x20017)</td></tr>
+<tr><td>P7: Source OS build (Ex: 9600)</td></tr>
+<tr><td>P8: Source OS branch (not typically available)</td></tr>
+<tr><td>P9: New OS build (Ex: 16299}</td></tr>
+<tr><td>P10: New OS branch (Ex: rs3_release}</td></tr>
+</table>
+
+The event will also contain links to log files that can be used to perform a detailed diagnosis of the error.  An example of this event from a successful upgrade is shown below.
+
+![Windows Error Reporting](../images/event.png)
+
 ## Log files
 
 Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. 
 
+Note: Also see the [Windows Error Reporting](#windows-error-reporting) section in this document for help locating error codes and log files. 
+
 The following table describes some log files and how to use them for troubleshooting purposes:<br>
 
 <br>

windows/deployment/upgrade/submit-errors.md

@@ -0,0 +1,69 @@
+---
+title: Submit Windows 10 upgrade errors using Feedback Hub
+description: Submit Windows 10 upgrade errors for diagnosis using feedback hub
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, feedback
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+ms.date: 02/01/2018
+ms.localizationpriority: high
+---
+
+# Submit Windows 10 upgrade errors using Feedback Hub
+
+**Applies to**
+-   Windows 10
+
+## In this topic
+
+This topic describes how to submit problems with a Windows 10 upgrade to Microsoft using the Windows 10 Feedback Hub.
+
+## About the Feedback Hub
+
+The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool.  You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/en-us/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
+
+The Feedback Hub requires Windows 10 or Windows 10 mobile. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous verion of Windows 10, the Feedback Hub will collect log files automatically.
+
+## Submit feedback
+
+To submit feedback about a failed Windows 10 upgrade, click the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md) 
+
+The Feedback Hub will open.
+
+- Under **Tell us about it**, and then under **Summarize your issue**, type **Upgrade failing**.
+- Under **Give us more detail**, provide additional information about the failed upgrade, such as:
+    - When did the failure occur?
+        - Were there any reboots?
+        - How many times did the system reboot?
+    - How did the upgrade fail?
+        - Were any error codes visible?
+        - Did the computer fail to a blue screen?
+        - Did the computer automatically roll back or did it hang, requiring you to power cycle it before it rolled back?
+- Additional details
+    - What type of security software is installed?
+    - Is the computer up to date with latest drivers and firmware?
+    - Are there any external devices connected? 
+- If you used the link above, the category and subcategory will be automatically selected. If it is not selected, choose **Install and Update** and **Windows Installation**. 
+
+You can attach a screenshot or file if desired. This is optional.
+
+Click **Submit** to send your feedback.
+
+See the following example:
+
+![feedback example](../images/feedback.png) 
+
+After you click Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue.  You can check on your feedback periodically to see what solutions have been provided.
+
+## Link to your feedback
+
+After your feedback is submitted, you can email or post links to it by opening the Feedback Hub, clicking My feedback at the top, clicking the feedback item you submitted, clicking **Share**, then copying the short link that is displayed.
+
+![share](../images/share.jpg) 
+
+## Related topics
+
+[Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)
+

windows/deployment/upgrade/upgrade-readiness-deployment-script.md

@@ -263,7 +263,7 @@ The deployment script displays the following exit codes to let you know if it wa
 \Windows\DataCollection**</font>
         or <font size='1'>**HKLM:\SOFTWARE\Microsoft\Windows
 \CurrentVersion\Policies\DataCollection**</font></td>
-        <td>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization).</td>
+        <td>For Windows 10 machines, the **AllowTelemetry** property should be set to 1 or greater to enable data collection. The script will throw an error if this is not true. For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization).</td>
     </tr>
     <tr>
         <td>40 - Function **CheckTelemetryOptIn** failed with an unexpected exception. </td>