diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 16b671865d..a995eb5f41 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -10,7 +10,7 @@ ms.pagetype: edu
ms.localizationpriority: medium
author: lenewsad
ms.author: lanewsad
-ms.date: 07/13/2018
+ms.date: 10/17/2018
---
# What's in my provisioning package?
@@ -107,6 +107,22 @@ Set up School PCs uses the Universal app install policy to install school-releva
* OneNote
* Sway
+## Provisioning time estimates
+The time it takes to install a package on a device depends on the:
+
+* Strength of network connection
+* Number of policies and apps within the package
+* Additional configurations made to the device
+
+Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes pre-installed apps, through CleanPC, will take much longer to provision.
+
+|Configurations |Connection type |Estimated provisioning time |
+|---------|---------|---------|
+|Default settings only | Wi-Fi | 3 to 5 minutes |
+|Default settings + apps | Wi-Fi | 10 to 15 minutes |
+|Default settings + remove pre-installed apps (CleanPC) | Wi-Fi | 60 minutes |
+|Default settings + other settings (Not CleanPC) | Wi-Fi | 5 minutes |
+
## Next steps
Learn more about setting up devices with the Set up School PCs app.
* [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
diff --git a/windows/application-management/msix-app-packaging-tool.md b/windows/application-management/msix-app-packaging-tool.md
index 1500f26da8..50ac54f57a 100644
--- a/windows/application-management/msix-app-packaging-tool.md
+++ b/windows/application-management/msix-app-packaging-tool.md
@@ -8,19 +8,19 @@ ms.sitesec: library
ms.localizationpriority: medium
ms.author: mikeblodge
ms.topic: article
-ms.date: 10/16/2018
+ms.date: 10/18/2018
---
# Repackage existing win32 applications to the MSIX format
-The MSIX Packaging Tool is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store.
+The MSIX Packaging Tool 1.2018.1005.0 is now available to install from the Microsoft Store. The MSIX Packaging Tool enables you to repackage your existing win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your machine and upload to the Microsoft Store.
> Prerequisites:
-- Participate in the Windows Insider Program or update to Windows 10 October 2018 Update (version 1809)
-- Minimum Windows 10 build 17701
+- Windows 10, version 1809 (or later)
+- Participation in the Windows Insider Program (if you're using an Insider build)
+- A valid Micorsoft account (MSA) alias to access the app from the Microsoft Store
- Admin privileges on your PC account
-- A valid Micorsoft account (MSA) alias to access the app from the Store
## Installing the MSIX Packaging Tool
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index b7f6316a52..082c384d37 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -50,6 +50,10 @@ These tools were included in previous versions of Windows and the associated doc
>[!TIP]
>If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content.
+## Related topics
+
+[Diagnostic Data Viewer](https://docs.microsoft.com/windows/privacy/diagnostic-data-viewer-overview)
+
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index c136d082ac..1e21d2a88c 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -228,6 +228,7 @@
### [Optimize Windows 10 update delivery](update/waas-optimize-windows-10-updates.md)
#### [Configure Delivery Optimization for Windows 10 updates](update/waas-delivery-optimization.md)
#### [Configure BranchCache for Windows 10 updates](update/waas-branchcache.md)
+#### [Whitepaper: Windows Updates using forward and reverse differentials](update/PSFxWhitepaper.md)
### [Best practices for feature updates on mission-critical devices](update/feature-update-mission-critical.md)
#### [Deploy feature updates during maintenance windows](update/feature-update-maintenance-window.md)
#### [Deploy feature updates for user-initiated installations](update/feature-update-user-install.md)
@@ -239,6 +240,7 @@
#### [Walkthrough: use Group Policy to configure Windows Update for Business](update/waas-wufb-group-policy.md)
#### [Walkthrough: use Intune to configure Windows Update for Business](https://docs.microsoft.com/intune/windows-update-for-business-configure)
### [Deploy Windows 10 updates using Windows Server Update Services](update/waas-manage-updates-wsus.md)
+#### [Enable FoD and language pack updates in Windows Update](update/fod-and-lang-packs.md)
### [Deploy Windows 10 updates using System Center Configuration Manager](update/waas-manage-updates-configuration-manager.md)
### [Manage device restarts after updates](update/waas-restart.md)
### [Manage additional Windows Update settings](update/waas-wu-settings.md)
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index de261b876c..9e83c68e65 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -27,7 +27,7 @@ Start-ups are quick, and S mode is built to keep them that way. With Microsoft E
**Choice and flexibility**
-Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode) at any time and search the web for more choices.
+Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](https://docs.microsoft.com/en-us/windows/deployment/windows-10-pro-in-s-mode) to Home, Pro, or Enterprise at any time and search the web for more choices, as shown below.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
new file mode 100644
index 0000000000..4126e2c7cf
--- /dev/null
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -0,0 +1,203 @@
+---
+title: Windows Updates using forward and reverse differentials
+description: A technique to produce compact software updates optimized for any origin and destination revision pair
+keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: Jaimeo
+ms.localizationpriority: medium
+ms.author: jaimeo
+ms.date: 10/18/2018
+---
+
+# Windows Updates using forward and reverse differentials
+
+
+Windows 10 monthly quality updates are cumulative, containing all previously
+released fixes to ensure consistency and simplicity. For an operating system
+platform like Windows 10, which stays in support for multiple years, the size of
+monthly quality updates can quickly grow large, thus directly impacting network
+bandwidth consumption.
+
+Today, this problem is addressed by using express downloads, where differential
+downloads for every changed file in the update are generated based on selected
+historical revisions plus the base version. In this paper, we introduce a new
+technique to build compact software update packages that are applicable to any
+revision of the base version, and then describe how Windows 10 quality updates
+uses this technique.
+
+## General Terms
+
+The following general terms apply throughout this document:
+
+- *Base version*: A major software release with significant changes, such as
+ Windows 10, version 1809 (Windows 10 Build 17763.1)
+
+- *Revision*: Minor releases in between the major version releases, such as
+ KB4464330 (Windows 10 Build 17763.55)
+
+- *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that
+ contain full binaries or files
+
+## Introduction
+
+In this paper, we introduce a new technique that can produce compact software
+updates optimized for any origin/destination revision pair. It does this by
+calculating forward the differential of a changed file from the base version and
+its reverse differential back to the base version. Both forward and reverse
+differentials are then packaged as an update and distributed to the endpoints
+running the software to be updated. The update package contents can be symbolized as follows:
+
+
+
+The endpoints that have the base version of the file (V
0) hydrate the target
+revision (V
N) by applying a simple transformation:
+
+
+
+The endpoints that have revision N of the file (V
N), hydrate the target revision
+(V
R) by applying the following set of transformations:
+
+
+
+The endpoints retain the reverse differentials for the software revision they
+are on, so that it can be used for hydrating and applying next revision update.
+
+By using a common baseline, this technique produces a single update package with
+numerous advantages:
+
+- Compact in size
+
+- Applicable to all baselines
+
+- Simple to build
+
+- Efficient to install
+
+- Redistributable
+
+Historically, download sizes of Windows 10 quality updates (Windows 10, version
+1803 and older supported versions of Windows 10) are optimized by using express
+download. Express download is optimized such that updating Windows 10 systems
+will download the minimum number of bytes. This is achieved by generating
+differentials for every updated file based on selected historical base revisions
+of the same file + its base or RTM version.
+
+For example, if the October monthly quality update has updated Notepad.exe,
+differentials for Notepad.exe file changes from September to October, August to
+October, July to October, June to October, and from the original feature release
+to October are generated. All these differentials are stored in a Patch Storage
+File (PSF, also referred to as “express download files”) and hosted or cached on
+Windows Update or other update management or distribution servers (for example,
+Windows Server Update Services (WSUS), System Center Configuration Manager, or a
+non-Microsoft update management or distribution server that supports express
+updates). A device leveraging express updates uses network protocol to determine
+optimal differentials, then downloads only what is needed from the update
+distribution endpoints.
+
+The flipside of express download is that the size of PSF files can be very large
+depending on the number of historical baselines against which differentials were
+calculated. Downloading and caching large PSF files to on-premises or remote
+update distribution servers is problematic for most organizations, hence they
+are unable to leverage express updates to keep their fleet of devices running
+Windows 10 up to date. Secondly, due to the complexity of generating
+differentials and size of the express files that need to be cached on update
+distribution servers, it is only feasible to generate express download files for
+the most common baselines, thus express updates are only applicable to selected
+baselines. Finally, calculation of optimal differentials is expensive in terms
+of system memory utilization, especially for low-cost systems, impacting their
+ability to download and apply an update seamlessly.
+
+In the following sections, we describe how Windows 10 quality updates will
+leverage this technique based on forward and reverse differentials for newer
+releases of Windows 10 and Windows Server to overcome the challenges with
+express downloads.
+
+## High-level Design
+
+### Update packaging
+
+Windows 10 quality update packages will contain forward differentials from
+quality update RTM baselines (∆RTM→N) and reverse differentials back to RTM
+(∆N→RTM) for each file that has changed since RTM. By using the RTM version as
+the baseline, we ensure that all devices will have an identical payload. Update
+package metadata, content manifests, and forward and reverse differentials will
+be packaged into a cabinet file (.cab). This .cab file, and the applicability
+logic, will also be wrapped in Microsoft Standalone Update (.msu) format.
+
+There can be cases where new files are added to the system during servicing.
+These files will not have RTM baselines, thus forward and reverse differentials
+cannot be used. In these scenarios, null differentials will be used to handle
+servicing. Null differentials are the slightly compressed and optimized version
+of the full binaries. Update packages can have either
+forward or reverse differentials, or null differential of any given binary in
+them. The following image symbolizes the content of a Windows 10 quality update installer:
+
+
+
+### Hydration and installation
+
+Once the usual applicability checks are performed on the update package and are
+determined to be applicable, the Windows component servicing infrastructure will
+hydrate the full files during pre-installation and then proceed with the usual
+installation process.
+
+Below is a high-level sequence of activities that the component servicing
+infrastructure will run in a transaction to complete installation of the update:
+
+- Identify all files that are required to install the update.
+
+- Hydrate each of necessary files using current version (V
N) of the file,
+ reverse differential (V
N--->RTM) of the file back to quality update RTM/base
+ version and forward differential (V
RTM--->R) from feature update RTM/base
+ version to the target version. Also, use null differential hydration to
+ hydrate null compressed files.
+
+- Stage the hydrated files (full file), forward differentials (under ‘f’
+ folder) and reverse differentials (under ‘r’ folder) or null compressed
+ files (under ‘n’ folder) in the component store (%windir%\\WinSxS folder).
+
+- Resolve any dependencies and install components.
+
+- Clean up older state (V
N-1); the previous state V
N is retained for
+ uninstallation and restoration or repair.
+
+### **Resilient Hydration**
+
+To ensure resiliency against component store corruption or missing files that
+could occur due to susceptibility of certain types of hardware to file system
+corruption, a corruption repair service has been traditionally used to recover
+the component store automatically (“automatic corruption repair”) or on demand
+(“manual corruption repair”) using an online or local repair source. This
+service will continue to offer the ability to repair and recover content for
+hydration and successfully install an update, if needed.
+
+When corruption is detected during update operations, automatic corruption
+repair will start as usual and use the Baseless Patch Storage File published to
+Windows Update for each update to fix corrupted manifests, binary differentials,
+or hydrated or full files. Baseless patch storage files will contain reverse and
+forward differentials and full files for each updated component. Integrity of
+the repair files will be hash verified.
+
+Corruption repair will use the component manifest to detect missing files and
+get hashes for corruption detection. During update installation, new registry
+flags for each differential staged on the machine will be set. When automatic
+corruption repair runs, it will scan hydrated files using the manifest and
+differential files using the flags. If the differential cannot be found or
+verified, it will be added to the list of corruptions to repair.
+
+### Lazy automatic corruption repair
+
+“Lazy automatic corruption repair” runs during update operations to detect
+corrupted binaries and differentials. While applying an update, if hydration of
+any file fails, "lazy" automatic corruption repair automatically starts,
+identifies the corrupted binary or differential file, and then adds it to the
+corruption list. Later, the update operation continues as far as it can go, so
+that "lazy" automatic corruption repair can collect as many corrupted files to fix
+as possible. At the end of the hydration section, the update fails, and
+automatic corruption repair starts. Automatic corruption repair runs as usual
+and at the end of its operation, adds the corruption list generated by "lazy"
+automatic corruption repair on top of the new list to repair. Automatic
+corruption repair then repairs the files on the corruption list and installation
+of the update will succeed on the next attempt.
diff --git a/windows/deployment/update/fod-and-lang-packs.md b/windows/deployment/update/fod-and-lang-packs.md
new file mode 100644
index 0000000000..e360ba20b9
--- /dev/null
+++ b/windows/deployment/update/fod-and-lang-packs.md
@@ -0,0 +1,23 @@
+---
+title: Windows 10 - How to make FoDs and language packs available when you're using WSUS/SCCM
+description: Learn how to make FoDs and language packs available for updates when you're using WSUS/SCCM.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: article
+ms.author: elizapo
+author: lizap
+ms.localizationpriority: medium
+ms.date: 10/18/2018
+---
+# How to make Features on Demand and language packs available when you're using WSUS/SCCM
+
+> Applies to: Windows 10
+
+As of Windows 10, version 1709, you can't use Windows Server Update Services (WSUS) to host [Features on Demand](https://docs.microsoft.com/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities) and language packs for Windows 10 clients. Instead, you can pull them directly from Windows Update - you just need to change a Group Policy setting that lets clients download these directly from Windows Update. You can also host Features on Demand and language packs on a network share, but starting with Windows 10, version 1809, language packs can only be installed from Windows Update.
+
+For Active Directory and Group Policy environments running in a WSUS\SCCM environment change the **Specify settings for optional component installation and component repair** policy to enable downloading Features on Demand directly from Windows Update or a local share. This setting is located in Computer Configuration\Administrative Templates\System in the Group Policy Editor.
+
+Changing this policy only enables Features on Demand and language pack downloads from Windows Update - it doesn't affect how clients get feature and quality updates. Feature and quality updates will continue to come directly from WSUS\SCCM. It also doesn't affect the schedule for your clients to receive updates.
+
+Learn about other client management options, including using Group Policy and ADMX, in [Manage clients in Windows 10](https://docs.microsoft.com/windows/client-management/).
diff --git a/windows/deployment/update/images/PSF1.png b/windows/deployment/update/images/PSF1.png
new file mode 100644
index 0000000000..3476cf6c11
Binary files /dev/null and b/windows/deployment/update/images/PSF1.png differ
diff --git a/windows/deployment/update/images/PSF2.png b/windows/deployment/update/images/PSF2.png
new file mode 100644
index 0000000000..1da8698dff
Binary files /dev/null and b/windows/deployment/update/images/PSF2.png differ
diff --git a/windows/deployment/update/images/PSF3.png b/windows/deployment/update/images/PSF3.png
new file mode 100644
index 0000000000..79be89cea3
Binary files /dev/null and b/windows/deployment/update/images/PSF3.png differ
diff --git a/windows/deployment/update/images/PSF4.png b/windows/deployment/update/images/PSF4.png
new file mode 100644
index 0000000000..20f9a1a887
Binary files /dev/null and b/windows/deployment/update/images/PSF4.png differ
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 47764a02e8..595bed72af 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -45,5 +45,5 @@ Typically, the improvements are reliability, security, and performance improveme
* Servicing stack updates contain the full servicing stack; as a result, typically administrators only need to install the latest servicing stack update for the operating system.
* Installing servicing stack update does not require restarting the device, so installation should not be disruptive.
* Servicing stack update releases are specific to the operating system version (build number), much like quality updates.
-* Search to install latest available (Servicing stack update for Windows 10)[https://support.microsoft.com/en-us/search?query=servicing%20stack%20update%20Windows%2010].
+* Search to install latest available [Servicing stack update for Windows 10](https://support.microsoft.com/en-us/search?query=servicing%20stack%20update%20Windows%2010).
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index bb2378b3a9..ed003254cc 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -8,7 +8,7 @@ ms.sitesec: library
author: Jaimeo
ms.localizationpriority: medium
ms.author: jaimeo
-ms.date: 05/29/2018
+ms.date: 10/17/2018
---
# Quick guide to Windows as a service
@@ -35,6 +35,8 @@ Some new terms have been introduced as part of Windows as a service, so you shou
See [Overview of Windows as a service](waas-overview.md) for more information.
+For some interesting in-depth information about how cumulative updates work, see [Windows Updates using forward and reverse differentials](PSFxWhitepaper.md).
+
## Key Concepts
Windows 10 gains new functionality with twice-per-year feature update releases. Initially, organizations will use these feature update releases for pilot deployments to ensure compatibility with existing apps and infrastructure. After a period of time, typically about four months after the feature update release, broad deployment throughout the organization can begin. The exact timeframe is determined by feedback from customers, ISVs, OEMs, and others, with an explicit "ready for broad deployment" declaration signaling this to customers.
diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 8bc47524c0..bef52aab7a 100644
--- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -22,7 +22,7 @@ The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Wi
## Proof-of-concept environment
-For the purposes of this topic, we will use four machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a Windows Server 2012 R2 standard machine, fully patched with the latest security updates, and configured as a member server in the fictional contoso.com domain. PC0003 is a machine with Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
+For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a Windows Server 2012 R2 standard machine, fully patched with the latest security updates, and configured as a member server in the fictional contoso.com domain. PC0003 is a machine with Windows 7 SP1, targeted for the Windows 10 upgrade. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index 2a6a86ea3d..6c0aa24941 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -382,7 +382,7 @@ WDSUTIL /Set-Server /AnswerClients:None
In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
```
- STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=2476 TID=4636 GMTDATE=Wed Sep 14 22:11:09.363 2016 ISTR0="Configuration Manager Client Upgrade Package" ISTR1="PS100003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS100003" SMS_DISTRIBUTION_MANAGER 9/14/2016 3:11:09 PM 4636 (0x121C)
+ STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=924 TID=1424 GMTDATE=Tue Oct 09 22:36:30.986 2018 ISTR0="Zero Touch WinPE x64" ISTR1="PS10000A" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS10000A" SMS_DISTRIBUTION_MANAGER 10/9/2018 3:36:30 PM 1424 (0x0590)
```
11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Double-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
diff --git a/windows/deployment/windows-autopilot/TOC.md b/windows/deployment/windows-autopilot/TOC.md
index ac183ef6d1..fb04b62d4d 100644
--- a/windows/deployment/windows-autopilot/TOC.md
+++ b/windows/deployment/windows-autopilot/TOC.md
@@ -4,6 +4,7 @@
### [Network requirements](windows-autopilot-requirements-network.md)
### [Licensing requirements](windows-autopilot-requirements-licensing.md)
## [Scenarios and Capabilities](windows-autopilot-scenarios.md)
+### [Support for existing devices](existing-devices.md)
### [User-driven mode](user-driven.md)
### [Self-deploying mode](self-deploying.md)
### [Enrollment status page](enrollment-status.md)
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
index 1632f15877..46641b808c 100644
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/18
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Adding devices to Windows Autopilot
diff --git a/windows/deployment/windows-autopilot/configure-autopilot.md b/windows/deployment/windows-autopilot/configure-autopilot.md
index 7bdfb8857c..7444e0b565 100644
--- a/windows/deployment/windows-autopilot/configure-autopilot.md
+++ b/windows/deployment/windows-autopilot/configure-autopilot.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/18
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Configure Autopilot deployment
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 17268284ab..6a8c2d3e3d 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.author: greg-lindsay
-ms.date: 07/13/18
+ms.date: 10/02/2018
---
# Demonstrate Autopilot deployment on a VM
diff --git a/windows/deployment/windows-autopilot/enrollment-status.md b/windows/deployment/windows-autopilot/enrollment-status.md
index 8577555397..60a302f3e0 100644
--- a/windows/deployment/windows-autopilot/enrollment-status.md
+++ b/windows/deployment/windows-autopilot/enrollment-status.md
@@ -9,8 +9,8 @@ ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot Enrollment Status page
@@ -42,7 +42,7 @@ The Enrollment Status page tracks a subset of the available MDM CSP policies tha
Presently the following types of policies are not tracked:
-- Intune Management Extentions PowerShell scripts.
+- Intune Management Extensions PowerShell scripts.
- Office 365 ProPlus installations.
- System Center Configuration Manager apps, packages, and task sequences.
diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index be48f47d26..6872ac6eaa 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -1,5 +1,5 @@
---
-title: Autopilot for existing devices
+title: Windows Autopilot for existind devices
description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
@@ -8,12 +8,272 @@ ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 10/11/2018
+ms.author: greg-lindsay
+ms.date: 10/19/2018
---
-# Autopilot for existing devices
+# Windows Autopilot for existing devices
**Applies to: Windows 10**
-Placeholder. Content coming.
\ No newline at end of file
+Modern desktop management with Windows Autopilot enables you to easily deploy the latest version of Windows 10 to your existing devices. The apps you need for work can be automatically installed. Your work profile is synchronized, so you can resume working right away.
+
+This topic describes how to convert Windows 7 domain-joined computers to Azure Active Directory-joined computers running Windows 10 by using Windows Autopilot.
+
+## Prerequisites
+
+- System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808)
+- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
+- Assigned Microsoft Intune Licenses
+- Azure Active Directory Premium
+- Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image
+
+## Procedures
+
+### Create the JSON file
+
+>[!TIP]
+>To run the following commands on a computer running Windows Server 2012/2012 R2 or Windows 7/8.1, you must first download and install the [Windows Management Framework](https://www.microsoft.com/en-us/download/details.aspx?id=54616).
+
+1. On an Internet connected Windows PC or Server open an elevated Windows PowerShell command window
+2. Enter the following lines to install the necessary modules
+
+ #### Install required modules
+
+ ```
+ Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
+ Install-Module AzureAD -Force
+ Install-Module WindowsAutopilotIntune -Force
+ ```
+
+3. Enter the following lines and provide Intune administrative credentials
+ - In the following command, replace the example user principal name for Azure authentication (admin@M365x373186.onmicrosoft.com) with your user account. Be sure that the user account you specify has sufficient administrative rights.
+
+ ```
+ Connect-AutopilotIntune -user admin@M365x373186.onmicrosoft.com
+ ```
+ The password for your account will be requested using a standard Azure AD form. Type your password and then click **Sign in**.
+
See the following example:
+
+ 
+
+ If this is the first time you’ve used the Intune Graph APIs, you’ll also be prompted to enable read and write permissions for Microsoft Intune PowerShell. To enable these permissions:
+ - Select **Consent on behalf or your organization**
+ - Click **Accept**
+
+4. Next, retrieve and display all the Autopilot profiles available in the specified Intune tenant in JSON format:
+
+ #### Retrieve profiles in Autopilot for existing devices JSON format
+
+ ```
+ Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON >
+ ```
+
+ See the following sample output:
+
+ PS C:\> Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON
+ {
+ "CloudAssignedTenantId": "1537de22-988c-4e93-b8a5-83890f34a69b",
+ "Version": 2049,
+ "Comment_CloudAssignedOobeConfig": "0x7FFFFFFF",
+ "Comment_Version": "0x801",
+ "Comment_File": "Profile Autopilot Profile",
+ "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"M365x373186.onmicrosoft.com\"}}",
+ "CloudAssignedOobeConfig": 30,
+ "CloudAssignedDomainJoinMethod": 0,
+ "ZtdCorrelationId": "7F9E6025-1E13-45F3-BF82-A3E8C5B59EAC",
+ "CloudAssignedLockdownConfig": 0,
+ "CloudAssignedTenantDomain": "M365x373186.onmicrosoft.com"
+ }
+
+ Each profile is encapsulated within braces **{ }**. In the previous example, a single profile is displayed.
+
+See the following table for a description of properties used in the JSON file.
+
+ | Property | Description |
+ | --- | --- |
+ | Version (number, optional) | The version number that identifies the format of the JSON file. For Windows 10 1809, the version specified must be 2049. |
+ | CloudAssignedTenantId (guid, required) | The Azure Active Directory tenant ID that should be used. This is the GUID for the tenant, and can be found in properties of the tenant. The value should not include braces. |
+ | CloudAssignedTenantDomain (string, required) | The Azure Active Directory tenant name that should be used, e.g. tenant.onmicrosoft.com. |
+ | CloudAssignedOobeConfig (number, required) | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16
+ | CloudAssignedDomainJoinMethod (number, required) | This property should be set to 0 and specifies that the device should join Azure AD. |
+ | CloudAssignedForcedEnrollment (number, required) | Specifies that the device should require AAD Join and MDM enrollment.
0 = not required, 1 = required. |
+ | ZtdCorrelationId (guid, required) | A unique GUID (without braces) that will be provided to Intune as part of the registration process. ZtdCorrelationId will be included in enrollment message as “OfflineAutoPilotEnrollmentCorrelator”. This attribute will be present only if the enrollment is taking place on a device registered with Zero Touch Provisioning via offline registration.|
+ | CloudAssignedAadServerData (encoded JSON string, required) | An embedded JSON string used for branding. It requires AAD corp branding enabled.
Example value: "CloudAssignedAadServerData": "{\"ZeroTouchConfig\":{\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedTenantDomain\":\"tenant.onmicrosoft.com\"}}"|
+ | CloudAssignedDeviceName (string, optional) | The name automatically assigned to the computer. This follows the naming pattern convention that can be configured in Intune as part of the Autopilot profile, or can specify an explicit name to use. |
+
+5. The Autopilot profile must be saved as a JSON file in ASCII or ANSI format. Windows PowerShell defaults to Unicode format, so if you attempt to redirect output of the commands to a file, you must also specify the file format. For example, to save the file in ASCII format using Windows PowerShell, you can create a directory (ex: c:\Autopilot) and save the profile as shown below:
+
+ ```
+ Get-AutopilotProfile | ConvertTo-AutopilotConfigurationJSON | Out-File c:\Autopilot\AutopilotConfigurationFile.json -Encoding ASCII
+ ```
+ **IMPORTANT**: The file name must be named **AutopilotConfigurationFile.json** in addition to being encoded as ASCII or ANSI.
+
+ If preferred, you can save the profile to a text file and edit in Notepad. In Notepad, when you choose **Save as** you must select Save as type: **All Files** and choose ANSI from the drop-down list next to **Encoding**. See the following example.
+
+ 
+
+ After saving the file, move the file to a location suitable as an SCCM package source.
+
+ >[!IMPORTANT]
+ >Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI. Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience.
+
+### Create a package containing the JSON file
+
+1. In Configuration Manager, navigate to **\Software Library\Overview\Application Management\Packages**
+2. On the ribbon, click **Create Package**
+3. In the **Create Package and Program Wizard** enter the following **Package** and **Program Type** details:
+ -
Name: **Autopilot for existing devices config**
+ - Select the **This package contains source files** checkbox
+ -
Source folder: Click **Browse** and specify a UNC path containing the AutopilotConfigurationFile.json file.
+ - Click **OK** and then click **Next**.
+ -
Program Type: **Do not create a program**
+4. Click **Next** twice and then click **Close**.
+
+### Create a target collection
+
+>[!NOTE]
+>You can also choose to reuse an existing collection
+
+1. Navigate to **\Assets and Compliance\Overview\Device Collections**
+2. On the ribbon, click **Create** and then click **Create Device Collection**
+3. In the **Create Device Collection Wizard** enter the following **General** details:
+ -
Name: **Autopilot for existing devices collection**
+ - Comment: (optional)
+ -
Limiting collection: Click **Browse** and select **All Systems**
+
+ >[!NOTE]
+ >You can optionally choose to use an alternative collection for the limiting collection. The device to be upgraded must be running the ConfigMgr agent in the collection that you select.
+
+4. Click **Next**, then enter the following **Membership Rules** details:
+ - Click **Add Rule** and specify either a direct or query based collection rule to add the target test Windows 7 devices to the new collection.
+ - For example, if the hostname of the computer to be wiped and reloaded is PC-01 and you wish to use Name as the attribute, click **Add Rule > Direct Rule > (wizard opens) > Next** and then enter **PC-01** next to **Value**. Click **Next** and then choose **PC-01** under **Resources**. See the following examples.
+
+ 
+ 
+
+5. Continue creating the device collection with the default settings:
+ - Use incremental updates for this collection: not selected
+ - Schedule a full update on this collection: default
+ - Click **Next** twice and then click **Close**
+
+### Create an Autopilot for existing devices Task Sequence
+
+>[!TIP]
+>The next procedure requires a boot image for Windows 10 1803 or later. Review your available boot images in the Configuration Manager conole under **Software Library\Overview\Operating Systems\Boot images** and verify that the **OS Version** is 10.0.17134.1 (Windows 10 version 1803) or later.
+
+1. In the Configuration Manager console, navigate to **\Software Library\Overview\Operating Systems\Task Sequences**
+2. On the Home ribbon, click **Create Task Sequence**
+3. Select **Install an existing image package** and then click **Next**
+4. In the Create Task Sequence Wizard enter the following details:
+ -
Task sequence name: **Autopilot for existing devices**
+ -
Boot Image: Click **Browse** and select a Windows 10 boot image (1803 or later)
+ - Click **Next**, and then on the Install Windows page click **Browse** and select a Windows 10 **Image package** and **Image Index**, version 1803 or later.
+ - Select the **Partition and format the target computer before installing the operating system** checkbox.
+ - Select or clear **Configure task sequence for use with Bitlocker** checkbox. This is optional.
+ -
Product Key and
Server licensing mode: Optionally enter a product key and server licencing mode.
+ -
Randomly generate the local administrator password and disable the account on all support platforms (recommended): Optional.
+ -
Enable the account and specify the local administrator password: Optional.
+ - Click **Next**, and then on the Configure Network page choose **Join a workgroup** and specify a name (ex: workgroup) next to **Workgroup**.
+
+ >[!IMPORTANT]
+ >The Autopilot for existing devices task sequence will run the **Prepare Windows for capture** action which calls the System Preparation Tool (syeprep). This action will fail if the target machine is joined to a domain.
+
+5. Click **Next** and then click **Next** again to accept the default settings on the Install Configuration Manager page.
+6. On the State Migration page, enter the following details:
+ - Clear the **Capture user settings and files** checkbox.
+ - Clear the **Capture network settings** checkbox.
+ - Clear the **Capture Microsoft Windows settings** checkbox.
+ - Click **Next**.
+
+ >[!NOTE]
+ >The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined devices.
+
+7. On the Include Updates page, choose one of the three available options. This selection is optional.
+8. On the Install applications page, add applications if desired. This is optional.
+9. Click **Next**, confirm settings, click **Next** and then click **Close**.
+10. Right click on the Autopilot for existing devices task sequence and click **Edit**.
+11. In the Task Sequence Editor under the **Install Operating System** group, click the **Apply Windows Settings** action.
+12. Click **Add** then click **New Group**.
+13. Change the group **Name** from **New Group** to **Autopilot for existing devices config**.
+14. Click **Add**, point to **General**, then click **Run Command Line**.
+15. Verify that the **Run Command Line** step is nested under the **Autopilot for existing devices config** group.
+16. Change the **Name** to **Apply Autopilot for existing devices config file** and paste the following into the **Command line** text box, and then click **Apply**:
+ ```
+ cmd.exe /c xcopy AutopilotConfigurationFile.json %OSDTargetSystemDrive%\windows\provisioning\Autopilot\ /c
+ ```
+ - **AutopilotConfigurationFile.json** must be the name of the JSON file present in the Autopilot for existing devices package created earlier.
+
+17. In the **Apply Autopilot for existing devices config file** step, select the **Package** checkbox and then click **Browse**.
+18. Select the **Autopilot for existing devices config** package created earlier and click **OK**. An example is displayed at the end of this section.
+19. Under the **Setup Operating System** group, click the **Setup Windows and Configuration Manager** task.
+20. Click **Add** and then click **New Group**.
+21. Change **Name** from **New Group** to **Prepare Device for Autopilot**
+22. Verify that the **Prepare Device for Autopilot** group is the very last step in the task sequence. Use the **Move Down** button if necessary.
+23. With the **Prepare device for Autopilot** group selected, click **Add**, point to **Images** and then click **Prepare ConfigMgr Client for Capture**.
+24. Add a second step by clicking **Add**, pointing to **Images**, and clicking **Prepare Windows for Capture**. Use the following settings in this step:
+ -
Automatically build mass storage driver list: **Not selected**
+ -
Do not reset activation flag: **Not selected**
+ -
Shutdown the computer after running this action: **Optional**
+
+ 
+
+25. Click **OK** to close the Task Sequence Editor.
+
+### Deploy Content to Distribution Points
+
+Next, ensure that all content required for the task sequence is deployed to distribution points.
+
+1. Right click on the **Autopilot for existing devices** task sequence and click **Distribute Content**.
+2. Click **Next**, **Review the content to distribute** and then click **Next**.
+3. On the Specify the content distribution page click **Add** to specify either a **Distribution Point** or **Distribution Point Group**.
+4. On the a Add Distribution Points or Add Distribution Point Groups wizard specify content destinations that will allow the JSON file to be retrieved when the task sequence is run.
+5. When you are finished specifying content distribution, click **Next** twice then click **Close**.
+
+### Deploy the OS with Autopilot Task Sequence
+
+1. Right click on the **Autopilot for existing devices** task sequence and then click **Deploy**.
+2. In the Deploy Software Wizard enter the following **General** and **Deployment Settings** details:
+ -
Task Sequence: **Autopilot for existing devices**.
+ -
Collection: Click **Browse** and then select **Autopilot for existing devices collection** (or another collection you prefer).
+ - Click **Next** to specify **Deployment Settings**.
+ -
Action: **Install**.
+ -
Purpose: **Available**. You can optionally select **Required** instead of **Available**. This is not recommended during the test owing to the potential impact of inadvertent configurations.
+ -
Make available to the following: **Only Configuration Manager Clients**. Note: Choose the option here that is relevant for the context of your test. If the target client does not have the Configuration Manager agent or Windows installed, you will need to select an option that includes PXE or Boot Media.
+ - Click **Next** to specify **Scheduling** details.
+ -
Schedule when this deployment will become available: Optional
+ -
Schedule when this deployment will expire: Optional
+ - Click **Next** to specify **User Experience** details.
+ -
Show Task Sequence progress: Selected.
+ -
Software Installation: Not selected.
+ -
System restart (if required to complete the installation): Not selected.
+ -
Commit changed at deadline or during a maintenance windows (requires restart): Optional.
+ -
Allow task sequence to be run for client on the Internet: Optional
+ - Click **Next** to specify **Alerts** details.
+ -
Create a deployment alert when the threshold is higher than the following: Optional.
+ - Click **Next** to specify **Distribution Points** details.
+ -
Deployment options: **Download content locally when needed by the running task sequence**.
+ -
When no local distribution point is available use a remote distribution point: Optional.
+ -
Allow clients to use distribution points from the default site boundary group: Optional.
+ - Click **Next**, confirm settings, click **Next**, and then click **Close**.
+
+### Complete the client installation process
+
+1. Open the Software Center on the target Windows 7 client computer. You can do this by clicking Start and then typing **software** in the search box, or by typing the following at a Windows PowerShell or command prompt:
+
+ ```
+ C:\Windows\CCM\SCClient.exe
+ ```
+
+2. In the software library, select **Autopilot for existing devices** and click **Install**. See the following example:
+
+ 
+ 
+
+The Task Sequence will download content, reboot, format the drives and install Windows 10. The device will then proceed to be prepared for Autopilot. Once the task sequence has completed the device will boot into OOBE and provide an Autopilot experience.
+
+
+
+### Register the device for Windows Autopilot
+
+Devices provisioned through Autopilot will only receive the guided OOBE Autopilot experience on first boot. There is currently no automatic registration into Windows Autopilot. Therefore, once updated to Windows 10, the device should be registered to ensure a continued Autopilot experience in the event of PC reset.
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/images/ap-ts-1.png b/windows/deployment/windows-autopilot/images/ap-ts-1.png
new file mode 100644
index 0000000000..5f4c33fd51
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/ap-ts-1.png differ
diff --git a/windows/deployment/windows-autopilot/images/ap-ts.png b/windows/deployment/windows-autopilot/images/ap-ts.png
new file mode 100644
index 0000000000..7c343176d0
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/ap-ts.png differ
diff --git a/windows/deployment/windows-autopilot/images/notepad.png b/windows/deployment/windows-autopilot/images/notepad.png
new file mode 100644
index 0000000000..0f243f95d6
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/notepad.png differ
diff --git a/windows/deployment/windows-autopilot/images/pc-01a.png b/windows/deployment/windows-autopilot/images/pc-01a.png
new file mode 100644
index 0000000000..a3d0f4cdea
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/pc-01a.png differ
diff --git a/windows/deployment/windows-autopilot/images/pc-01b.png b/windows/deployment/windows-autopilot/images/pc-01b.png
new file mode 100644
index 0000000000..07eda6e4bb
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/pc-01b.png differ
diff --git a/windows/deployment/windows-autopilot/images/pwd.png b/windows/deployment/windows-autopilot/images/pwd.png
new file mode 100644
index 0000000000..c9b0e7837c
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/pwd.png differ
diff --git a/windows/deployment/windows-autopilot/images/sc.png b/windows/deployment/windows-autopilot/images/sc.png
new file mode 100644
index 0000000000..bb326e6406
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/sc.png differ
diff --git a/windows/deployment/windows-autopilot/images/sc1.png b/windows/deployment/windows-autopilot/images/sc1.png
new file mode 100644
index 0000000000..380887a45c
Binary files /dev/null and b/windows/deployment/windows-autopilot/images/sc1.png differ
diff --git a/windows/deployment/windows-autopilot/profiles.md b/windows/deployment/windows-autopilot/profiles.md
index 4b3d210f36..c733e6576d 100644
--- a/windows/deployment/windows-autopilot/profiles.md
+++ b/windows/deployment/windows-autopilot/profiles.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/18
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Configure Autopilot profiles
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 5e6d1bd137..59087c0cd6 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -9,8 +9,8 @@ ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot Self-Deploying mode (Preview)
diff --git a/windows/deployment/windows-autopilot/troubleshooting.md b/windows/deployment/windows-autopilot/troubleshooting.md
index d03b5ca36e..2e98298d23 100644
--- a/windows/deployment/windows-autopilot/troubleshooting.md
+++ b/windows/deployment/windows-autopilot/troubleshooting.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Troubleshooting Windows Autopilot
diff --git a/windows/deployment/windows-autopilot/user-driven-aad.md b/windows/deployment/windows-autopilot/user-driven-aad.md
index 1310d1aab1..6da9e99b33 100644
--- a/windows/deployment/windows-autopilot/user-driven-aad.md
+++ b/windows/deployment/windows-autopilot/user-driven-aad.md
@@ -8,12 +8,12 @@ ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 10/11/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot user-driven mode for Azure Active Directory
**Applies to: Windows 10**
-Placeholder. Content coming.
+PLACEHOLDER. This topic is a placeholder for the AAD-specific instuctions currently in user-driven.md.
diff --git a/windows/deployment/windows-autopilot/user-driven-hybrid.md b/windows/deployment/windows-autopilot/user-driven-hybrid.md
index 8a55a84cc1..90ed790b77 100644
--- a/windows/deployment/windows-autopilot/user-driven-hybrid.md
+++ b/windows/deployment/windows-autopilot/user-driven-hybrid.md
@@ -8,8 +8,8 @@ ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 10/11/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
@@ -17,4 +17,8 @@ ms.date: 10/11/2018
**Applies to: Windows 10**
+<<<<<<< HEAD
+PLACEHOLDER. This topic is a placeholder for the AD-specific (hybrid) instuctions.
+=======
Placeholder. Content coming.
+>>>>>>> 01422d156afc7ab2286b8769aee1c4c39351a5f6
diff --git a/windows/deployment/windows-autopilot/user-driven.md b/windows/deployment/windows-autopilot/user-driven.md
index b3ffeb0cd7..d12042b321 100644
--- a/windows/deployment/windows-autopilot/user-driven.md
+++ b/windows/deployment/windows-autopilot/user-driven.md
@@ -8,14 +8,11 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.date: 10/02/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
-# Windows Autopilot User-Driven Mode
-
-**Applies to: Windows 10 version 1703 and above**
-
Windows Autopilot user-driven mode is designed to enable new Windows 10 devices to be transformed from their initial state, directly from the factory, into a ready-to-use state without requiring that IT personnel ever touch the device. The process is designed to be simple so that anyone can complete it, enabling devices to be shipped or distributed to the end user directly with simple instructions:
- Unbox the device, plug it in, and turn it on.
diff --git a/windows/deployment/windows-autopilot/windows-10-autopilot.md b/windows/deployment/windows-autopilot/windows-10-autopilot.md
index 33f04c305b..9ad26de9d0 100644
--- a/windows/deployment/windows-autopilot/windows-10-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-10-autopilot.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 08/22/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Overview of Windows Autopilot
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
index 7cdf271f76..a3c71ae225 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot configuration requirements
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
index c14fc72ee3..a9eb506a51 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-licensing.md
@@ -8,9 +8,10 @@ ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
----
+ms.author: greg-lindsay
+ms.date: 10/02/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
# Windows Autopilot licensing requirements
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
index d44ee7fbfe..2344d56268 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements-network.md
@@ -8,8 +8,8 @@ ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot networking requirements
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
index 237de23838..3b1ede0e05 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@@ -8,8 +8,8 @@ ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot requirements
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
index 2d8e2d0506..c97d79add8 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
@@ -9,8 +9,8 @@ ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Reset devices with local Windows Autopilot Reset
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
index 8b900be698..1f7cca216f 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
@@ -9,8 +9,8 @@ ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Reset devices with remote Windows Autopilot Reset (Preview)
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-reset.md b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
index 8cd3d090a5..9e83d32bbb 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-reset.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-reset.md
@@ -9,8 +9,8 @@ ms.sitesec: library
ms.pagetype:
ms.localizationpriority: medium
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot Reset
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index 619ad5926c..2b0a3d2ac3 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -8,8 +8,8 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Windows Autopilot scenarios
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index 01cad0042d..37f8070dad 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -8,8 +8,8 @@ ms.localizationpriority: high
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
-ms.author: greglin
-ms.date: 06/01/2018
+ms.author: greg-lindsay
+ms.date: 10/02/2018
---
# Overview of Windows Autopilot
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index 56622e9a92..addb2e2df0 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -325,7 +325,7 @@ If you're running into compatibility issues where your app is incompatible with
**To exempt a Store app, a Desktop app, or an AppLocker policy file from the Protected apps list**
-1. In **Mobile apps - App protection policies**, click **Exempt apps**.
+1. In **Client apps - App protection policies**, click **Exempt apps**.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
index 5d23640044..1462462e93 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md
@@ -50,7 +50,7 @@ After you’ve set up Intune for your organization, you must create a WIP-specif
The Microsoft Intune Overview blade appears.
-2. Click **Mobile apps**, click **App protection policies**, and then click **Add a policy**.
+2. Click **Client apps**, click **App protection policies**, and then click **Add a policy**.
@@ -71,12 +71,12 @@ After you’ve set up Intune for your organization, you must create a WIP-specif
4. Click **Create**.
- The policy is created and appears in the table on the **Mobile apps - App protection policies** blade.
+ The policy is created and appears in the table on the **Client apps - App protection policies** blade.
>[!NOTE]
>Optionally, you can also add your apps and set your settings from the **Add a policy** blade, but for the purposes of this documentation, we recommend instead that you create the policy first, and then use the subsequent menus that become available.
-## Add apps to your Allowed apps list
+## Add apps to your Protected apps list
During the policy-creation process in Intune, you can choose the apps you want to allow, as well as deny, access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
The steps to add your apps are based on the type of template being applied. You can add a recommended app, a store app (also known as a Universal Windows Platform (UWP) app), or a signed Windows desktop app. You can also import a list of approved apps or add exempt apps.
@@ -84,19 +84,19 @@ The steps to add your apps are based on the type of template being applied. You
In addition, you can create an app deny list related to the policy based on an **action** value. The action can be either **Allow** or **Deny**. When you specify the deny action for an app using the policy, corporate access is denied to the app.
>[!Important]
->Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.
Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **Allowed apps** list. If you don’t get this statement, it’s possible that you could experience app compatibility issues due to an app losing the ability to access a necessary file after revocation.
+>Enlightened apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.
Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **Protected apps** list. If you don’t get this statement, it’s possible that you could experience app compatibility issues due to an app losing the ability to access a necessary file after revocation.
-### Add a Recommended app to your Allowed apps list
-For this example, we’re going to add a few recommended apps to the **Allowed apps** list.
+### Add a Recommended app to your Protected apps list
+For this example, we’re going to add a few recommended apps to the **Protected apps** list.
**To add a recommended app**
-1. From the **Mobile apps - App protection policies** blade, click the name of your policy, and then click **Allowed apps** from the menu that appears.
+1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Protected apps** from the menu that appears.
- The **Allowed apps** blade appears, showing you any apps that are already included in the list for this policy.
+ The **Protected apps** blade appears, showing you any apps that are already included in the list for this policy.
-2. From the **Allowed apps** blade, click **Add apps**.
+2. From the **Protected apps** blade, click **Add apps**.
The **Add apps** blade appears, showing you all **Recommended apps**.
@@ -104,27 +104,27 @@ For this example, we’re going to add a few recommended apps to the **Allowed a
3. Select each app you want to access your enterprise data, and then click **OK**.
- The **Allowed apps** blade updates to show you your selected apps.
+ The **Protected apps** blade updates to show you your selected apps.
- 
+ 
-4. Click **Save** to save the **Allowed apps** list to your policy.
+4. Click **Save** to save the **Protected apps** list to your policy.
-### Add a Store app to your Allowed apps list
-For this example, we’re going to add Microsoft Power BI, a Windows store app, to the **Allowed apps** list.
+### Add a Store app to your Protected apps list
+For this example, we’re going to add Microsoft Power BI, a Windows store app, to the **Protected apps** list.
**To add a Store app**
-1. From the **Mobile apps - App protection policies** blade, click the name of your policy, and then click **Allowed apps** from the menu that appears.
+1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Protected apps** from the menu that appears.
- The **Allowed apps** blade appears, showing you any apps that are already included in the list for this policy.
+ The **Protected apps** blade appears, showing you any apps that are already included in the list for this policy.
-2. From the **Allowed apps** blade, click **Add apps**.
+2. From the **Protected apps** blade, click **Add apps**.
3. On the **Add apps** blade, click **Store apps** from the dropdown list.
4. Type the friendly name of the app, the publisher info, and the product name. For this example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.MicrosoftPowerBIForWindows`.
-5. After you’ve entered the info into the fields, click **OK** to add the app to your **Allowed apps** list, and then click **Save** to save the **Allowed apps** list to your policy.
+5. After you’ve entered the info into the fields, click **OK** to add the app to your **Protected apps** list, and then click **Save** to save the **Protected apps** list to your policy.
>[!NOTE]
>To add multiple Store apps at the same time, you can click the menu **(…)** at the end of the app row, and continue to add more apps. When you’re done, click **OK**.
@@ -180,15 +180,15 @@ If you don't know the publisher or product name for your Store app, you can find
>The JSON file might also return a windowsPhoneLegacyId value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as windowsPhoneLegacyId, and set the **Publisher Name** as CN= followed by the windowsPhoneLegacyId.
For example:
{
"windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
}
-### Add a Desktop app to your Allowed apps list
-For this example, we’re going to add WordPad, a Desktop app, to the **Allowed apps** list.
+### Add a Desktop app to your Protected apps list
+For this example, we’re going to add WordPad, a Desktop app, to the **Protected apps** list.
**To add a Desktop app**
-1. From the **Mobile apps - App protection policies** blade, click the name of your policy, and then click **Allowed apps** from the menu that appears.
+1. From the **Client apps - App protection policies** blade, click the name of your policy, and then click **Protected apps** from the menu that appears.
- The **Allowed apps** blade appears, showing you any apps that are already included in the list for this policy.
+ The **Protected apps** blade appears, showing you any apps that are already included in the list for this policy.
-2. From the **Allowed apps** blade, click **Add apps**.
+2. From the **Protected apps** blade, click **Add apps**.
3. On the **Add apps** blade, click **Desktop apps** from the dropdown list.
@@ -233,7 +233,7 @@ For this example, we’re going to add WordPad, a Desktop app, to the **Allowed