Merge remote-tracking branch 'refs/remotes/origin/master' into jd-sandbox

2025-05-14 14:27:22 +00:00 · 2016-05-04 07:55:14 -07:00 · 2016-05-04 07:55:14 -07:00 · e15fe83cd1
commit e15fe83cd1
parent f860d2add2 d4c500bfd4
84 changed files with 699 additions and 943 deletions
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@ -16,9 +16,9 @@ title: Collect data using Enterprise Site Discovery
 -   Windows 8.1 Update
 -   Windows 7 with Service Pack 1 (SP1)
-Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
+Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
-## Requirements
+## Before you begin
 Before you start, you need to make sure you have the following:
 -   Latest cumulative security update (for all supported versions of Internet Explorer):
@ -43,7 +43,7 @@ Before you start, you need to make sure you have the following:
        You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
-Both the PowerShell script and .mof file need to be copied to the same location on the client computer, before you run the scripts.
+Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
 ## What data is collected?
 Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
@ -67,7 +67,7 @@ Data is collected on the configuration characteristics of IE and the sites it br
 The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
 ## Where is the data stored and how do I collect it?
-The data is stored locally, in an industry-standard WMI class, Managed Object Format (.MOF) file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
+The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
 -   **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
@ -80,48 +80,55 @@ On average, a website generates about 250bytes of data for each visit, causing o
 <p>**Important**<br>The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
 ## Getting ready to use Enterprise Site Discovery
 Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
 - Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
 -OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
 - Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
 ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
 You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
 <p>**Important**<br>You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
- ![](images/wedge.gif) **To set up Enterprise Site Discovery**
+![](images/wedge.gif) **To set up Enterprise Site Discovery**
-   Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
 ### Optional: Set up your firewall for WMI data
 ### WMI only: Set up your firewall for WMI data
 If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
- ![](images/wedge.gif) **To set up your firewall**
+![](images/wedge.gif) **To set up your firewall**
-1.  In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1.	In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2.  In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2.	In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3.  Restart your computer to start collecting your WMI data.
+3.	Restart your computer to start collecting your WMI data.
-## Setting up Enterprise Site Discovery using PowerShell
+## Use PowerShell to finish setting up Enterprise Site Discovery
-After you finish the initial setup for Site Discovery using PowerShell, you have the option to continue with PowerShell or to switch to Group Policy.
+You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
 <p>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
-### Setting up zones or domains for data collection
+- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
 You can determine which zones or domains are used for data collection, using PowerShell.
-   **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
+- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
 -   **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
 ![](images/wedge.gif) **To set up data collection using a domain allow list**
-   Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
-<p>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
+ 
    **Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
 ![](images/wedge.gif) **To set up data collection using a zone allow list**
-   Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+ - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
 <p>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-## Setting up Enterprise Site Discovery using Group Policy
+    **Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
-If you don’t want to continue using PowerShell, you can switch to Group Policy after the initial Site Discovery setup.
+
 ## Use Group Policy to finish setting up Enterprise Site Discovery
 You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
 <p>**Note**<br> All of the Group Policy settings can be used individually or as a group.
 ![](images/wedge.gif) **To set up Enterprise Site Discovery using Group Policy**
@ -136,7 +143,6 @@ If you don’t want to continue using PowerShell, you can switch to Group Policy
 |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
 ### Combining WMI and XML Group Policy settings
 You can use both the WMI and XML settings individually or together, based on:
 ![](images/wedge.gif) **To turn off Enterprise Site Discovery**
@ -163,12 +169,17 @@ You can use both the WMI and XML settings individually or together, based on:
  <li><b>Turn on Site Discovery XML output:</b> XML file path</li>
 </ul>
 ## Use Configuration Manager to collect your data
-After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, in one of the following ways.
+After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
-### Collect your hardware inventory using the MOF Editor while connecting to a computer
+- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-You can collect your hardware inventory using the MOF Editor, while you’re connected to your client computers.
+-OR-
 - Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
 -OR-
 - Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
 ### Collect your hardware inventory using the MOF Editor while connected to a client device
 You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
 ![](images/wedge.gif) **To collect your inventory**
@ -193,8 +204,8 @@ You can collect your hardware inventory using the MOF Editor, while you’re con
 5.  Click **OK** to close the default windows.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the MOF Editor with a MOF import file
+### Collect your hardware inventory using the MOF Editor with a .MOF import file
-You can collect your hardware inventory using the MOF Editor and a MOF import file.
+You can collect your hardware inventory using the MOF Editor and a .MOF import file.
 ![](images/wedge.gif) **To collect your inventory**
@ -207,8 +218,8 @@ You can collect your hardware inventory using the MOF Editor and a MOF import fi
 4.  Click **OK** to close the default windows.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Collect your hardware inventory using the SMS\DEF.MOF file
+### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
-You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file.
+You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
 ![](images/wedge.gif) **To collect your inventory**
@ -281,7 +292,7 @@ You can collect your hardware inventory using the using the Systems Management S
 3.  Save the file and close it to the same location.<br>
 Your environment is now ready to collect your hardware inventory and review the sample reports.
-### Viewing the sample reports
+## View the sample reports with your collected data
 The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
 ### SCCM Report Sample – ActiveX.rdl
@ -336,7 +347,7 @@ Each site is validated and if successful, added to the global site list when you
 3.  Click **OK** to close the **Bulk add sites to the list** menu.
-## Turn off data collection on your client computers
+## Turn off data collection on your client devices
 After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
 ![](images/wedge.gif) **To stop collecting data, using PowerShell**
--- a/mdop/TOC.md
+++ b/mdop/TOC.md
@ -3,10 +3,12 @@
 ## [Application Virtualization]()
 ### [Application Virtualization 5](appv-v5/)
 ### [Application Virtualization 4](appv-v4/)
 ### [SoftGrid Application Virtualization](softgrid-application-virtualization.md)
 ## [Diagnostics and Recovery Toolset]()
 ### [Diagnostics and Recovery Toolset 10](dart-v10/)
 ### [Diagnostics and Recovery Toolset 8](dart-v8/)
 ### [Diagnostics and Recovery Toolset 7](dart-v7/)
 ### [Diagnostics and Recovery Toolset 6.5](dart-v65.md)
 ## [Microsoft Bitlocker Administration and Monitoring]()
 ### [Microsoft Bitlocker Administration and Monitoring 2.5](mbam-v25/)
 ### [Microsoft Bitlocker Administration and Monitoring 2](mbam-v2/)
--- a/mdop/agpm/resources-for-agpm.md
+++ b/mdop/agpm/resources-for-agpm.md
@ -12,10 +12,6 @@ author: jamiejdt
 -   [Advanced Group Policy Management 4.0 documents](http://go.microsoft.com/fwlink/?LinkID=158931)
 -   [Advanced Group Policy Management 3.0 documents](http://go.microsoft.com/fwlink/?LinkID=158930)
 -   [Advanced Group Policy Management 2.5 documents](http://go.microsoft.com/fwlink/?LinkId=163556)
 ### Microsoft Desktop Optimization Pack resources
 -   [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](http://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
--- a/mdop/appv-v5/about-client-configuration-settings51.md
+++ b/mdop/appv-v5/about-client-configuration-settings51.md
@ -15,444 +15,46 @@ The Microsoft Application Virtualization (App-V) 5.1 client stores its configura
 The following table displays information about the App-V 5.1 client configuration settings:
-<table style="width:100%;">
+|Setting name | Setup Flag | Description | Setting Options | Registry Key Value | Disabled Policy State Keys and Values |
-<colgroup>
+|-------------|------------|-------------|-----------------|--------------------|--------------------------------------|
-<col width="16%" />
+| PackageInstallationRoot | PACKAGEINSTALLATIONROOT | Specifies directory where all new applications and updates will be installed. | String | Streaming\PackageInstallationRoot | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| PackageSourceRoot | PACKAGESOURCEROOT | Overrides source location for downloading package content. | String | Streaming\PackageSourceRoot | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| AllowHighCostLaunch | Not available. |This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | True (enabled); False (Disabled state) | Streaming\AllowHighCostLaunch | 0 |
-<col width="16%" />
+| ReestablishmentRetries | Not available. | Specifies the number of times to retry a dropped session. | Integer (0-99) | Streaming\ReestablishmentRetries | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| ReestablishmentInterval | Not available. | Specifies the number of seconds between attempts to reestablish a dropped session. | Integer (0-3600) | Streaming\ReestablishmentInterval | Policy value not written (same as Not Configured) |
-<col width="16%" />
+| LocationProvider | Not available. | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | String | Streaming\LocationProvider | Policy value not written (same as Not Configured) |
-</colgroup>
+| CertFilterForClientSsl | Not available. | Specifies the path to a valid certificate in the certificate store. | String | Streaming\CertFilterForClientSsl | Policy value not written (same as Not Configured) |
-<thead>
+| VerifyCertificateRevocationList | Not available. | Verifies Server certificate revocation status before steaming using HTTPS. | True(enabled); False(Disabled state) | Streaming\VerifyCertificateRevocationList | 0 |
-<tr class="header">
+| SharedContentStoreMode | SHAREDCONTENTSTOREMODE | Specifies that streamed package contents will be not be saved to the local hard disk. | True(enabled); False(Disabled state) | Streaming\SharedContentStoreMode | 0 |
-<th align="left">Setting Name</th>
+| Name<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERNAME | Displays the name of publishing server. | String | Publishing\Servers\{serverId}\FriendlyName | Policy value not written (same as Not Configured) |
-<th align="left">Setup Flag</th>
+| URL<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERURL | Displays the URL of publishing server. | String | Publishing\Servers\{serverId}\URL | Policy value not written (same as Not Configured) |
-<th align="left">Description</th>
+| GlobalRefreshEnabled<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHENABLED | Enables global publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalEnabled | False |
-<th align="left">Setting Options</th>
+| GlobalRefreshOnLogon<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHONLOGON | Triggers a global publishing refresh on logon. ( Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalLogonRefresh | False |
-<th align="left">Registry Key Value</th>
+| GlobalRefreshInterval<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVAL | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Integer (0-744) | Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval | 0 |
-<th align="left">Disabled Policy State Keys and Values</th>
+| GlobalRefreshIntervalUnit <br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVALUNI | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit | 1 |
-</tr>
+| UserRefreshEnabled<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHENABLED | Enables user publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserEnabled | False |
-</thead>
+| UserRefreshOnLogon<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHONLOGON | Triggers a user publishing refresh onlogon. ( Boolean)<br>Word count (with spaces): 60 | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserLogonRefresh | False |
-<tbody>
+| UserRefreshInterval<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVAL | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Word count (with spaces): 85<br>Integer (0-744 Hours) | Publishing\Servers\{serverId}\UserPeriodicRefreshInterval | 0 |
-<tr class="odd">
+| UserRefreshIntervalUnit<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVALUNIT | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit | 1 |
-<td align="left"><p>PackageInstallationRoot</p></td>
+| MigrationMode | MIGRATIONMODE | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | True(enabled state); False (disabled state) | Coexistence\MigrationMode | |
-<td align="left"><p>PACKAGEINSTALLATIONROOT</p></td>
+| CEIPOPTIN | CEIPOPTIN | Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. | 0 for disabled; 1 for enabled | SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable | 0 | 
-<td align="left"><p>Specifies directory where all new applications and updates will be installed.</p></td>
+| EnablePackageScripts | ENABLEPACKAGESCRIPTS | Enables scripts defined in the package manifest of configuration files that should run. | True(enabled); False(Disabled state) | \Scripting\EnablePackageScripts | | 
-<td align="left"><p>String</p></td>
+| RoamingFileExclusions | ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | | |
-<td align="left"><p>Streaming\PackageInstallationRoot</p></td>
+| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingReglstryExclusions | Policy value not written (same as Not Configured) |
-<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
+| IntegrationRootUser | Not available. | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.| String | Integration\IntegrationRootUser | Policy value not written (same as Not Configured) |
-</tr>
+|IntegrationRootGlobal | Not available.| Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration | String | Integration\IntegrationRootGlobal | Policy value not written (same as Not Configured) |
-<tr class="even">
+| VirtualizableExtensions | Not available. | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.<br>When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually.<br>For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). | String | Integration\VirtualizableExtensions | Policy value not written |
-<td align="left"><p>PackageSourceRoot</p></td>
+| ReportingEnabled | Not available. | Enables the client to return information to a reporting server. | True (enabled); False (Disabled state) | Reporting\EnableReporting | False |
-<td align="left"><p>PACKAGESOURCEROOT</p></td>
+| ReportingServerURL | Not available. | Specifies the location on the reporting server where client information is saved. | String | Reporting\ReportingServer | Policy value not written (same as Not Configured) |
-<td align="left"><p>Overrides source location for downloading package content.</p></td>
+| ReportingDataCacheLimit | Not available. | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Integer [0-1024] | Reporting\DataCacheLimit | Policy value not written (same as Not Configured) |
-<td align="left"><p>String</p></td>
+| ReportingDataBlockSize| Not available. | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Integer [1024 - Unlimited] | Reporting\DataBlockSize | Policy value not written (same as Not Configured) |
-<td align="left"><p>Streaming\PackageSourceRoot</p></td>
+| ReportingStartTime | Not available. | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline. | Integer (0 – 23) | Reporting\ StartTime | Policy value not written (same as Not Configured) |
-<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
+| ReportingInterval | Not available. | Specifies the retry interval that the client will use to resend data to the reporting server. | Integer | Reporting\RetryInterval | Policy value not written (same as Not Configured) |
-</tr>
+| ReportingRandomDelay | Not available. | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Integer [0 - ReportingRandomDelay] | Reporting\RandomDelay | Policy value not written (same as Not Configured) |
-<tr class="odd">
+| EnableDynamicVirtualization<br>**Important** This setting is available only with App-V 5.0 SP2 or later. | Not available. | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization | |
-<td align="left"><p>AllowHighCostLaunch</p></td>
+| EnablePublishingRefreshUI<br>**Important** This setting is available only with App-V 5.0 SP2. | Not available. | Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing | |
-<td align="left"><p>Not available.</p></td>
+| HideUI<br>**Important**  This setting is available only with App-V 5.0 SP2.| Not available. | Hides the publishing refresh progress bar. | 1 (Enabled), 0 (Disabled) | | |
-<td align="left"><p>This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).</p></td>
+| ProcessesUsingVirtualComponents | Not available. | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | String | Virtualization\ProcessesUsingVirtualComponents | Empty string. |
 <td align="left"><p>True (enabled); False (Disabled state)</p></td>
 <td align="left"><p>Streaming\AllowHighCostLaunch</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReestablishmentRetries</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the number of times to retry a dropped session.</p></td>
 <td align="left"><p>Integer (0-99)</p></td>
 <td align="left"><p>Streaming\ReestablishmentRetries</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReestablishmentInterval</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the number of seconds between attempts to reestablish a dropped session.</p></td>
 <td align="left"><p>Integer (0-3600)</p></td>
 <td align="left"><p>Streaming\ReestablishmentInterval</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>AutoLoad</p></td>
 <td align="left"><p>AUTOLOAD</p></td>
 <td align="left"><p>Specifies how new packages should be loaded automatically by App-V on a specific computer.</p></td>
 <td align="left"><p>(0x0) None; (0x1) Previously used; (0x2) All</p></td>
 <td align="left"><p>Streaming\AutoLoad</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>LocationProvider</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Streaming\LocationProvider</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>CertFilterForClientSsl</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the path to a valid certificate in the certificate store.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Streaming\CertFilterForClientSsl</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>VerifyCertificateRevocationList</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Verifies Server certificate revocation status before steaming using HTTPS.</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Streaming\VerifyCertificateRevocationList</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>SharedContentStoreMode</p></td>
 <td align="left"><p>SHAREDCONTENTSTOREMODE</p></td>
 <td align="left"><p>Specifies that streamed package contents will be not be saved to the local hard disk.</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Streaming\SharedContentStoreMode</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Name</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>PUBLISHINGSERVERNAME</p></td>
 <td align="left"><p>Displays the name of publishing server.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\FriendlyName</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>URL</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>PUBLISHINGSERVERURL</p></td>
 <td align="left"><p>Displays the URL of publishing server.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\URL</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>GlobalRefreshEnabled</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHENABLED</p></td>
 <td align="left"><p>Enables global publishing refresh (Boolean)</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalEnabled</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>GlobalRefreshOnLogon</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHONLOGON</p></td>
 <td align="left"><p>Triggers a global publishing refresh on logon. ( Boolean)</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalLogonRefresh</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>GlobalRefreshInterval</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHINTERVAL  </p></td>
 <td align="left"><p>Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.</p></td>
 <td align="left"><p>Integer (0-744</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>GlobalRefreshIntervalUnit</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>GLOBALREFRESHINTERVALUNI</p></td>
 <td align="left"><p>Specifies the interval unit (Hour 0-23, Day 0-31). </p></td>
 <td align="left"><p>0 for hour, 1 for day</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>UserRefreshEnabled</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHENABLED </p></td>
 <td align="left"><p>Enables user publishing refresh (Boolean)</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserEnabled</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>UserRefreshOnLogon</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHONLOGON</p></td>
 <td align="left"><p>Triggers a user publishing refresh onlogon. ( Boolean)</p>
 <p>Word count (with spaces): 60</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserLogonRefresh</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>UserRefreshInterval</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHINTERVAL     </p></td>
 <td align="left"><p>Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.</p>
 <p>Word count (with spaces): 85</p></td>
 <td align="left"><p>Integer (0-744 Hours)</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserPeriodicRefreshInterval</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>UserRefreshIntervalUnit</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>USERREFRESHINTERVALUNIT  </p></td>
 <td align="left"><p>Specifies the interval unit (Hour 0-23, Day 0-31). </p></td>
 <td align="left"><p>0 for hour, 1 for day</p></td>
 <td align="left"><p>Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit</p></td>
 <td align="left"><p>1</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>MigrationMode</p></td>
 <td align="left"><p>MIGRATIONMODE</p></td>
 <td align="left"><p>Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.</p></td>
 <td align="left"><p>True(enabled state); False (disabled state)</p></td>
 <td align="left"><p>Coexistence\MigrationMode</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>CEIPOPTIN</p></td>
 <td align="left"><p>CEIPOPTIN</p></td>
 <td align="left"><p>Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application.</p></td>
 <td align="left"><p>0 for disabled; 1 for enabled</p></td>
 <td align="left"><p>SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable</p></td>
 <td align="left"><p>0</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>EnablePackageScripts</p></td>
 <td align="left"><p>ENABLEPACKAGESCRIPTS</p></td>
 <td align="left"><p>Enables scripts defined in the package manifest of configuration files that should run.</p></td>
 <td align="left"><p>True(enabled); False(Disabled state)</p></td>
 <td align="left"><p>\Scripting\EnablePackageScripts</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>RoamingFileExclusions</p></td>
 <td align="left"><p>ROAMINGFILEEXCLUSIONS</p></td>
 <td align="left"><p>Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>RoamingRegistryExclusions</p></td>
 <td align="left"><p>ROAMINGREGISTRYEXCLUSIONS</p></td>
 <td align="left"><p>Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\RoamingReglstryExclusions</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>IntegrationRootUser</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\IntegrationRootUser</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>IntegrationRootGlobal</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\IntegrationRootGlobal</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>VirtualizableExtensions</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.</p>
 <p>When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the <strong>RunVirtual</strong> command line parameter will be added, and the application will run virtually.</p>
 <p>For more information about the <strong>RunVirtual</strong> parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md).</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Integration\VirtualizableExtensions</p></td>
 <td align="left"><p>Policy value not written</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingEnabled</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Enables the client to return information to a reporting server.</p></td>
 <td align="left"><p>True (enabled); False (Disabled state)</p></td>
 <td align="left"><p>Reporting\EnableReporting</p></td>
 <td align="left"><p>False</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReportingServerURL</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the location on the reporting server where client information is saved.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Reporting\ReportingServer</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingDataCacheLimit</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.</p></td>
 <td align="left"><p>Integer [0-1024]</p></td>
 <td align="left"><p>Reporting\DataCacheLimit</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReportingDataBlockSize</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.</p></td>
 <td align="left"><p>Integer [1024 - Unlimited]</p></td>
 <td align="left"><p>Reporting\DataBlockSize</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingStartTime</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the <strong>ReportingStartTime</strong> will start on the current day at 10 P.M.or 22.</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Integer (0 – 23)</p></td>
 <td align="left"><p>Reporting\ StartTime</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>ReportingInterval</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the retry interval that the client will use to resend data to the reporting server.</p></td>
 <td align="left"><p>Integer</p></td>
 <td align="left"><p>Reporting\RetryInterval</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ReportingRandomDelay</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and <strong>ReportingRandomDelay</strong> and will wait the specified duration before sending data. This can help to prevent collisions on the server.</p></td>
 <td align="left"><p>Integer [0 - ReportingRandomDelay]</p></td>
 <td align="left"><p>Reporting\RandomDelay</p></td>
 <td align="left"><p>Policy value not written (same as Not Configured)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>EnableDynamicVirtualization</p>
 <div class="alert">
 <strong>Important</strong>  
 <p>This setting is available only with App-V 5.0 SP2 or later.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.</p></td>
 <td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
 <td align="left"><p>HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>EnablePublishingRefreshUI</p>
 <div class="alert">
 <strong>Important</strong>  
 <p>This setting is available only with App-V 5.0 SP2.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client.</p></td>
 <td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
 <td align="left"><p>HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>HideUI</p>
 <div class="alert">
 <strong>Important</strong>  
 <p>This setting is available only with App-V 5.0 SP2.</p>
 </div>
 <div>
 </div></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Hides the publishing refresh progress bar.</p></td>
 <td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>ProcessesUsingVirtualComponents</p></td>
 <td align="left"><p>Not available.</p></td>
 <td align="left"><p>Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.</p></td>
 <td align="left"><p>String</p></td>
 <td align="left"><p>Virtualization\ProcessesUsingVirtualComponents</p></td>
 <td align="left"><p>Empty string.</p></td>
 </tr>
 </tbody>
 </table>
 ## Got a suggestion for App-V?
--- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
+++ b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
@ -11,9 +11,7 @@ author: jamiejdt
 After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
 **Note**  
-For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
 ## Sequencing an application
@ -28,9 +26,7 @@ You can use the App-V 5.1 Sequencer to perform the following tasks:
    **Note**  
    You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V 5.1 client.
-
+ 
 -   Convert existing virtual packages.
 The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing.
@ -48,18 +44,14 @@ When you use the sequencer to create a new virtual application, the following li
 -   User configuration file. The user configuration file determines how the virtual application will run on target computers.
 **Important**  
-You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process.
+You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process. 
 The **Options** dialog box in the sequencer console contains the following tabs:
 -   **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
    **Important**  
-    Package Accelerators created using App-V 4.6 are not supported by App-V 5.1.
+    Package Accelerators created using App-V 4.6 are not supported by App-V 5.1.     
 -   **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
@ -137,134 +129,25 @@ The following table lists the supported shell extensions:
 </tbody>
 </table>
 ## Copy on Write (CoW) file extension support
 Copy on write (CoW) file extensions allow App-V 5.1 to dynamically write to specific locations contained in the virtual package while it is being used.
 The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V 5.1 client. All other files and directories can be modified.
-.acm
+| File Type  	|             	|             	|            	|            	|            	|
 |------------	|-------------	|-------------	|------------	|------------	|------------	|
 | .acm       	| .asa        	| .asp        	| .aspx      	| .ax        	| .bat       	|
 | .cer       	| .chm        	| .clb        	| .cmd       	| .cnt       	| .cnv       	|
 | .com       	| .cpl        	| .cpx        	| .crt       	| .dll       	| .drv       	|
 | .esc       	| .exe        	| .fon        	| .grp       	| .hlp       	| .hta       	|
 | .ime       	| .inf        	| .ins        	| .isp       	| .its       	| .js        	|
 | .jse       	| .lnk        	| .msc        	| .msi       	| .msp       	| .mst       	|
 | .mui       	| .nls        	| .ocx        	| .pal       	| .pcd       	| .pif       	|
 | .reg       	| .scf        	| .scr        	| .sct       	| .shb       	| .shs       	|
 | .sys       	| .tlb        	| .tsp        	| .url       	| .vb        	| .vbe       	|
 | .vbs       	| .vsmacros   	| .ws         	| .wsf       	| .wsh       	|            	|
 .asa
 .asp
 .aspx
 .ax
 .bat
 .cer
 .chm
 .clb
 .cmd
 .cnt
 .cnv
 .com
 .cpl
 .cpx
 .crt
 .dll
 .drv
 .exe
 .fon
 .grp
 .hlp
 .hta
 .ime
 .inf
 .ins
 .isp
 .its
 .js
 .jse
 .lnk
 .msc
 .msi
 .msp
 .mst
 .mui
 .nls
 .ocx
 .pal
 .pcd
 .pif
 .reg
 .scf
 .scr
 .sct
 .shb
 .shs
 .sys
 .tlb
 .tsp
 .url
 .vb
 .vbe
 .vbs
 .vsmacros
 .ws
 .esc
 .wsf
 .wsh
 ## Modifying an existing virtual application package
@ -296,8 +179,6 @@ A template can specify and store multiple settings as follows:
 **Note**  
 Package accelerators created using a previous version of App-V must be recreated using App-V 5.1.
 You can use App-V 5.1 package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
 In some situations, to create the package accelerator, you might have to install the application locally on the computer that runs the sequencer. In such cases, you should first try to create the package accelerator with the installation media. If multiple missing files are required, you should install the application locally to the computer that runs the sequencer, and then create the package accelerator.
@ -315,21 +196,9 @@ The App-V 5.1 Sequencer can detect common sequencing issues during sequencing. T
 You can also find additional information about sequencing errors using the Windows Event Viewer.
 ## Got a suggestion for App-V?
 Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 ## <a href="" id="other-resources-for-the-app-v-5-1-sequencer-"></a>Other resources for the App-V 5.1 sequencer
 -   [Operations for App-V 5.1](operations-for-app-v-51.md)
--- a/mdop/dart-v65.md
+++ b/mdop/dart-v65.md
@ -0,0 +1,9 @@
 ---
 title: Diagnostics and Recovery Toolset 6.5
 description: Diagnostics and Recovery Toolset 6.5
 author: jamiejdt
 ---
 # Diagnostics and Recovery Toolset 6.5
 Selecting the link for [Diagnostics and Recovery Toolset 6.5 documentation](https://technet.microsoft.com/en-us/library/jj713388.aspx) will take you to another website. Use your browser's **Back** button to return to this page.   
--- a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
+++ b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
@ -27,8 +27,8 @@ In the following sections, complete the instructions that correspond to the vers
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
    [ SMS_Report (TRUE),
      SMS_Group_Name ("BitLocker Encryption Details"),
      SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@ -66,8 +66,8 @@ In the following sections, complete the instructions that correspond to the vers
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [ SMS_Report(TRUE),
      SMS_Group_Name("BitLocker Policy"),
      SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")]
@ -110,8 +110,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Operating System Ex"),
      SMS_Class_ID   ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@ -124,8 +124,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Computer System Ex"),
      SMS_Class_ID   ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
@ -193,8 +193,8 @@ In the following sections, complete the instructions that correspond to the vers
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
    [ SMS_Report (TRUE),
      SMS_Group_Name ("BitLocker Encryption Details"),
      SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@ -232,8 +232,8 @@ In the following sections, complete the instructions that correspond to the vers
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [ SMS_Report(TRUE),
      SMS_Group_Name("BitLocker Policy"),
      SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@ -278,8 +278,8 @@ In the following sections, complete the instructions that correspond to the vers
        string    EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
    [ SMS_Report(TRUE),
      SMS_Group_Name("BitLocker Policy"),
      SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@ -325,8 +325,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Operating System Ex"),
      SMS_Class_ID   ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@ -339,8 +339,8 @@ In the following sections, complete the instructions that correspond to the vers
    };
    //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
-#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
+    #pragma namespace ("\\\\.\\root\\cimv2\\SMS")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [ SMS_Report     (TRUE),
      SMS_Group_Name ("Computer System Ex"),
      SMS_Class_ID   ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
--- a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
+++ b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
@ -25,8 +25,8 @@ To enable the client computers to report BitLocker compliance details through th
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
    [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class Win32_BitLockerEncryptionDetails
    {
@ -62,8 +62,8 @@ To enable the client computers to report BitLocker compliance details through th
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [DYNPROPS]
    Class Win32Reg_MBAMPolicy
    {
@ -124,8 +124,8 @@ To enable the client computers to report BitLocker compliance details through th
        EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_OperatingSystemExtended
@ -136,8 +136,8 @@ To enable the client computers to report BitLocker compliance details through th
        uint32     SKU;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_ComputerSystemExtended
@ -168,8 +168,8 @@ To enable the client computers to report BitLocker compliance details through th
    // Microsoft BitLocker Administration and Monitoring 
    //===================================================
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
+    #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) 
    [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class Win32_BitLockerEncryptionDetails
    {
@ -205,8 +205,8 @@ To enable the client computers to report BitLocker compliance details through th
        String     EnforcePolicyDate;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
    [DYNPROPS]
    Class Win32Reg_MBAMPolicy
    {
@ -267,8 +267,8 @@ To enable the client computers to report BitLocker compliance details through th
        EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
+    #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
    [DYNPROPS]
    Class Win32Reg_MBAMPolicy_64
    {
@ -329,8 +329,8 @@ To enable the client computers to report BitLocker compliance details through th
        EncodedComputerName;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_OperatingSystemExtended
@ -341,8 +341,8 @@ To enable the client computers to report BitLocker compliance details through th
        uint32     SKU;
    };
-#pragma namespace ("\\\\.\\root\\cimv2")
+    #pragma namespace ("\\\\.\\root\\cimv2")
-#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
+    #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
    [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
    dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
    class CCM_ComputerSystemExtended
--- a/mdop/softgrid-application-virtualization.md
+++ b/mdop/softgrid-application-virtualization.md
@ -0,0 +1,9 @@
 ---
 title: SoftGrid Application Virtualization
 description: SoftGrid Application Virtualization
 author: jamiejdt
 ---
 # SoftGrid Application Virtualization
 Selecting the link for [SoftGrid Application Virtualization documentation](https://technet.microsoft.com/en-us/library/bb906040.aspx) will take you to another website. Use your browser's **Back** button to return to this page.   
--- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["image, deploy, distribute"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Add a Windows 10 operating system image using Configuration Manager
--- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["deploy, task sequence"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
--- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
+++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
@ -6,7 +6,7 @@ keywords: ["settings, database, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Assign applications using roles in MDT
--- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
@ -6,7 +6,7 @@ keywords: ["replication, replicate, deploy, configure, remote"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Build a distributed environment for Windows 10 deployment
--- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
+++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
@ -6,7 +6,7 @@ keywords: ["rules, script"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Configure MDT for UserExit scripts
--- a/windows/deploy/configure-mdt-2013-settings.md
+++ b/windows/deploy/configure-mdt-2013-settings.md
@ -6,7 +6,7 @@ keywords: ["customize, customization, deploy, features, tools"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Configure MDT settings
--- a/windows/deploy/configure-mdt-deployment-share-rules.md
+++ b/windows/deploy/configure-mdt-deployment-share-rules.md
@ -6,7 +6,7 @@ keywords: ["rules, configuration, automate, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Configure MDT deployment share rules
--- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["tool, customize, deploy, boot image"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Create a custom Windows PE boot image with Configuration Manager
--- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
@ -6,7 +6,7 @@ keywords: ["deploy, upgrade, task sequence, install"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Create a task sequence with Configuration Manager and MDT
--- a/windows/deploy/create-a-windows-10-reference-image.md
+++ b/windows/deploy/create-a-windows-10-reference-image.md
@ -6,7 +6,7 @@ keywords: ["deploy, deployment, configure, customize, install, installation"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Create a Windows 10 reference image
--- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["deployment, task sequence, custom, customize"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Create an application to deploy with Windows 10 using Configuration Manager
--- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
@ -6,7 +6,7 @@ keywords: ["deployment, automate, tools, configure"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Deploy a Windows 10 image using MDT 2013 Update 2
--- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["deployment, image, UEFI, task sequence"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Deploy Windows 10 using PXE and Configuration Manager
--- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["deployment, custom, boot"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Deploy Windows 10 with System Center 2012 R2 Configuration Manager
--- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@ -6,7 +6,7 @@ keywords: ["deploy", "tools", "configure", "script"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Deploy Windows 10 with the Microsoft Deployment Toolkit
--- a/windows/deploy/deploy-windows-to-go.md
+++ b/windows/deploy/deploy-windows-to-go.md
@ -6,7 +6,7 @@ keywords: ["deployment, USB, device, BitLocker, workspace, security, data"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Deploy Windows To Go in your organization
--- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["configure, deploy, upgrade"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
--- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
@ -6,7 +6,7 @@ keywords: ["deploy", "image", "feature", "install", "tools"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Get started with the Microsoft Deployment Toolkit (MDT)
--- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
+++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
@ -6,7 +6,7 @@ keywords: ["deploy, image, customize, task sequence"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Integrate Configuration Manager with MDT 2013 Update 2
--- a/windows/deploy/key-features-in-mdt-2013.md
+++ b/windows/deploy/key-features-in-mdt-2013.md
@ -6,7 +6,7 @@ keywords: ["deploy, feature, tools, upgrade, migrate, provisioning"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Key features in MDT 2013 Update 2
--- a/windows/deploy/mdt-2013-lite-touch-components.md
+++ b/windows/deploy/mdt-2013-lite-touch-components.md
@ -6,7 +6,7 @@ keywords: ["deploy, install, deployment, boot, log, monitor"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # MDT 2013 Update 2 Lite Touch components
--- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["deploy, upgrade"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Monitor the Windows 10 deployment with Configuration Manager
--- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
+++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
@ -6,7 +6,7 @@ keywords: ["deploy, system requirements"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Prepare for deployment with MDT 2013 Update 2
--- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["install, configure, deploy, deployment"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
--- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["upgrade, install, installation, computer refresh"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
--- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
@ -6,7 +6,7 @@ keywords: ["reinstallation, customize, template, script, restore"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Refresh a Windows 7 computer with Windows 10
--- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@ -6,7 +6,7 @@ keywords: ["upgrade, install, installation, replace computer, setup"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
--- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
@ -6,7 +6,7 @@ keywords: ["deploy, deployment, replace"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Replace a Windows 7 computer with a Windows 10 computer
--- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md
+++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
@ -6,7 +6,7 @@ keywords: ["disk, encryption, TPM, configure, secure, script"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Set up MDT for BitLocker
--- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
@ -6,7 +6,7 @@ keywords: ["deploy, script,"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Simulate a Windows 10 deployment in a test environment
--- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@ -5,7 +5,7 @@ ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 keywords: ["upgrade, update, task sequence, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
-author: CFaw
+author: mtniehaus
 ---
 # Upgrade to Windows 10 with System Center Configuration Manager
--- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@ -6,7 +6,7 @@ keywords: ["upgrade, update, task sequence, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Upgrade to Windows 10 with the Microsoft Deployment Toolkit
--- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
+++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
@ -6,7 +6,7 @@ keywords: ["web services, database"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Use Orchestrator runbooks with MDT
--- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@ -6,7 +6,7 @@ keywords: ["database, permissions, settings, configure, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Use the MDT database to stage Windows 10 deployment information
--- a/windows/deploy/use-web-services-in-mdt-2013.md
+++ b/windows/deploy/use-web-services-in-mdt-2013.md
@ -6,7 +6,7 @@ keywords: ["deploy, web apps"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Use web services in MDT
--- a/windows/deploy/usmt-requirements.md
+++ b/windows/deploy/usmt-requirements.md
@ -44,24 +44,14 @@ The following table lists the operating systems supported in USMT.
 </thead>
 <tbody>
 <tr class="odd">
 <td align="left"><p>Windows® XP Professional</p></td>
 <td align="left"><p>X</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Windows XP Professional x64 Edition</p></td>
 <td align="left"><p>X</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>32-bit versions of Windows Vista</p></td>
 <td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>64-bit versions of Windows Vista</p></td>
 <td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>32-bit versions of Windows 7</p></td>
@ -101,7 +91,7 @@ The following table lists the operating systems supported in USMT.
 **Note**  
 You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system.
-USMT does not support any of the Windows Server® operating systems, Windows 2000, or any of the starter editions for Windows XP, Windows Vista, or Windows 7. In addition, USMT only supports migration from Windows XP with Service Pack 3.
+USMT does not support any of the Windows Server® operating systems, Windows 2000, Windows XP, or any of the starter editions for Windows Vista or Windows 7.
--- a/windows/deploy/usmt-scanstate-syntax.md
+++ b/windows/deploy/usmt-scanstate-syntax.md
@ -58,7 +58,7 @@ This section explains the syntax and usage of the **ScanState** command-line opt
 The **ScanState** command's syntax is:
-scanstate \[*StorePath*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
+scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
 For example:
@ -90,6 +90,14 @@ To create an encrypted store using the Config.xml file and the default migration
 <td align="left"><p>Indicates a folder where files and settings will be saved. Note that <em>StorePath</em> cannot be <strong>c:\</strong>. You must specify the <em>StorePath</em> option in the <strong>ScanState</strong> command, except when using the <strong>/genconfig</strong> option. You cannot specify more than one <em>StorePath</em> location.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>/apps</strong></p></td>
 <td align="left"><p>Scans the image for apps and includes them and their associated registry settings.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>/ppkg</strong> [<em>&lt;FileName&gt;</em>]</p></td>
 <td align="left"><p>Exports to a specific file location.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>/o</strong></p></td>
 <td align="left"><p>Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the <strong>ScanState</strong> command will fail if the migration store already contains data. You cannot use this option more than once on a command line.</p></td>
 </tr>
--- a/windows/deploy/windows-10-deployment-scenarios.md
+++ b/windows/deploy/windows-10-deployment-scenarios.md
@ -6,7 +6,7 @@ keywords: ["upgrade, in-place, configuration, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Windows 10 deployment scenarios
--- a/windows/deploy/windows-deployment-scenarios-and-tools.md
+++ b/windows/deploy/windows-deployment-scenarios-and-tools.md
@ -6,7 +6,7 @@ keywords: ["deploy, volume activation, BitLocker, recovery, install, installatio
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: CFaw
+author: mtniehaus
 ---
 # Windows 10 deployment tools
--- a/windows/keep-secure/audit-removable-storage.md
+++ b/windows/keep-secure/audit-removable-storage.md
@ -1,6 +1,6 @@
 ---
 title: Audit Removable Storage (Windows 10)
-description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines .
+description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
 ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
 ms.prod: W10
 ms.mktglfcycl: deploy
@ -15,9 +15,9 @@ author: brianlic-msft
 -   Windows 10
-This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines .
+This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines when there is a read or a write to a removable drive.
-Event volume:
+Event volume: Low
 Default: Not configured
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |New or changed topic | Description |
 |----------------------|-------------|
 |[Protect derived domain credentials with Credential Guard](credential-guard.md) |Clarified Credential Guard protections |
 |[Windows 10 security overview](windows-10-security-guide.md) |Added SMB hardening improvements for SYSVOL and NETLOGON connections |
 ## March 2016
--- a/windows/keep-secure/device-guard-deployment-guide.md
+++ b/windows/keep-secure/device-guard-deployment-guide.md
@ -5,7 +5,7 @@ ms.assetid: 4BA52AA9-64D3-41F3-94B2-B87EC2717486
 keywords: ["virtualization", "security", "malware"]
 ms.prod: W10
 ms.mktglfcycl: deploy
-author: brianlic-msft
+author: challum
 ---
 # Device Guard deployment guide
@ -585,14 +585,11 @@ Figure 11. Device Guard properties in the System Summary
 ## Catalog files
 Enforcement of Device Guard on a system requires that every trusted application have a signature or its binary hashes added to the code integrity policy. For many organizations, this can be an issue when considering unsigned LOB applications. To avoid the requirement that organizations repackage and sign these applications, Windows 10 includes a tool called Package Inspector that monitors an installation process for any deployed and executed binary files. If the tool discovers such files, it itemizes them in a catalog file. These catalog files offer you a way to trust your existing unsigned applications, whether developed in house or by a third party, as well as trust signed applications for which you do not want to trust the signer but rather the specific application. When created, these files can be signed, the signing certificates added to your existing code integrity policies, and the catalog files themselves distributed to the clients.
 **Note**  
 The Enterprise edition of Windows 10 or Windows Server 2016 is required to create and use catalog files.
 ### <a href="" id="create-catalog-files"></a>
 **Create catalog files**
@ -648,8 +645,6 @@ When you establish a naming convention it makes it easier to detect deployed cat
 **Note**  
 This scan catalogs the hash values for each discovered binary file. If the applications that were scanned are updated, complete this process again to trust the new binaries’ hash values.
 When finished, the files will be saved to your desktop. To trust this catalog file within a code integrity policy, the catalog must first be signed. Then, the signing certificate can be included in the code integrity policy, and the catalog file can be distributed to the individual client machines. Catalog files can be signed by using a certificate and SignTool.exe, a free tool available in the Windows SDK. For more information about signing catalog files with SignTool.exe, see the [Catalog signing with SignTool.exe](#catsign-signtool) section.
 ### <a href="" id="catsign-signtool"></a>
@ -668,34 +663,12 @@ If you do not have a code signing certificate, please see the [Create a Device G
 1.  Initialize the variables that will be used:
-    <span codelanguage=""></span>
+    '$ExamplePath=$env:userprofile+"\Desktop"'
    <table>
    <colgroup>
    <col width="100%" />
    </colgroup>
    <tbody>
    <tr class="odd">
    <td align="left"><pre><code>$ExamplePath=$env:userprofile+&quot;\Desktop&quot;</code></pre></td>
    </tr>
    </tbody>
    </table>
-    <span codelanguage=""></span>
+    '$CatFileName=$ExamplePath+"\LOBApp-Contoso.cat"'
    <table>
    <colgroup>
    <col width="100%" />
    </colgroup>
    <tbody>
    <tr class="odd">
    <td align="left"><pre><code>$CatFileName=$ExamplePath+&quot;\LOBApp-Contoso.cat&quot;</code></pre></td>
    </tr>
    </tbody>
    </table>
-    **Note**  
+   **Note**  
-    In this example, you use the catalog file you created in the [Create catalog files](#create-catalog-files) section. If you are signing another catalog file, be sure to update the *$ExamplePath* and *$CatFileName* variables with the correct information.
+   In this example, you use the catalog file you created in the [Create catalog files](#create-catalog-files) section. If you are signing another catalog file, be sure to update the *$ExamplePath* and *$CatFileName* variables with the correct information.
 2.  Import the code signing certificate. Import the code signing certificate that will be used to sign the catalog file to the signing user’s personal store. In this example, you use the certificate that you created in the [Create a Device Guard code signing certificate](#create-dg-code) section.
@ -750,14 +723,12 @@ To deploy a catalog file with Group Policy:
 2.  Create a new GPO: right-click the DG Enabled PCs OU, and then click **Create a GPO in this domain, and Link it here**, as shown in Figure 13.
-    **Note**  
+   **Note**  
-    The DG Enabled PCs OU is just an example of where to link the test GPO that you created in this section. You can use any OU name. Also, security group filtering is an option when you consider policy partitioning options based on the strategy discussed in the [Approach enterprise code integrity deployment](#approach-enterprise) section.
+   The DG Enabled PCs OU is just an example of where to link the test GPO that you created in this section. You can use any OU name. Also, security group filtering is an option when you consider policy partitioning options based on the strategy discussed in the [Approach enterprise code integrity deployment](#approach-enterprise) section.
-     
+   ![figure 13](images/dg-fig13-createnewgpo.png)
-    ![figure 13](images/dg-fig13-createnewgpo.png)
+   Figure 13. Create a new GPO
    Figure 13. Create a new GPO
 3.  Name the new GPO **Contoso DG Catalog File GPO Test**.
@ -1443,19 +1414,17 @@ To deploy and manage a code integrity policy with Group Policy:
 6.  In the **Display Code Integrity Policy** dialog box, select the **Enabled** option, and then specify the code integrity policy deployment path.
-    In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. This example copied the DeviceGuardPolicy.bin file onto the test machine and will enable this setting and use the file path C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 26.
+   In this policy setting, you specify either the local path in which the policy will exist on the client computer or a Universal Naming Convention (UNC) path that the client computers will look to retrieve the latest version of the policy. This example copied the DeviceGuardPolicy.bin file onto the test machine and will enable this setting and use the file path C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 26.
-    **Note**  
+   **Note**  
-    *DeviceGuardPolicy.bin* is not a required policy name: It was simply used in the [Create code integrity policies from golden PCs](#create-code-golden) section and so is used here, as well. Also, this policy file does not need to be copied to every computer. Alternatively, you can copy the code integrity policies to a file share to which the computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers.
+   *DeviceGuardPolicy.bin* is not a required policy name: It was simply used in the [Create code integrity policies from golden PCs](#create-code-golden) section and so is used here, as well. Also, this policy file does not need to be copied to every computer. Alternatively, you can copy the code integrity policies to a file share to which the computer accounts have access. Any policy selected here is converted to SIPolicy.p7b when it is deployed to the individual client computers.
-     
+   ![figure 26](images/dg-fig26-enablecode.png)
-    ![figure 26](images/dg-fig26-enablecode.png)
+   Figure 26. Enable the code integrity policy
-    Figure 26. Enable the code integrity policy
+   **Note**  
-
+   You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the Windows 10 client computers. Make your code integrity policies friendly and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository.
    **Note**  
    You may have noticed that the GPO setting references a .p7b file and this example uses a .bin file for the policy. Regardless of the type of policy you deploy (.bin, .p7b, or .p7), they are all converted to SIPolicy.p7b when dropped on the Windows 10 client computers. Make your code integrity policies friendly and allow the system to convert the policy names for you to ensure that the policies are easily distinguishable when viewed in a share or any other central repository.
--- a/windows/keep-secure/index.md
+++ b/windows/keep-secure/index.md
@ -62,7 +62,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
 </tr>
 <tr class="odd">
 <td align="left"><p>[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)</p></td>
-<td align="left"><p>With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
+<td align="left"><p>With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)</p></td>
--- a/windows/keep-secure/protect-enterprise-data-using-edp.md
+++ b/windows/keep-secure/protect-enterprise-data-using-edp.md
@ -17,7 +17,7 @@ author: eross-msft
 <span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.
+With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
 Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside EDP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@ -6,7 +6,7 @@ keywords: ["security", "BYOD", "malware", "device health attestation", "mobile"]
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: brianlic-msft
+author: arnaudjumelet
 ---
 # Control the health of Windows 10-based devices
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@ -31,7 +31,15 @@ Trusted Platform Module (TPM) technology is designed to provide hardware-based,
 The most common TPM functions are used for system integrity measurements and for key creation and use. During the boot process of a system, the boot code that is loaded (including firmware and the operating system components) can be measured and recorded in the TPM. The integrity measurements can be used as evidence for how a system started and to make sure that a TPM-based key was used only when the correct software was used to boot the system.
-Different versions of the TPM are defined in specifications by the Trusted Computing Group (TCG).
+Traditionally, TPMs have been discrete chips soldered to a computer’s motherboard. Such implementations allow the computer’s original equipment manufacturer (OEM) to evaluate and certify the TPM separate from the rest of the system. Although discrete TPM implementations are still common, they can be problematic for integrated devices that are small or have low power consumption. Some newer TPM implementations integrate TPM functionality into the same chipset as other platform components while still providing logical separation similar to discrete TPM chips.
 TPMs are passive: they receive commands and return responses. To realize the full benefit of a TPM, the OEM must carefully integrate system hardware and firmware with the TPM to send it commands and react to its responses. TPMs were originally designed to provide security and privacy benefits to a platform’s owner and users, but newer versions can provide security and privacy benefits to the system hardware itself. Before it can be used for advanced scenarios, however, a TPM must be provisioned. Windows 10 automatically provisions a TPM, but if the user reinstalls the operating system, he or she may need to tell the operating system to explicitly provision the TPM again before it can use all the TPM’s features.
 The Trusted Computing Group (TCG) is the nonprofit organization that publishes and maintains the TPM specification. The TCG exists to develop, define, and promote vendor-neutral, global industry standards that support a hardware-based root of trust for interoperable trusted computing platforms. The TCG also publishes the TPM specification as the international standard ISO/IEC 11889, using the Publicly Available Specification Submission Process that the Joint Technical Committee 1 defines between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
 OEMs implement the TPM as a component in a trusted computing platform, such as a PC, tablet, or phone. Trusted computing platforms use the TPM to support privacy and security scenarios that software alone cannot achieve. For example, software alone cannot reliably report whether malware is present during the system startup process. The close integration between TPM and platform increases the transparency of the startup process and supports evaluating device health by enabling reliable measuring and reporting of the software that starts the device. Implementation of a TPM as part of a trusted computing platform provides a hardware root of trust—that is, it behaves in a trusted way. For example, if a key stored in a TPM has properties that disallow exporting the key, that key truly cannot leave the TPM.
 The TCG designed the TPM as a low-cost, mass-market security solution that addresses the requirements of different customer segments. There are variations in the security properties of different TPM implementations just as there are variations in customer and regulatory requirements for different sectors. In public-sector procurement, for example, some governments have clearly defined security requirements for TPMs whereas others do not.
 **Note**  
 Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
@ -41,11 +49,10 @@ Some information relates to pre-released product which may be substantially modi
 ## TPM 1.2 vs. 2.0 comparison
-From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0. As indicated in the table below, TPM 2.0 has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM.
+From an industry standard, Microsoft has been an industry leader in moving and standardizing on TPM 2.0, which has many key realized benefits across algorithms, crypto, hierarchy, root keys, authorization and NV RAM.
 ## Why TPM 2.0?
 TPM 2.0 products and systems have important security advantages over TPM 1.2, including:
 -   The TPM 1.2 spec only allows for the use of RSA and the SHA-1 hashing algorithm.
@ -65,7 +72,6 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 ## Discrete or firmware TPM?
 Windows uses discrete and firmware TPM in the same way. Windows gains no functional advantage or disadvantage from either option.
 From a security standpoint, discrete and firmware share the same characteristics;
@ -77,20 +83,22 @@ From a security standpoint, discrete and firmware share the same characteristics
 For more info, see [fTPM: A Firmware-based TPM 2.0 Implementation](http://research.microsoft.com/apps/pubs/?id=258236).
-## TPM 2.0 Compliance for Windows 10 in the future
+## Is there any importance for TPM for consumer?
 For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, secures streaming high quality 4K content and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
-
+## TPM 2.0 Compliance for Windows 10
 All shipping devices for Windows 10 across all SKU types must be using TPM 2.0 discrete or firmware from **July 28, 2016**. This requirement will be enforced through our Windows Hardware Certification program.
 ### Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)
-   With Windows 10 as with Windows 8, all connected standby systems are required to include TPM 2.0 support.
+- As of July 28, 2016, all new device models, lines or series (or if you are updating the hardware configuration of a existing model, line or series with a major update, such as CPU, graphic cards) must implement and enable by default TPM 2.0 (details in section 3.7, https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx)
-   For Windows 10 and later, if a SoC is chosen that includes an integrated fTPM2.0, the device must ship with the fTPM FW support or a discrete TPM 1.2 or 2.0.
+ 
-   Starting **July 28th, 2016** all devices shipping with Windows 10 desktop must implement TPM 2.0 and ship with the TPM enabled.
+## Two implementation options: 
 •	Discrete TPM chip as a separate discrete component 
 •	Firmware TPM solution using Intel PTT (platform trust technology) or AMD 
 ### Windows 10 Mobile
-   All devices shipping with Windows 10 Mobile must implement TPM 2.0 and ship with the TPM enabled.
+-   All devices shipping with Windows 10 Mobile must implement TPM 2.0 and ship with the TPM 2.0 enabled.
 ### IoT Core
@ -102,7 +110,6 @@ All shipping devices for Windows 10 across all SKU types must be using TPM 2.0 d
 ## TPM and Windows Features
 The following table defines which Windows features require TPM support. Some features are not applicable to Windows 7/8/8.1 and are noted accordingly.
 <table>
@ -124,7 +131,7 @@ The following table defines which Windows features require TPM support. Some fea
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left">Measure Boot</td>
+<td align="left">Measured Boot</td>
 <td align="left">Required</td>
 <td align="left">Required</td>
 <td align="left">Required</td>
@ -147,7 +154,7 @@ The following table defines which Windows features require TPM support. Some fea
 <tr class="even">
 <td align="left">Passport: MSA or Local Account</td>
 <td align="left">n/a</td>
-<td align="left">Not Required</td>
+<td align="left">Required</td>
 <td align="left">Required</td>
 <td align="left">TPM 2.0 is required with HMAC and EK certificate for key attestation support.</td>
 </tr>
@ -175,7 +182,7 @@ The following table defines which Windows features require TPM support. Some fea
 <tr class="even">
 <td align="left">Device Health Attestation</td>
 <td align="left">n/a</td>
-<td align="left">Not Required</td>
+<td align="left">Required</td>
 <td align="left">Required</td>
 <td align="left"></td>
 </tr>
@ -240,6 +247,7 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 <td align="left"><ul>
 <li>Infineon</li>
 <li>Nuvoton</li>
 <li>Atmel</li>
 <li>NationZ</li>
 <li>ST Micro</li>
 </ul></td>
@ -274,11 +282,12 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 <tr class="even">
 <td align="left">Intel</td>
 <td align="left"><ul>
-<li>Clovertrail</li>
+<li>Atom (CloverTrail)
 <li>Haswell</li>
 <li>Broadwell</li>
 <li>Skylake</li>
 <li>Baytrail</li>
 <li>4th generation(Haswell)</li>
 <li>5th generation(Broadwell)</li>
 <li>Braswell</li>
 <li>Skylake</li>
 </ul></td>
 </tr>
 <tr class="odd">
@ -301,7 +310,7 @@ There are a variety of TPM manufacturers for both discrete and firmware.
 ### Certified TPM parts
-Government customers and enterprise customers in regulated industries may have acquisition standards that require use of common certified TPM parts. As a result, OEMs, who provide the devices, may be required to use only certified TPM components on their commercial class systems. Discrete TPM 2.0 vendors have targeted completion of certification by the end of 2015.
+Government customers and enterprise customers in regulated industries may have acquisition standards that require use of common certified TPM parts. As a result, OEMs, who provide the devices, may be required to use only certified TPM components on their commercial class systems. Discrete TPM 2.0 vendors have completion certification.
 ### Windows 7 32-bit support
--- a/windows/keep-secure/windows-10-enterprise-security-guides.md
+++ b/windows/keep-secure/windows-10-enterprise-security-guides.md
@ -5,7 +5,7 @@ ms.assetid: 57134f84-bd4b-4b1d-b663-4a2d36f5a7f8
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: brianlic-msft
+author: challum
 ---
 # Enterprise security guides
--- a/windows/keep-secure/windows-10-mobile-security-guide.md
+++ b/windows/keep-secure/windows-10-mobile-security-guide.md
@ -6,7 +6,7 @@ keywords: ["data protection, encryption, malware resistance, smartphone, device,
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: brianlic-msft
+author: AMeeus
 ---
 # Windows 10 Mobile security guide
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@ -6,7 +6,7 @@ keywords: ["configure", "feature", "file encryption"]
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: brianlic-msft
+author: challum
 ---
 # Windows 10 security overview
@ -345,17 +345,16 @@ Table 3 lists specific malware threats and the mitigation that Windows 10 provi
 Table 3. Threats and Windows 10 mitigations
 <table>
 <colgroup>
 <col width="50%" />
 <col width="50%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Threat</th>
 <th align="left">Windows 10 mitigation</th>
 </tr>
 </thead>
-<tbody>
+<tbody><tr class="odd">
 <td align="left"><p>"Man in the middle" attacks, when an attacker reroutes communications between two users through the attacker's computer without the knowledge of the two communicating users</p></td>
 <td align="left"><p>Client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require SMB signing and mutual authentication (such as Kerberos).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Firmware bootkits replace the firmware with malware.</p></td>
 <td align="left"><p>All certified PCs include a UEFI with Secure Boot, which requires signed firmware for updates to UEFI and Option ROMs.</p></td>
@ -395,6 +394,22 @@ Table 3. Threats and Windows 10 mitigations
 The sections that follow describe these improvements in more detail.
 **SMB hardening improvements for SYSVOL and NETLOGON connections**
 In Windows 10 and Windows Server 2016 Technical Preview, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require Server Message Block (SMB) signing and mutual authentication (such as Kerberos).
 - **What value does this change add?**
 This change reduces the likelihood of man-in-the-middle attacks.
 - **What works differently?**
 If SMB signing and mutual authentication are unavailable, a Windows 10 or Windows Server 2016 computer won’t process domain-based Group Policy and scripts.
 > **Note:** The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
 For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](http://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=789215).
 **Secure hardware**
 Although Windows 10 is designed to run on almost any hardware capable of running Windows 8, Windows 7, or Windows Vista, taking full advantage of Windows 10 security requires advancements in hardware-based security, including UEFI with Secure Boot, CPU virtualization features (for example, Intel VT-x), CPU memory-protection features (for example, Intel VT-d), TPM, and biometric sensors.
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@ -36,6 +36,7 @@
 #### [Settings reference: Windows Store for Business](settings-reference-windows-store-for-business.md)
 ### [Find and acquire apps](find-and-acquire-apps-overview.md)
 #### [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md)
 #### [Acquire apps in the Windows Store for Business](acquire-apps-windows-store-for-business.md)
 #### [Working with line-of-business apps](working-with-line-of-business-apps.md)
 ### [Distribute apps to your employees from the Windows Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md)
 #### [Distribute apps using your private store](distribute-apps-from-your-private-store.md)
@ -43,8 +44,9 @@
 #### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
 #### [Distribute offline apps](distribute-offline-apps.md)
 ### [Manage apps](manage-apps-windows-store-for-business-overview.md)
 #### [Manage access to private store](manage-access-to-private-store.md)
 #### [App inventory managemement for Windows Store for Business](app-inventory-managemement-windows-store-for-business.md)
 #### [Manage app orders in Windows Store for Business](manage-orders-windows-store-for-business.md)
 #### [Manage access to private store](manage-access-to-private-store.md)
 #### [Manage private store settings](manage-private-store-settings.md)
 #### [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md)
 ### [Device Guard signing portal](device-guard-signing-portal.md)
--- a/windows/manage/acquire-apps-windows-store-for-business.md
+++ b/windows/manage/acquire-apps-windows-store-for-business.md
@ -0,0 +1,51 @@
 ---
 title: Acquire apps in Windows Store for Business (Windows 10)
 description: As an admin, you can acquire apps from the Windows Store for Business for your employees. Some apps are free, and some have a price. For info on app types that are supported, see Apps in the Windows Store for Business.
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
 # Acquire apps in Windows Store for Business
 As an admin, you can acquire apps from the Windows Store for Business for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md).
 ## App licensing model
 The Business store supports two options to license apps: online and offline. **Online** licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require users and devices to connect to the Store for Business service to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center.
 For more information, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md). 
 ## Payment options
 Some apps are free, and some have a price. Apps can be purchased in the Windows Store for Business using your credit card. You can enter your credit card information on **Account Information**, or when you purchase an app. Currently, we accept these credit cards:
 - VISA 
 - MasterCard 
 - Discover 
 - American Express 
 - Japan Commercial Bureau (JCB)
 ## Organization info
 There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information**  page before you buy apps. If you haven’t provided it, we’ll ask when you make a purchase. Either way works. Here’s the info you’ll need to provide:
 - Legal business address
 - Payment option (credit card)
 You can add payment info on **Account information**. If you don’t have one saved with your account, you’ll be prompted to provide one when you buy an app.
 ## Acquire apps
 To acquire an app  
 1.	Log in to http://businessstore.microsoft.com
 2.	Click Shop, or use Search to find an app. 
 3.	Click the app you want to purchase. 
 4.	On the product description page, choose your license type - either online or offline. 
 5. Free apps will be added to Inventory. For apps with a price, you can set the quantity you want to buy. Type the quantity and click **Next**.
 6.	If you don’t have a payment method saved in Account settings, Store for Business will prompt you for one.
 7.	Add your credit card or debit card info, and click **Next**. Your card info is saved as a payment option on **Account information**.
 You’ll also need to have your business address saved on **Account information**. The address is used to generate tax rates. For more information on taxes for apps, see organization tax information. 
 Store for Business adds the app to your inventory. From **Inventory**, you can:
 - Distribute the app: add to private store, or assign licenses
 - View app licenses: review current licenses, reclaim and reassign licenses
 - View app details: review the app details page and purchase more licenses
 For info on distributing apps, see [Distribute apps to your employees from the Windows Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md).
 For info on offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
--- a/windows/manage/app-inventory-managemement-windows-store-for-business.md
+++ b/windows/manage/app-inventory-managemement-windows-store-for-business.md
@ -105,11 +105,6 @@ Each app in the Store for Business has an online, or an offline license. For mor
 **Note**  
 Removing apps from inventory is not currently supported.
 The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
 ### Distribute apps
@ -122,15 +117,45 @@ For online-licensed apps, there are a couple of ways to distribute apps from you
 If you use a management tool that supports Store for Business, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
-### Assign apps
+Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
-You can assign apps directly to people in your organization. You can assign apps to individuals, a few people, or to a group. For more information, see [Assign apps to employees](assign-apps-to-employees.md).
+**To make an app in inventory available in your private store**
-### Private store
+1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
 4.	From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
-The private store is a feature in the Store for Business. Once an online-licensed app is in your inventory, you can make it available in your private store. When you add apps to the private store, all employees in your organization can view and download the app. Employees access the private store as a page in Windows Store app.
+The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store. 
-For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
+Employees can claim apps that admins added to the private store by doing the following.
 **To claim an app from the private store**
 1.	Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
 2.	Click the private store tab.
 3.	Click the app you want to install, and then click **Install**.
 Another way to distribute apps is by assigning them to people in your organization.
 If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
 **To remove an app from the private store**
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
 The app will still be in your inventory, but your employees will not have access to the app from your private store. 
 **To assign an app to an employee**
 1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
 4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
 Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
 ### Manage app licenses
--- a/windows/manage/apps-in-windows-store-for-business.md
+++ b/windows/manage/apps-in-windows-store-for-business.md
@ -47,6 +47,13 @@ Apps in your inventory will have at least one of these supported platforms liste
 Apps that you acquire from the Store for Business only work on Windows 10-based devices. Even though an app might list Windows 8 as its supported platform, that tells you what platform the app was originally written for. Apps developed for Windows 8, or Windows phone 8 will work on Windows 10.
 Some apps are free, and some apps charge a price. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time.
 Some apps which are available to consumers in the Windows Store might not be available to organizations in the Windows Store for Business. App developers can opt-out their apps, and they also need to meet eligibility requirements for Windows Store for Business. For more information, read this info on [Organizational licensing options](https://msdn.microsoft.com/en-us/windows/uwp/publish/organizational-licensing). 
 **Note**<br>
 We are still setting up the catalog of apps for Windows Store for Business. If you are searching for an app and it isn’t available, please check again in a couple of days.
 Line-of-business (LOB) apps are also supported using the Store for Business. Admins can invite IT devs and ISVs to be LOB publishers. Apps developed by your LOB publishers that are submitted to the Store are only available to your organization. Once an administrator accepts an app submitted by one of their LOB publishers, the app can be distributed just like any other app from Store for Business. For more information, see Working with Line-of-Business apps.
 ## <a href="" id="iap"></a>In-app purchases
--- a/windows/manage/assign-apps-to-employees.md
+++ b/windows/manage/assign-apps-to-employees.md
@ -28,7 +28,7 @@ Administrators can assign online-licensed apps to employees in their organizatio
 4.  Type the email address for the employee that you're assigning the app to, and click **Confirm**.
-Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**.
+Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
--- a/windows/manage/disconnect-your-organization-from-microsoft.md
+++ b/windows/manage/disconnect-your-organization-from-microsoft.md
@ -370,7 +370,7 @@ You can prevent Windows from setting the time automatically.
    -or-
-   Create a REG\_DWORD registry setting called **NoSync** in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters**, with a value of 1.
+-   Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters** with a value of **NoSync**.
 ### <a href="" id="bkmk-devinst"></a>3. Device metadata retrieval
@ -1549,7 +1549,7 @@ You can set your organization's devices to use 1 of 4 telemetry levels:
 -   [Full](#bkmk-utc-full)
-For more info about these telemetry levels, see [Telemetry levels](#bkmk-telemetrylevels). In Windows 10 Enterprise, Windows 10 Education, and IoT Core, the default telemetry level is [Enhanced](#bkmk-utc-enhanced).
+For more info about these telemetry levels, see [Telemetry levels](#bkmk-telemetrylevels). If you choose Express settings during installation, your device is configured for the Full telemetry level. In Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core, unattended installations configure your device for the Enhanced telemetry level.
 **Important**  
 These telemetry levels only apply to Windows components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. App publishers must let people know about how they use their telemetry, ways to opt in or opt out, and they must separately document their privacy policies.
--- a/windows/manage/distribute-offline-apps.md
+++ b/windows/manage/distribute-offline-apps.md
@ -34,7 +34,7 @@ Offline-licensed apps offer an alternative to online apps, and provide additiona
 You can't distribute offline-licensed apps directly from the Store for Business. Once you download the items for the offline-licensed app, you have three options for distributing the apps:
-   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft WindowsWindows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/library/windows/hardware/dn898558.aspx).
+-   **Deployment Image Servicing and Management**. DISM is a command-line tool that is used to mount and service Microsoft WindowsWindows images before deployment. You can also use DISM to install, uninstall, configure, and update Windows features, packages, drivers, and international settings in a .wim file or VHD using the DISM servicing commands. DISM commands are used on offline images. For more information, see [Deployment Image Servicing and Management](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows).
 -   **Windows ICD**. ICD is GUI tool that you can use to create Windows provisioning answer files, and add third-party drivers, apps, or other assets to an answer file. For more information, see [Windows Imaging and Configuration Designer](https://msdn.microsoft.com/library/windows/hardware/dn916113.aspx).
--- a/windows/manage/images/wsfb-paid-app-temp.png
+++ b/windows/manage/images/wsfb-paid-app-temp.png
--- a/windows/manage/manage-inventory-windows-store-for-business.md
+++ b/windows/manage/manage-inventory-windows-store-for-business.md
@ -0,0 +1,70 @@
 ---
 title: Manage inventory in Windows Store for Business (Windows 10)
 description: When you acquire apps from the Windows Store for Business, we add them to the Inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
 redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/app-inventory-management-windows-store-for-business
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
 # Manage inventory in Window Store for Business
 When you acquire apps from the Windows Store for Business, we add them to the inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
 ## Distribute apps
 You can assign apps to people, or you can make apps available in your private store. Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
 **To make an app in inventory available in your private store**
 1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
 4.	From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
 The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store. 
 Employees can claim apps that admins added to the private store by doing the following.
 **To claim an app from the private store**
 1.	Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
 2.	Click the private store tab.
 3.	Click the app you want to install, and then click **Install**.
 Another way to distribute apps is by assigning them to people in your organization. 
 **To assign an app to an employee**
 1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
 4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
 Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**. 
 ## Manage licenses
 For apps in inventory, when you assign an app to an employee, a license for the app is assigned to them. You can manage these licenses, either by assigning them, or reclaiming them so you can assign them to another employee. You can also remove an app from the private store. 
 **To assign licenses**
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **View license details**.
 4.  Click **Assign to people**, type the name you are assigning the license to, and then click **Assign**. 
 Store for Business assigns a license to the person, and adds them to the list of assigned licenses. 
 **To reclaim licenses**
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **View license details**.
 4.  Click the name of the person you are reclaiming the license from, and then click **Reclaim licenses**. 
 Store for Business reclaims the license, and updates the number of avialable licenses. After you reclaim a license, you can assign a license to another employee. 
 **To remove an app from the private store**
 If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store. 
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
 The app will still be in your inventory, but your employees will not have access to the app from your private store. 
--- a/windows/manage/manage-orders-windows-store-for-business.md
+++ b/windows/manage/manage-orders-windows-store-for-business.md
@ -0,0 +1,70 @@
 ---
 title: Manage app orders in Windows Store for Business (Windows 10)
 description: You can view your order history with Windows Store for Business. 
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
 # Manage app orders in Windows Store for Business
 After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can buy more license for an app, view invoices, and request refunds. 
 **Order history** lists orders in chronological order and shows:
 - Date ordered
 - Product name
 - Product publisher
 - Total cost
 - Order status. 
 Click to expand an order, and the following info is available:
 - Who purchased the app
 - Order number
 - Quantity purchased
 - Cost breakdown
 - Links to view your invoice, buy more, or request a refund
 ## Invoices
 Invoices for orders are available approximatley 24 hours after your purchase. The link opens a .pdf that you can save for your records.  
 ## Buy more licenses
 You can purchase more copies of apps that are in your order history. 
 **To buy more licenses** 
 1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Order history**.
 3.  Click an order, and then click **Buy more**.
 You can buy more copies of the app from the product page. 
 ## Refund an order
 Refunds work a little differently for free apps, and apps that have a price. In both cases, you must reclaim licenses before requesting a refund.  
 **Refunds for free apps**
 For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory. 
 **Refunds for apps that have a price**
 There are a few requirements for apps that have a price:
 - **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30.
 - **Avaialble licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization.
 - **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory.  
 **To refund an order**
 Reclaim licenses, and then request a refund. If you haven't assigned licenses, start on step 5. 
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Manage**, and then choose **Inventory**.
 3.	Find the app you want to refund, click the ellipses under **Action**, and then choose **View license details**.
 4.  Select the number of licenses you need to reclaim, and then click **Reclaim licenses**. 
 5.	Click **Manage**, and then choose **Order history**.
 6.	Click the order you want to refund, and click **Refund order**.
 For free apps, the app will be removed from your inventory. 
 For apps with a price, your payment option will be refunded with the cost of the app, and the app will be removed from your inventory.  
--- a/windows/manage/settings-reference-windows-store-for-business.md
+++ b/windows/manage/settings-reference-windows-store-for-business.md
@ -21,11 +21,10 @@ The Windows Store for Business has a group of settings that admins use to manage
 |                      |                                                                                                                                                                                                                                                                                                                                                                                                                    |
 |----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Setting              | Description                                                                                                                                                                                                                                                                                                                                                                                                        |
-| Account information  | Provides info on these configured settings for your Store for Business account . These settings include: country or region, default domain, organization name, and language preference. You can make updates to these settings with Office 365 or Azure management portals. For more information, see [Manage settings for the Windows Store for Business](manage-settings-windows-store-for-business.md). |
+| Account information  | Manage organization and payment option information. For more information, see [Manage settings for the Windows Store for Business](manage-settings-windows-store-for-business.md).<p>Configure whether or not to make offline-licensed apps available in the Store for Business. For more information, see [Distribute offline apps](distribute-offline-apps.md).|
 | Device Guard signing | Use the Device Guard signing portal to add unsigned apps to a code integrity policy, or to sign code integrity policies. For more information, see [Device Guard signing portal](device-guard-signing-portal.md).                                                                                                                                                                                                 |
 | LOB publishers       | Invite devs to become LOB publishers for your organization. Existing LOB publishers are listed on the page, and you can deactivate or invite them again. For more information, see [Work with line-of-business apps](working-with-line-of-business-apps.md).                                                                                                                                                      |
 | Management tools     | Management tools that are synced with Azure AD are listed on this page. You can choose one to use for managing app updates and distribution. For more information, see [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md).                                                                                                                                                                                       |
 | Offline licensing    | Configure whether or not to make offline-licensed apps available in the Store for Business. For more information, see [Distribute offline apps](distribute-offline-apps.md).                                                                                                                                                                                                                                      |
 | Permissions          | Manage permissions for your employees. For more information, see [Roles and permissions in the Windows Store for Business](roles-and-permissions-windows-store-for-business.md).                                                                                                                                                                                                                           |
 | Private store        | Update the name for your private store. The new name will be displayed on a tab in the Store. For more information, see [Manage private store settings](manage-private-store-settings.md).                                                                                                                                                                                                                        |
--- a/windows/manage/update-windows-store-for-business-account-settings.md
+++ b/windows/manage/update-windows-store-for-business-account-settings.md
@ -1,7 +1,6 @@
 ---
 title: Update Windows Store for Business account settings (Windows 10)
 description: The Account information page in Windows Store for Business shows information about your organization that you can update, including country or region, organization name, default domain, and language preference.
 ms.assetid: CEFFF451-D7D2-4A35-AF28-4A72B9582585
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
@ -16,39 +15,124 @@ author: TrudyHa
 -   Windows 10
 -   Windows 10 Mobile
-The **Account information** page in Windows Store for Business shows information about your organization that you can update, including: country or region, organization name, default domain, and language preference. These are settings in the Azure AD directory that you used when signing up for Store for Business
+The **Account information** page in Windows Store for Business allows you to manage organization information, payment options, and offline licensing settings. The organization information and payment options are required before you can acquire apps that have a price.
-If you need to change any of these settings, you can use Office 365 admin portal, or Azure admin portal.
+## Organization information
-**To make updates to Store for Business directory settings in Office 365**
+We’ll need your business address, email contact, and tax-exemption certificates that apply to your country or locale.
-1.  [Sign in to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=708616) with your work or school account.
+**Business address and email contact**<br>Before purchasing apps that have a fee, you need to add or update your organization's business address, and contact email address . 
-2.  Go to the [Office 365 admin center](http://go.microsoft.com/fwlink/p/?LinkId=708620).
+We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through the Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in the Windows Store for Business. If we don’t have an address,we’ll ask you to enter it during your first purchase. 
-3.  Select your organization's name on the right side of the page.
+We need an email address in case we need to contact you about your Store for Business account. This email account should reach the admin for your organization’s O365 or Azure AD tenant that is used with Store for Business. 
-4.  Change the information you want to update, and then click **Save.**
+To update Organization information, click **Edit organization information**.
-For more information about updating organization information, see [Change your organization's address, technical contact email, and other information](http://go.microsoft.com/fwlink/p/?LinkId=708621).
+## Organization tax information ##   
 Taxes for Windows Store for Business purchases are determined by your business address. Businesses in these countries can provide their VAT number or local equivalent:
 - Austria
 - Belgium
 - Croatia
 - Czech Republic
 - Denmark
 - Finland
 - France
 - Germany
 - Greece
 - Hungary
 - Ireland
 - Italy
 - Malta
 - Netherlands
 - Norway
 - Poland
 - Portugal
 - Romania
 - Slovakia
 - South Africa
 - Spain
 - Sweden
 - Switzerland
 - United Kingdom
-**To make updates to Store for Business directory settings in Azure management portal**
+These countries can provide their VAT number or local equivalent in **Account information**. However, they can only acquire free apps.  
-1.  Sign in to the Azure Portal as Administrator.
+|Market| Tax identifier |
-
+|------|----------------|
-2.  Click **Active Directory**.
+| Brazil | CPNJ (required), CCMID  (optional) |
-
+| India | CST ID, VAT ID |
-3.  On the **Directory** tab, choose your directory
+| Taiwan | Unified business number|
 4.  Click the **Configure** tab.
 For more information about updating organization information, see [Add your own domain name in Azure AD](http://go.microsoft.com/fwlink/p/?LinkId=708622).
 **Tax-exempt status** 
 If you qualify for tax-exempt status in your market, start a service request to establish tax exempt status for your organization. 
 **To start a service request**
 1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
 2.	Click **Support**, and then under **Store or account support** click **Start a service request**.
 You’ll need this documentation:
 |Country or locale | Documentation |
 |------------------|----------------|
 | United States | Sales Tax Exemption Certificate |
 | Canada | Certificate of Exemption (or equivalent letter of authorization) |
 | Ireland | 13B/56A Tax Exemption Certificate| 
 | International organizations that hold tax exaemption | Certification / letter confirmation from local tax authorities |
 **Calculating tax**
 Sales taxes are calculated against the unit price, and then aggregated. 
 For example:<br>
 (unit price X tax rate) X quantity = total sales tax
 -or-
 ($1.29 X .095) X 100 = $12.25
 ##Payment options##
 You can purchase apps from the Windows Store for Business using your credit card. You can enter your credit card information on Account Information, or when you purchase an app. We currently accept these credit cards: 
 1.	VISA 
 2.	MasterCard 
 3.	Discover 
 4.	American Express 
 5.	Japan Commercial Bureau (JCB)
 **Note**:<br>
 Not all cards available in all countries. When you add a payment option, Store for Business shows which cards are available in your region.  
 **To add a new payment option** 
 1.	Sign in to [Store for Business](http://businessstore.microsoft.com). 
 2.	Click **Settings**, and then click **Account information**. 
 3.  Under **My payment options**, tap or click **Show my payment options**, and then select the type of credit card that you want to add. 
 4.	Add information to any required fields, and then click **Next**. 
 Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. 
 **Note**: <br>When adding credit or debit cards, you may be prompted to enter a CVV . The CVV is only used for verification purposes and is not stored in our systems after validation. 
 **To update a payment option**: 
 1.	Sign in to [Store for Business](http://businessstore.microsoft.com). 
 2.	Click **Settings**, and then click **Account information**. 
 3.	Under My payment options > Credit Cards, select the payment option that you want to update, and then click Update. 
 4.	Enter any updated information in the appropriate fields, and then click Next. 
 Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. 
 **Note**:<br> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time or have a low balance.
 ##Offline licensing##
 Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Store for Business. This model means organizations can deploy apps when users or devices do not have connectivity to the Store. 
 You have the following distribution options for offline-licensed apps:
 - Include the app in a provisioning package, and then use it as part of imaging a device.
 - Distribute the app through a management tool. 
 For more information, see [Distribute apps to your employees from the Store for Business](distribute-apps-with-management-tool.md).
--- a/windows/manage/windows-10-start-layout-options-and-policies.md
+++ b/windows/manage/windows-10-start-layout-options-and-policies.md
@ -57,7 +57,7 @@ The following table lists the different parts of Start and any applicable policy
 <p>-and-</p>
 <p>Dynamically inserted app tile</p></td>
 <td align="left"><p>MDM: <strong>Allow Windows Consumer Features</strong></p>
-<p>Group Policy: <strong>Computer Configuration</strong>\<strong>Administrative Templates</strong>\<strong>Windows Components</strong>\<strong>Cloud Content</strong>\<strong>Turn off Microsoft consumer experiences</strong></p>
+<p>Group Policy: <strong>Computer Configuration</strong>\\<strong>Administrative Templates</strong>\\<strong>Windows Components</strong>\\<strong>Cloud Content</strong>\\<strong>Turn off Microsoft consumer experiences</strong></p>
 <div class="alert">
 <strong>Note</strong>  
 <p>This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu.</p>
--- a/windows/plan/best-practice-recommendations-for-windows-to-go.md
+++ b/windows/plan/best-practice-recommendations-for-windows-to-go.md
@ -6,7 +6,7 @@ keywords: ["best practices, USB, device, boot"]
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Best practice recommendations for Windows To Go
--- a/windows/plan/chromebook-migration-guide.md
+++ b/windows/plan/chromebook-migration-guide.md
@ -6,7 +6,7 @@ keywords: ["migrate", "automate", "device"]
 ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
-author: TrudyHa
+author: craigash
 ---
 # Chromebook migration guide
--- a/windows/plan/deployment-considerations-for-windows-to-go.md
+++ b/windows/plan/deployment-considerations-for-windows-to-go.md
@ -6,7 +6,7 @@ keywords: ["deploy, mobile, device, USB, boot, image, workspace, driver"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Deployment considerations for Windows To Go
--- a/windows/plan/prepare-your-organization-for-windows-to-go.md
+++ b/windows/plan/prepare-your-organization-for-windows-to-go.md
@ -6,7 +6,7 @@ keywords: ["mobile, device, USB, deploy"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Prepare your organization for Windows To Go
--- a/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
@ -6,7 +6,7 @@ keywords: ["mobile, device, USB, secure, BitLocker"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Security and data protection considerations for Windows To Go
--- a/windows/plan/windows-10-compatibility.md
+++ b/windows/plan/windows-10-compatibility.md
@ -6,7 +6,7 @@ keywords: ["deploy", "upgrade", "update", "appcompat"]
 ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Windows 10 compatibility
--- a/windows/plan/windows-10-deployment-considerations.md
+++ b/windows/plan/windows-10-deployment-considerations.md
@ -6,7 +6,7 @@ keywords: ["deploy", "upgrade", "update", "in-place"]
 ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Windows 10 deployment considerations
--- a/windows/plan/windows-10-guidance-for-education-environments.md
+++ b/windows/plan/windows-10-guidance-for-education-environments.md
@ -5,7 +5,7 @@ ms.assetid: 225C9D6F-9329-4DDF-B447-6CE7804E314E
 ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
-author: TrudyHa
+author: craigash
 ---
 # Guidance for education environments
--- a/windows/plan/windows-10-infrastructure-requirements.md
+++ b/windows/plan/windows-10-infrastructure-requirements.md
@ -6,7 +6,7 @@ keywords: ["deploy", "upgrade", "update", "hardware"]
 ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Windows 10 infrastructure requirements
--- a/windows/plan/windows-10-servicing-options.md
+++ b/windows/plan/windows-10-servicing-options.md
@ -6,7 +6,7 @@ keywords: ["deploy", "upgrade", "update", "servicing"]
 ms.prod: W10
 ms.mktglfcycl: plan
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Windows 10 servicing options
--- a/windows/plan/windows-to-go-frequently-asked-questions.md
+++ b/windows/plan/windows-to-go-frequently-asked-questions.md
@ -6,7 +6,7 @@ keywords: ["FAQ, mobile, device, USB"]
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Windows To Go: frequently asked questions
--- a/windows/plan/windows-to-go-overview.md
+++ b/windows/plan/windows-to-go-overview.md
@ -6,7 +6,7 @@ keywords: ["workspace, mobile, installation, image, USB, device, image"]
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
-author: TrudyHa
+author: mtniehaus
 ---
 # Windows To Go: feature overview
--- a/windows/whats-new/windows-store-for-business-overview.md
+++ b/windows/whats-new/windows-store-for-business-overview.md
@ -85,7 +85,7 @@ For more information, see [Sign up for the Store for Business](../manage/sign-up
 ### Set up
-After your admin signs up for the Store for Business, they can assign roles to other employees in your company. These are the roles and their permissions.
+After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
 <table>
 <colgroup>
@ -137,7 +137,7 @@ Also, if your organization plans to use a management tool, you’ll need to conf
 ### Get apps and content
-Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. For now, apps in the Store for Business are free. Over time, when paid apps are available, you’ll have more options for paying for apps.
+Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. 
 **App types** -- These app types are supported in the Store for Business:
@ -212,95 +212,53 @@ For more information, see [Manage settings in the Store for Business](../manage/
 Store for Business is currently available in these markets.
-   Argentina
+|Country or locale|Paid apps|Free apps|
-
+|-----------------|---------|---------|
-   Australia
+|Argentina|X|X|
-
+|Australia|X|X|
-   Austria
+|Austria|X|X|
-
+|Belgium (Dutch, French)|X|X|
-   Belgium (Dutch, French)
+|Brazil| |X|
-
+|Canada (English, French)|X|X|
-   Brazil
+|Chile|X|X|
-
+|Columbia|X|X|
-   Canada (English, French)
+|Croatia|X|X|
-
+|Czech Republic|X|X|
-   Chile
+|Denmark|X|X|
-
+|Finland|X|X|
-   Columbia
+|France|X|X|
-
+|Germany|X|X|
-   Croatia
+|Greece|X|X|
-
+|Hong Kong SAR|X|X|
-   Czech Republic
+|Hungary|X|X|
-
+|India| |X|
-   Denmark
+|Indonesia|X|X|
-
+|Ireland|X|X|
-   Finland
+|Italy|X|X|
-
+|Japan|X|X|
-   France
+|Malaysia|X|X|
-
+|Mexico|X|X|
-   Germany
+|Netherlands|X|X|
-
+|New Zealand|X|X|
-   Greece
+|Norway|X|X|
-
+|Philippines|X|X|
-   Hong Kong SAR
+|Poland|X|X|
-
+|Portugal|X|X|
-   Hungary
+|Romania|X|X|
-
+|Russia| |X|
-   India
+|Singapore|X|X|
-
+|Slovakia|X|X|
-   Indonesia
+|South Africa|X|X|
-
+|Spain|X|X|
-   Ireland
+|Sweden|X|X|
-
+|Switzerland (French, German)|X|X|
-   Italy
+|Taiwan| |X|
-
+|Thailand|X|X|
-   Japan
+|Turkey|X|X|
-
+|Ukraine| |X|
-   Malaysia
+|United Kingdom|X|X|
-
+|United States|X|X|
-   Mexico
+|Vietnam|X|X|
 -   Netherlands
 -   New Zealand
 -   Norway
 -   Philippines
 -   Poland
 -   Portugal
 -   Romania
 -   Russia
 -   Singapore
 -   Slovakia
 -   South Africa
 -   Spain
 -   Sweden
 -   Switzerland (French, German)
 -   Taiwan
 -   Thailand
 -   Turkey
 -   Ukraine
 -   United Kingdom
 -   United States
 -   Vietnam
 ## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business
`@ -28,7 +28,7 @@ Administrators can assign online-licensed apps to employees in their organizatio`

	`4. Type the email address for the employee that you're assigning the app to, and click Confirm.`	`4. Type the email address for the employee that you're assigning the app to, and click Confirm.`

	`Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click Install.`	`Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click Install. Also, in the Windows Store app, they can find the app under My Library.`