Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs into maricia-12241577

store-for-business/update-windows-store-for-business-account-settings.md

@@ -61,13 +61,13 @@ Taxes for Microsoft Store for Business purchases are determined by your business
 - Switzerland
 - United Kingdom
 
-These countries can provide their VAT number or local equivalent in **Payments & billing**. However, they can only acquire free apps.  
+These countries can provide their VAT number or local equivalent in **Payments & billing**.   
 
 |Market| Tax identifier |
 |------|----------------|
-| Brazil | CPNJ (required), CCMID  (optional) |
+| Brazil | CNPJ (required) |
-| India | CST ID, VAT ID |
+| India | CST ID, VAT ID (both are optional) |
-| Taiwan | Unified business number|
+| Taiwan | VAT ID (optional) |
 
 ### Tax-exempt status 
 

store-for-business/windows-store-for-business-overview.md

@@ -157,6 +157,193 @@ For more information, see [Manage settings in the Store for Business](manage-set
 
 Microsoft Store for Business and Education is currently available in these markets.
 
+<!--- <table>
+   <tr>
+        <th align="center" colspan="4">Support for free and paid apps</th>
+   </tr>
+   <tr align="left">
+     <td>
+        <ul>
+            <li>Algeria</li>
+            <li>Angola</li>
+            <li>Argentina</li>
+            <li>Australia</li>
+            <li>Austria</li>
+            <li>Bahamas</li>
+            <li>Bahrain</li>
+            <li>Bangladesh</li>
+            <li>Barbados</li>
+            <li>Belgium</li>
+            <li>Belize</li>
+            <li>Bermuda</li>
+            <li>Bhutan</li>
+            <li>Bolivia</li>
+            <li>Botswana</li>
+            <li>Brunei Darussalam</li>
+            <li>Bulgaria</li>
+            <li>Cambodia</li>
+            <li>Cameroon</li>
+            <li>Canada</li>
+            <li>Republic of Cabo Verde</li>
+            <li>Cayman Islands</li>
+            <li>Chile</li>
+            <li>Colombia</li>
+            <li>Costa Rica</li>
+            <li>C&ocirc;te D'ivoire</li>
+            <li>Croatia</li>
+            <li>Cur&ccedil;ao</li>
+            <li>Cyprus</li>
+        </ul>
+    </td>
+     <td>
+        <ul>
+            <li>Czech Republic</li>
+            <li>Denmark</li>
+            <li>Dominican Republic</li>
+            <li>Ecuador</li>
+            <li>Egypt</li>
+            <li>El Salvador</li>
+            <li>Estonia</li>
+            <li>Faroe Islands</li>
+            <li>Fiji</li>
+            <li>Finland</li>
+            <li>France</li>
+            <li>Germany</li>
+            <li>Ghana</li>
+            <li>Greece</li>
+            <li>Guadeloupe</li>
+            <li>Guatemala</li>
+            <li>Honduras</li>
+            <li>Hong Kong SAR</li>
+            <li>Hungary</li>
+            <li>Iceland</li>
+            <li>Indonesia</li>
+            <li>Iraq</li>
+            <li>Ireland</li>
+            <li>Israel</li>
+            <li>Italy</li>
+            <li>Jamaica</li>
+            <li>Japan</li>
+            <li>Jordan</li>
+            <li>Kenya</li> 
+        </ul>
+    </td>
+    <td>
+        <ul>
+            <li>Kuwait</li>
+            <li>Latvia</li>
+            <li>Lebanon</li>
+            <li>Libya</li>
+            <li>Liechtenstein</li>
+            <li>Lithuania</li>
+            <li>Luxembourg</li>
+            <li>Malaysia</li>
+            <li>Malta</li>
+            <li>Mauritius</li>
+            <li>Mexico</li>
+            <li>Mongolia</li>
+            <li>Montenegro</li>
+            <li>Morocco</li>
+            <li>Mozambique</li>
+            <li>Namibia</li>
+            <li>Netherlands</li>
+            <li>New Zealand</li>
+            <li>Nicaragua</li>
+            <li>Nigeria</li>
+            <li>Norway</li>
+            <li>Oman</li>
+            <li>Pakistan</li>
+            <li>Palestinian Authority</li>
+            <li>Panama</li>
+            <li>Paraguay</li>
+            <li>Peru</li>
+            <li>Philippines</li>
+            <li>Poland</li>          
+        </ul>
+    </td>
+    <td>
+        <ul>
+            <li>Portugal</li>
+            <li>Puerto Rico</li>
+            <li>Qatar</li>
+            <li>Romania</li>
+            <li>Rwanda</li>
+            <li>Saint Kitts and Nevis</li>
+            <li>Saudi Arabia</li>
+            <li>Senegal</li>
+            <li>Serbia</li>
+            <li>Singapore</li>
+            <li>Slovakia</li>
+            <li>Slovenia</li>
+            <li>South Africa</li>
+            <li>Spain</li>
+            <li>Sweden</li>
+            <li>Switzerland</li>
+            <li>Tanzania</li>
+            <li>Thailand</li>
+            <li>Trinidad and Tobago</li>
+            <li>Tunisia</li>
+            <li>Turkey</li>
+            <li>Uganda</li>
+            <li>United Arab Emirates</li>
+            <li>United Kingdom</li>
+            <li>United States</li>           
+        </ul>
+    </td>
+    <td>
+        <ul>
+            <li>Uruguay</li>
+            <li>Viet Nam</li>
+            <li>Virgin Islands, U.S.</li>
+            <li>Zambia</li>
+            <li>Zimbabwe<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</li>           
+        </ul>
+    </td>
+   </tr>
+</table>
+
+<table>
+   <tr>
+        <th align="center">Support for free apps only</th>
+   </tr>
+   <tr align="left">
+     <td>
+        <ul>
+            <li>Russia</li>
+        </ul>
+    </td>
+   </tr>
+</table>
+
+<table>
+   <tr>
+        <th align="center">Support for free apps and Minecraft: Education Edition</th>
+   </tr>
+   <tr align="left">
+     <td>
+        <ul>
+            <li>Albania</li>
+            <li>Armenia</li>
+            <li>Azerbaijan</li>
+            <li>Belarus</li>
+            <li>Bosnia</li>
+            <li>Brazil</li>
+            <li>Georgia</li>
+            <li>India</li>
+            <li>Kazakhstan</li>
+            <li>Korea</li>
+            <li>Kyrgyzstan</li>
+            <li>Moldova</li>
+            <li>Taiwan</li>
+            <li>Tajikistan</li>
+            <li>Turkmenistan</li>
+            <li>Ukraine</li>
+            <li>Uzbekistan</li>
+        </ul>
+    </td>
+   </tr>
+</table> -->
+### Support for free and paid apps
 <table>
    <tr>
         <th align="center" colspan="4">Support for free and paid apps</th>
@@ -294,22 +481,29 @@ Microsoft Store for Business and Education is currently available in these marke
    </tr>
 </table>
 
-<table>
+### Support for free apps
-   <tr>
+Customers in these markets can use Microsoft Store for Business and Education to acquire free apps:
-        <th align="center">Support for free apps only</th>
+- India
-   </tr>
+- Russia 
-   <tr align="left">
+
-     <td>
+### Support for free apps and Minecraft: Education Edition
-        <ul>
+Customers in these markets can use Microsoft Store for Business and Education to acquire free apps and Minecraft: Education Edition:  
-            <li>Brazil</li>
+- Brazil
-            <li>India</li>
+- Taiwan
-            <li>Russia</li>
+- Ukraine 
-            <li>Taiwan</li>
+
-            <li>Ukraine</li>
+This table summarize what customers can purchase, depending on which Microsoft Store they are using. 
-        </ul>
+
-    </td>
+| Store | Free apps | Minecraft: Education Edition |
-   </tr>
+| ----- | --------- | ---------------------------- |
-</table>
+| Microsoft Store for Business | supported | not supported |
+| Microsoft Store for Education | supported | supported; invoice payment required |
+
+> [!NOTE]
+> **Microsoft Store for Education customers with support for free apps and Minecraft: Education Edition**
+- Admins can acquire free apps from **Microsoft Store for Education**.
+- Admins need to use an invoice to purchase **Minecraft: Education Edition**. For more information, see [Invoice payment option](https://docs.microsoft.com/education/windows/school-get-minecraft#invoices). 
+- Teachers, or people with the Basic Purachaser role, can acquire free apps, but not **Minecraft: Education Edition**. 
 
 ## Privacy notice
 

windows/access-protection/enterprise-certificate-pinning.md

@@ -189,9 +189,12 @@ Sign-in to the reference computer using domain administrator equivalent credenti
 8.	Right-click the **Registry** node and click **New**.
 9.	In the **New Registry Properties** dialog box, select **Update** from the **Action** list.  Select **HKEY_LOCAL_MACHINE** from the **Hive** list.
 10.	For the **Key Path**, click **…** to launch the **Registry Item Browser**.  Navigate to the following registry key and select the **PinRules** registry value name:
+
     HKLM\SOFTWARE\Microsoft\Cryptography\OID\EncodingType0\CertDllCreateCertificateChainEngine\Config  
+
     Click **Select** to close the **Registry Item Browser**.
-11.	The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REGBINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal).  Click **OK** to save your settings and close the dialog box.
+    
+11.	The **Key Path** should contain the selected registry key. The **Value name** configuration should contain the registry value name **_PinRules_**. **Value type** should read **_REG\_BINARY_** and **Value data** should contain a long series of numbers from 0-9 and letters ranging from A-F (hexadecimal).  Click **OK** to save your settings and close the dialog box.
 
     ![PinRules Properties](images/enterprise-certificate-pinning-pinrules-properties.png)
     

windows/client-management/TOC.md

@@ -9,5 +9,5 @@
 ## [Reset a Windows 10 Mobile device](reset-a-windows-10-mobile-device.md)
 ## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
 ## [Windows libraries](windows-libraries.md)
-## [Mobile Device Management](mdm/index.md)
+## [Mobile device management protocol](mdm/index.md)
 ## [Change history for Client management](change-history-for-client-management.md)

windows/client-management/join-windows-10-mobile-to-azure-active-directory.md

@@ -191,7 +191,7 @@ To see the Notebooks that your Azure AD account has access to, tap **More Notebo
 ## Use Windows Store for Business
 
 
-[Windows Store for Business](/microsoft-store/index) allows you to specify applications to be available to your users in the Windows Store application. These applications show up on a tab titled for your company. Applications approved in the Windows Store for Business portal can be installed by users.
+[Microsoft Store for Business](/microsoft-store/index) allows you to specify applications to be available to your users in the Windows Store application. These applications show up on a tab titled for your company. Applications approved in the Microsoft Store for Business portal can be installed by users.
 
 ![company tab on store](images/aadjwsfb.jpg)
 

windows/client-management/mdm/enterpriseassignedaccess-csp.md

@@ -43,137 +43,103 @@ When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an
 
 When using the AssignedAccessXml in a provisioning package using the Windows Imaging and Configuration Designer (ICD) tool, do not use escaped characters.
 
- 
+Entry | Description
+----------- | ------------
+ActionCenter | You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.
+ActionCenter | Example: `<ActionCenter enabled="true"></ActionCenter>`
+ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled;  **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)
+ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `<ActionCenter enabled="true" aboveLockToastEnabled="0" actionCenterNotificationEnabled="0"/>`
+ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `<ActionCenter enabled="true" actionCenterNotificationEnabled="0"/>`
+StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis &lt;400epx or 6 columns on devices with short axis &gt;=400epx. **Large** - sets the width to 6 columns on devices with short axis &lt;400epx or 8 columns on devices with short axis &gt;=400epx.
+StartScreenSize | If you have existing lockdown XML, you must update it if your device has &gt;=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `<StartScreenSize>Large</StartScreenSize>`
+Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).
+Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"/>`
+Application | <img src="images/enterpriseassignedaccess-csp.png" alt="modern app notification" />
+Application | Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2. For the tile location, the first value indicates the column and the second value indicates the row. A value of 0 (zero) indicates the first column, a value of 1 indicates the second column, and so on. Include autoRun as an attribute to configure the application to run automatically.
+
+Application example:
+``` syntax
+<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}" autoRun="true">
+   <PinToStart>
+      <Size>Large</Size>
+      <Location>
+         <LocationX>0</LocationX>
+         <LocationY>2</LocationY>
+      </Location>
+   </PinToStart>
+</Application>
+```
+
+Entry | Description
+----------- | ------------
+Application | Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior. To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar.
+
+Application example:
+``` syntax
+<Apps>
+    <!-- Outlook Calendar -->
+    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" 
+aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar">
+        <PinToStart>
+            <Size>Large</Size>
+            <Location>
+                <LocationX>1</LocationX>
+                <LocationY>4</LocationY>
+            </Location>
+        </PinToStart>
+    </Application>
+    <!-- Outlook Mail-->
+    <Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" 
+aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail">
+        <PinToStart>
+            <Size>Large</Size>
+            <Location>
+                <LocationX>1</LocationX>
+                <LocationY>6</LocationY>
+            </Location>
+        </PinToStart>
+    </Application>
+</Apps>
+```
+
+Entry | Description
+----------- | ------------
+Folder | A folder should be contained in &lt;Applications/&gt; node among with other &lt;Application/&gt; nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
+
+Folder example:
+``` syntax
+<Application folderId="4" folderName="foldername">
+    <PinToStart>
+        <Size>Large</Size>
+        <Location>
+            <LocationX>0</LocationX>
+            <LocationY>2</LocationY>
+        </Location>
+    </PinToStart>
+</Application>
+```
+An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
+
+``` syntax
+<Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
+    <PinToStart>
+        <Size>Medium</Size>
+        <Location>
+            <LocationX>0</LocationX>
+            <LocationY>0</LocationY>
+        </Location>
+        <ParentFolderId>2</ParentFolderId>
+    </PinToStart>
+</Application>
+```
+
+Entry | Description
+----------- | ------------
+Settings | Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.
+
+> [!Important]  
+> Do not specify a group entry without a page entry because it will cause an undefined behavior.
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Entry</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>ActionCenter</p></td>
-<td><p>You can enable or disable the Action Center (formerly known as Notification Center) on the device. Set to true to enable the Action Center, or set to false to disable the Action Center.</p>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;ActionCenter enabled=&quot;true&quot;&gt;&lt;/ActionCenter&gt;</code></pre>
-<p>In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled:</p>
-<ul>
-<li>AboveLock/AllowActionCenterNotifications</li>
-<li>AboveLock/AllowToasts</li>
-</ul>
-<p>For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)</p>
-<p>You can also add the following optional attributes to the ActionCenter element to override the default behavior:</p>
-<ul>
-<li>aboveLockToastEnabled</li>
-<li>actionCenterNotificationEnabled</li>
-</ul>
-<p>Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled).</p>
-<p>In this example, the Action Center is enabled and both policies are disabled.</p>
-<pre class="syntax" space="preserve"><code>&lt;ActionCenter enabled=&quot;true&quot; aboveLockToastEnabled=&quot;0&quot; actionCenterNotificationEnabled=&quot;0&quot;/&gt;</code></pre>
-<p>These optional attributes are independent of each other.</p>
-<p>In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set.</p>
-<pre class="syntax" space="preserve"><code>&lt;ActionCenter enabled=&quot;true&quot; actionCenterNotificationEnabled=&quot;0&quot;/&gt;</code></pre></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>StartScreenSize</p></td>
-<td><p>Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions.</p>
-<p>Valid values:</p>
-<ul>
-<li><strong>Small</strong> sets the width to 4 columns on device with short axis &lt;400epx or 6 columns on devices with short axis &gt;=400epx.</li>
-<li><strong>Large</strong> sets the width to 6 columns on devices with short axis &lt;400epx or 8 columns on devices with short axis &gt;=400epx.</li>
-</ul>
-<p>If you have existing lockdown XML, you must update it if your device has &gt;=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4.</p>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;StartScreenSize&gt;Large&lt;/StartScreenSize&gt;</code></pre></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Application</p></td>
-<td><p>Provide the product ID for each app that will be available on the device.</p>
-<p>You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).</p>
-<p>To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface.</p>
-<pre class="syntax" space="preserve"><code>&lt;Application productId=&quot;{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}&quot; aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail&quot;/&gt;</code></pre>
-<img src="images/enterpriseassignedaccess-csp.png" alt="modern app notification" />
-<p>Include PinToStart to display an app on the Start screen. For apps pinned to the Start screen, identify a tile size (small, medium, or large), and a location. The size of a small tile is 1 column x 1 row, a medium tile is 2 x 2, and a large tile is 4 x 2.</p>
-<p>For the tile location, the first value indicates the column and the second value indicates the row. A value of <strong>0</strong> indicates the first column, a value of <strong>1</strong> indicates the second column, and so on.</p>
-<p>Include autoRun as an attribute to configure the application to run automatically.</p>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot; autoRun=&quot;true&quot;&gt;
-   &lt;PinToStart&gt;
-      &lt;Size&gt;Large&lt;/Size&gt;
-      &lt;Location&gt;
-         &lt;LocationX&gt;0&lt;/LocationX&gt;
-         &lt;LocationY&gt;2&lt;/LocationY&gt;
-      &lt;/Location&gt;
-   &lt;/PinToStart&gt;
-&lt;/Application&gt;</code></pre>
-<p>Multiple App Packages enable multiple apps to exist inside the same package. Since ProductIds identify packages and not applications, specifying a ProductId is not enough to distinguish between individual apps inside a multiple app package. Trying to include application from a multiple app package with just a ProductId can result in unexpected behavior.</p>
-<p>To support pinning applications in multiple app packages, use an AUMID parameter in lockdown XML. For the list of product ID and AUMID, see [ProductIDs in Windows 10 Mobile](#productid). The following example shows how to pin both Outlook mail and Outlook calendar.</p>
-<pre class="syntax" space="preserve"><code>&lt;Apps&gt;
-    &lt;!-- Outlook Calendar --&gt;
-    &lt;Application productId=&quot;{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}&quot; 
-aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar&quot;&gt;
-        &lt;PinToStart&gt;
-            &lt;Size&gt;Large&lt;/Size&gt;
-            &lt;Location&gt;
-                &lt;LocationX&gt;1&lt;/LocationX&gt;
-                &lt;LocationY&gt;4&lt;/LocationY&gt;
-            &lt;/Location&gt;
-        &lt;/PinToStart&gt;
-    &lt;/Application&gt;
-    &lt;!-- Outlook Mail--&gt;
-    &lt;Application productId=&quot;{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}&quot; 
-aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail&quot;&gt;
-        &lt;PinToStart&gt;
-            &lt;Size&gt;Large&lt;/Size&gt;
-            &lt;Location&gt;
-                &lt;LocationX&gt;1&lt;/LocationX&gt;
-                &lt;LocationY&gt;6&lt;/LocationY&gt;
-            &lt;/Location&gt;
-        &lt;/PinToStart&gt;
-    &lt;/Application&gt;
-&lt;/Apps&gt;</code></pre></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>Folder</p></td>
-<td><p>A folder should be contained in &lt;Applications/&gt; node among with other &lt;Application/&gt; nodes, it shares most grammar with the Application Node, <strong>folderId</strong> is mandatory, <strong>folderName</strong> is optional, which is the folder name displayed on Start. <strong>folderId</strong> is a unique unsigned integer for each folder.</p>
-<p>For example:</p>
-<pre class="syntax" space="preserve"><code>&lt;Application folderId=&quot;4&quot; folderName=&quot;foldername&quot;&gt;
-    &lt;PinToStart&gt;
-        &lt;Size&gt;Large&lt;/Size&gt;
-        &lt;Location&gt;
-            &lt;LocationX&gt;0&lt;/LocationX&gt;
-            &lt;LocationY&gt;2&lt;/LocationY&gt;
-        &lt;/Location&gt;
-    &lt;/PinToStart&gt;
-&lt;/Application&gt;</code></pre>
-<p>An application that belongs in the folder would add an optional attribute <strong>ParentFolderId</strong>, which maps to <strong>folderId</strong> of the folder. In this case, the location of this application will be located inside the folder.</p>
-<pre class="syntax" space="preserve"><code>&lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot;&gt;
-    &lt;PinToStart&gt;
-        &lt;Size&gt;Medium&lt;/Size&gt;
-        &lt;Location&gt;
-            &lt;LocationX&gt;0&lt;/LocationX&gt;
-            &lt;LocationY&gt;0&lt;/LocationY&gt;
-        &lt;/Location&gt;
-        &lt;ParentFolderId&gt;2&lt;/ParentFolderId&gt;
-    &lt;/PinToStart&gt;
-&lt;/Application&gt;</code></pre></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Settings</p></td>
-<td><p><strong>Settings pages</strong></p>
-<p>Starting in Windows 10, version 1511, you can specify the following settings pages in the lockdown XML file.</p>
-<div class="alert">
-<strong>Important</strong>  Do not specify a group entry without a page entry because it will cause an undefined behavior.
-</div>
-<div>
- 
-</div>
 <ul>
 <li>System (main menu) - SettingsPageGroupPCSystem
 <ul>
@@ -277,9 +243,14 @@ aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsl
 <li>Extensibility - SettingsPageExtensibility</li>
 </ul></li>
 </ul>
-<p><strong>Quick action settings</strong></p>
+
-<p>Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page). </p>
+**Quick action settings**  
-<p>Note:  Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.</p>
+
+Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
+
+> [!Note]  
+> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. This statement does not apply to Windows 10, version 1703.
+
 <ul>
 <li><p>SystemSettings_System_Display_QuickAction_Brightness</p>
 <p>Dependencies - SettingsPageSystemDisplay, SettingsPageDisplay</p></li>
@@ -314,277 +285,265 @@ aumid=&quot;microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowsl
 <li><p>SystemSettings_QuickAction_Camera</p>
 <p>Dependencies - none</p></li>
 </ul>
-<p>In this example, all settings pages and quick action settings are allowed. An empty &lt;Settings&gt; node indicates that none of the settings are blocked.</p>
+
-<pre class="syntax" space="preserve"><code>&lt;Settings&gt;
+In this example, all settings pages and quick action settings are allowed. An empty \<Settings> node indicates that none of the settings are blocked.  
-&lt;/Settings&gt;</code></pre>
+
-<p>In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.</p>
+``` syntax
-<pre class="syntax" space="preserve"><code>&lt;Settings&gt; 
+<Settings>
-  &lt;System name=&quot;SettingsPageGroupPCSystem&quot; /&gt; 
+</Settings>
-  &lt;System name=&quot;SettingsPageDisplay&quot; /&gt; 
+```
-  &lt;System name=&quot;SettingsPageAppsNotifications&quot; /&gt;
+
-  &lt;System name=&quot;SettingsPageCalls&quot; /&gt;
+In this example, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.  
-  &lt;System name=&quot;SettingsPageMessaging&quot; /&gt; 
+
-  &lt;System name=&quot;SettingsPageBatterySaver&quot; /&gt; 
+``` syntax
-  &lt;System name=&quot;SettingsPageStorageSenseStorageOverview&quot; /&gt;
+<Settings> 
-  &lt;System name=&quot;SettingsPageGroupPCSystemDeviceEncryption&quot; /&gt; 
+  <System name="SettingsPageGroupPCSystem" /> 
-  &lt;System name=&quot;SettingsPageDrivingMode&quot; /&gt; 
+  <System name="SettingsPageDisplay" /> 
-  &lt;System name=&quot;SettingsPagePCSystemInfo&quot; /&gt; 
+  <System name="SettingsPageAppsNotifications" />
- &lt;/Settings&gt;</code></pre>
+  <System name="SettingsPageCalls" />
-<p>To remove access to all of the settings in the system, the settings application would simply not be listed in the app list for a particular role.</p></td>
+  <System name="SettingsPageMessaging" /> 
-</tr>
+  <System name="SettingsPageBatterySaver" /> 
-<tr class="even">
+  <System name="SettingsPageStorageSenseStorageOverview" />
-<td style="vertical-align:top"><p>Buttons</p></td>
+  <System name="SettingsPageGroupPCSystemDeviceEncryption" /> 
-<td><p>The following list identifies the hardware buttons on the device that you can lock down in <strong>ButtonLockdownList</strong>. When a user taps a button that is in the lockdown list, nothing will happen.</p>
+  <System name="SettingsPageDrivingMode" /> 
+  <System name="SettingsPagePCSystemInfo" /> 
+ </Settings>
+```
+
+Entry | Description
+----------- | ------------
+Buttons | The following list identifies the hardware buttons on the device that you can lock down in <strong>ButtonLockdownList</strong>. When a user taps a button that is in the lockdown list, nothing will happen.
+ 
 <ul>
 <li><p>Start</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>Lock down of the Start button only prevents the press and hold event.</p>
-</div>
-<div>
- 
-</div></li>
 <li><p>Back</p></li>
 <li><p>Search</p></li>
 <li><p>Camera</p></li>
 <li><p>Custom1</p></li>
 <li><p>Custom2</p></li>
-<li><p>Custom3</p>
+<li><p>Custom3</p></li>
-<div class="alert">
-<strong>Note</strong>  
-<p>Custom buttons are hardware buttons that can be added to devices by OEMs.</p>
-</div>
-<div>
- 
-</div></li>
 </ul>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;Buttons&gt;
-   &lt;ButtonLockdownList&gt;
-      &lt;!-- Lockdown all buttons --&gt;
-         &lt;Button name=&quot;Search&quot;&gt;
-         &lt;/Button&gt;
-         &lt;Button name=&quot;Camera&quot;&gt;
-         &lt;/Button&gt;
-         &lt;Button name=&quot;Custom1&quot;&gt;
-         &lt;/Button&gt;
-         &lt;Button name=&quot;Custom2&quot;&gt;
-         &lt;/Button&gt;
-         &lt;Button name=&quot;Custom3&quot;&gt;
-         &lt;/Button&gt;
-   &lt;/ButtonLockdownList&gt;</code></pre>
-<p>The Search and custom buttons can be <em>remapped</em> or configured to open a specific application. Button remapping takes effect for the device and applies to all users.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>The lockdown settings for a button, per user role, will apply regardless of the button mapping.</p>
-</div>
-<div>
- 
-</div>
-<div class="alert">
-<strong>Warning</strong>  
-<p>Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.</p>
-</div>
-<div>
- 
-</div>
-<p>To remap a button in lockdown XML, you supply the button name, the button event (typically &quot;press&quot;), and the product ID for the application the button will open.</p>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;ButtonRemapList&gt;
-   &lt;Button name=&quot;Search&quot;&gt;
-      &lt;ButtonEvent name=&quot;Press&quot;&gt;
-         &lt;!-- Alarms --&gt;
-         &lt;Application productId=&quot;{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}&quot; parameters=&quot;&quot; /&gt;
-          &lt;/ButtonEvent&gt;
-   &lt;/Button&gt;
-&lt;/ButtonRemapList&gt;</code></pre>
-<p><strong>Disabling navigation buttons</strong></p>
-<p>To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically &quot;press&quot;).</p>
-<p>The following section contains a sample lockdown XML file that shows how to disable navigation buttons.</p>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
-&lt;HandheldLockdown version=&quot;1.0&quot; &gt;
-    &lt;Default&gt;
-        &lt;ActionCenter enabled=&quot;false&quot; /&gt;
-        &lt;Apps&gt;
-            &lt;!-- Settings --&gt;
-            &lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot;&gt;
-                &lt;PinToStart&gt;
-                    &lt;Size&gt;Large&lt;/Size&gt;
-                    &lt;Location&gt;
-                        &lt;LocationX&gt;0&lt;/LocationX&gt;
-                        &lt;LocationY&gt;0&lt;/LocationY&gt;
-                    &lt;/Location&gt;
-                &lt;/PinToStart&gt;
-            &lt;/Application&gt;
 
-            &lt;!-- Phone Apps --&gt;
+> [!Note]  
-            &lt;Application productId=&quot;{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}&quot;&gt;
+> Lock down of the Start button only prevents the press and hold event.  
-                &lt;PinToStart&gt;
+>
-                    &lt;Size&gt;Small&lt;/Size&gt;
+> Custom buttons are hardware buttons that can be added to devices by OEMs.
-                    &lt;Location&gt;
-                        &lt;LocationX&gt;2&lt;/LocationX&gt;
-                        &lt;LocationY&gt;2&lt;/LocationY&gt;
-                    &lt;/Location&gt;
-                &lt;/PinToStart&gt;
-            &lt;/Application&gt;
-        &lt;/Apps&gt;
-        &lt;Buttons&gt;
-            &lt;ButtonLockdownList&gt;
-                &lt;Button name=&quot;Start&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Back&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Search&quot;&gt;
-                    &lt;ButtonEvent name=&quot;All&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Camera&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Custom1&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Custom2&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Custom3&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-            &lt;/ButtonLockdownList&gt;
-            &lt;ButtonRemapList /&gt;
-        &lt;/Buttons&gt;
-        &lt;MenuItems&gt;
-            &lt;DisableMenuItems/&gt;
-        &lt;/MenuItems&gt;
-        &lt;Settings&gt;
-        &lt;/Settings&gt;
-        &lt;Tiles&gt;
-            &lt;EnableTileManipulation/&gt;
-        &lt;/Tiles&gt;
-        &lt;StartScreenSize&gt;Small&lt;/StartScreenSize&gt;
-    &lt;/Default&gt;
-&lt;/HandheldLockdown&gt;</code></pre></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>MenuItems</p></td>
-<td><p>Use <strong>DisableMenuItems</strong> to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.</p>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;MenuItems&gt;
-   &lt;DisableMenuItems/&gt;
-&lt;/MenuItems&gt;</code></pre>
-<div class="alert">
-<strong>Important</strong>  
-<p>If <strong>DisableMenuItems</strong> is not included in a profile, users of that profile can uninstall apps.</p>
-</div>
-<div>
- 
-</div></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>Tiles</p></td>
-<td><p><strong>Turning-on tile manipulation</strong></p>
-<p>By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile.</p>
-<p>If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.</p>
-<div class="alert">
-<strong>Important</strong>  
-<p>If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.</p>
-</div>
-<div>
- 
-</div>
-<p>The following sample file contains configuration for enabling tile manipulation.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>Tile manipulation is disabled when you don’t have a <code>&lt;Tiles&gt;</code> node in lockdown XML, or if you have a <code>&lt;Tiles&gt;</code> node but don’t have the <code>&lt;EnableTileManipulation/&gt;</code> node.</p>
-</div>
-<div>
- 
-</div>
-<p>Example:</p>
-<pre class="syntax" space="preserve"><code>&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
-&lt;HandheldLockdown version=&quot;1.0&quot; &gt;
-    &lt;Default&gt;
-        &lt;ActionCenter enabled=&quot;false&quot; /&gt;
-        &lt;Apps&gt;
-            &lt;!-- Settings --&gt;
-            &lt;Application productId=&quot;{2A4E62D8-8809-4787-89F8-69D0F01654FB}&quot;&gt;
-                &lt;PinToStart&gt;
-                    &lt;Size&gt;Large&lt;/Size&gt;
-                    &lt;Location&gt;
-                        &lt;LocationX&gt;0&lt;/LocationX&gt;
-                        &lt;LocationY&gt;0&lt;/LocationY&gt;
-                    &lt;/Location&gt;
-                &lt;/PinToStart&gt;
-            &lt;/Application&gt;
 
-            &lt;!-- Phone Apps --&gt;
+Buttons example: 
-            &lt;Application productId=&quot;{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}&quot;&gt;
+``` syntax
-                &lt;PinToStart&gt;
+<Buttons>
-                    &lt;Size&gt;Small&lt;/Size&gt;
+   <ButtonLockdownList>
-                    &lt;Location&gt;
+      <!-- Lockdown all buttons -->
-                        &lt;LocationX&gt;2&lt;/LocationX&gt;
+         <Button name="Search">
-                        &lt;LocationY&gt;2&lt;/LocationY&gt;
+         </Button>
-                    &lt;/Location&gt;
+         <Button name="Camera">
-                &lt;/PinToStart&gt;
+         </Button>
-            &lt;/Application&gt;
+         <Button name="Custom1">
-        &lt;/Apps&gt;
+         </Button>
-        &lt;Buttons&gt;
+         <Button name="Custom2">
-            &lt;ButtonLockdownList&gt;
+         </Button>
-                &lt;Button name=&quot;Start&quot;&gt;
+         <Button name="Custom3">
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
+         </Button>
-                &lt;/Button&gt;
+   </ButtonLockdownList>
-                &lt;Button name=&quot;Back&quot;&gt;
+```
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
+The Search and custom buttons can be <em>remapped</em> or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Search&quot;&gt;
-                    &lt;ButtonEvent name=&quot;All&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Camera&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Custom1&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Custom2&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-                &lt;Button name=&quot;Custom3&quot;&gt;
-                    &lt;ButtonEvent name=&quot;Press&quot; /&gt;
-                    &lt;ButtonEvent name=&quot;PressAndHold&quot; /&gt;
-                &lt;/Button&gt;
-            &lt;/ButtonLockdownList&gt;
-            &lt;ButtonRemapList /&gt;
-        &lt;/Buttons&gt;
-        &lt;MenuItems&gt;
-            &lt;DisableMenuItems/&gt;
-        &lt;/MenuItems&gt;
-        &lt;Settings&gt;
-        &lt;/Settings&gt;
-        &lt;Tiles&gt;
-            &lt;EnableTileManipulation/&gt;
-        &lt;/Tiles&gt;
-        &lt;StartScreenSize&gt;Small&lt;/StartScreenSize&gt;
-    &lt;/Default&gt;
-&lt;/HandheldLockdown&gt;</code></pre></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>CSP Runner</p></td>
-<td><p>Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.</p></td>
-</tr>
-</tbody>
-</table>
 
+> [!Note]  
+> The lockdown settings for a button, per user role, will apply regardless of the button mapping.  
+>
+> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
+
+To remap a button in lockdown XML, you supply the button name, the button event (typically &quot;press&quot;), and the product ID for the application the button will open.
+
+``` syntax
+<ButtonRemapList>
+   <Button name="Search">
+      <ButtonEvent name="Press">
+         <!-- Alarms -->
+         <Application productId="{08179793-ED2E-45EA-BA12-BDE3EE9C3CE3}" parameters="" />
+          </ButtonEvent>
+   </Button>
+</ButtonRemapList>
+```
+**Disabling navigation buttons**  
+To disable navigation buttons (such as Home or Back) in lockdown XML, you supply the name (for example, Start) and button event (typically "press").
+
+The following section contains a sample lockdown XML file that shows how to disable navigation buttons.
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<HandheldLockdown version="1.0" >
+    <Default>
+        <ActionCenter enabled="false" />
+        <Apps>
+            <!-- Settings -->
+            <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
+                <PinToStart>
+                    <Size>Large</Size>
+                    <Location>
+                        <LocationX>0</LocationX>
+                        <LocationY>0</LocationY>
+                    </Location>
+                </PinToStart>
+            </Application>
+
+            <!-- Phone Apps -->
+            <Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
+                <PinToStart>
+                    <Size>Small</Size>
+                    <Location>
+                        <LocationX>2</LocationX>
+                        <LocationY>2</LocationY>
+                    </Location>
+                </PinToStart>
+            </Application>
+        </Apps>
+        <Buttons>
+            <ButtonLockdownList>
+                <Button name="Start">
+                    <ButtonEvent name="Press" />
+                </Button>
+                <Button name="Back">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Search">
+                    <ButtonEvent name="All" />
+                </Button>
+                <Button name="Camera">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Custom1">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Custom2">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Custom3">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+            </ButtonLockdownList>
+            <ButtonRemapList />
+        </Buttons>
+        <MenuItems>
+            <DisableMenuItems/>
+        </MenuItems>
+        <Settings>
+        </Settings>
+        <Tiles>
+            <EnableTileManipulation/>
+        </Tiles>
+        <StartScreenSize>Small</StartScreenSize>
+    </Default>
+</HandheldLockdown>
+```
+
+Entry | Description
+----------- | ------------
+MenuItems | Use **DisableMenuItems** to prevent use of the context menu, which is displayed when a user presses and holds an application in the All Programs list. You can include this entry in the default profile and in any additional user role profiles that you create.
+
+> [!Important]  
+> If **DisableMenuItems** is not included in a profile, users of that profile can uninstall apps.
+
+MenuItems example:
+
+``` syntax
+<MenuItems>
+   <DisableMenuItems/>
+</MenuItems>
+```
+
+Entry | Description
+----------- | ------------
+Tiles | **Turning-on tile manipulation** - By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile.
+
+> [!Important]  
+>  If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile.
+
+The following sample file contains configuration for enabling tile manipulation.
+
+> [!Note]  
+> Tile manipulation is disabled when you don’t have a `<Tiles>` node in lockdown XML, or if you have a `<Tiles>` node but don’t have the `<EnableTileManipulation>` node.
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<HandheldLockdown version="1.0" >
+    <Default>
+        <ActionCenter enabled="false" />
+        <Apps>
+            <!-- Settings -->
+            <Application productId="{2A4E62D8-8809-4787-89F8-69D0F01654FB}">
+                <PinToStart>
+                    <Size>Large</Size>
+                    <Location>
+                        <LocationX>0</LocationX>
+                        <LocationY>0</LocationY>
+                    </Location>
+                </PinToStart>
+            </Application>
+
+            <!-- Phone Apps -->
+            <Application productId="{F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7}">
+                <PinToStart>
+                    <Size>Small</Size>
+                    <Location>
+                        <LocationX>2</LocationX>
+                        <LocationY>2</LocationY>
+                    </Location>
+                </PinToStart>
+            </Application>
+        </Apps>
+        <Buttons>
+            <ButtonLockdownList>
+                <Button name="Start">
+                    <ButtonEvent name="Press" />
+                </Button>
+                <Button name="Back">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Search">
+                    <ButtonEvent name="All" />
+                </Button>
+                <Button name="Camera">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Custom1">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Custom2">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+                <Button name="Custom3">
+                    <ButtonEvent name="Press" />
+                    <ButtonEvent name="PressAndHold" />
+                </Button>
+            </ButtonLockdownList>
+            <ButtonRemapList />
+        </Buttons>
+        <MenuItems>
+            <DisableMenuItems/>
+        </MenuItems>
+        <Settings>
+        </Settings>
+        <Tiles>
+            <EnableTileManipulation/>
+        </Tiles>
+        <StartScreenSize>Small</StartScreenSize>
+    </Default>
+</HandheldLockdown>
+```
+
+Entry | Description
+----------- | ------------
+CSP Runner | Allows CSPs to be executed on the device per user role. You can use this to implement role specific policies, such as changing the color scheme when an admin logs on the device, or to set configurations per role.
  
 
 <a href="" id="lockscreenwallpaper-"></a>**LockscreenWallpaper/**  
@@ -733,6 +692,8 @@ Not supported in Windows 10. Use doWipePersistProvisionedData in [RemoteWipe CS
 <a href="" id="clock-timezone-"></a>**Clock/TimeZone/**  
 An integer that specifies the time zone of the device. The following table shows the possible values.
 
+Supported operations are Get and Replace.
+
 <table>
 <colgroup>
 <col width="20%" />
@@ -1160,9 +1121,6 @@ An integer that specifies the time zone of the device. The following table shows
 </tbody>
 </table>
 
- 
-
-Supported operations are Get and Replace.
 
 <a href="" id="locale-language-"></a>**Locale/Language/**  
 The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](http://go.microsoft.com/fwlink/p/?LinkID=189567).
@@ -1171,8 +1129,6 @@ The language setting is configured in the Default User profile only.
 
 > **Note**  Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required.
 
- 
-
 Supported operations are Get and Replace.
 
 ## OMA client provisioning examples

windows/configuration/mobile-devices/mobile-lockdown-designer.md

@@ -15,7 +15,7 @@ author: jdeckerms
 
 Windows 10 Mobile allows enterprises to lock down a device, define multiple user roles, and configure custom layouts on a device. For example, the enterprise can lock down a device so that only applications and settings in an allow list are available. This is accomplished using Lockdown XML, an XML file that contains settings for Windows 10 Mobile. 
 
-When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. 
+When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. You can deploy the lockdown XML file by [adding it to a provisioning package](lockdown-xml.md#add-lockdown-xml-to-a-provisioning-package) or [by using mobile device management (MDM)](lockdown-xml.md#push-lockdown-xml-using-mdm).
 
 The Lockdown Designer app helps you configure and create a lockdown XML file that you can apply to devices running Windows 10 Mobile, version 1703, and includes a remote simulation to help you determine the layout for tiles on the Start screen. Lockdown Designer also validates the XML. Using Lockdown Designer is easier than [manually creating a lockdown XML file](lockdown-xml.md).
 

windows/deployment/update/update-compliance-get-started.md

@@ -32,7 +32,7 @@ Update Compliance has the following requirements:
   <TR><TD>Online Crash Analysis	<TD>oca.telemetry.microsoft.com
   </TABLE>
 
- 4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
+4. To use Windows Defender Antivirus Assessment, devices must be protected by Windows Defender AV (and not a 3rd party AV program), and must have enabled [cloud-delivered protection](/windows/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus). See the [Windows Defender Antivirus in Windows 10](/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10) content library for more information on enabling, configuring, and validating Windows Defender AV.
 
 
 ## Add Update Compliance to Microsoft Operations Management Suite

windows/deployment/upgrade/upgrade-readiness-additional-insights.md

@@ -16,17 +16,19 @@ This topic provides information on additional features that are available in Upg
 
 The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
 
-> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
+> [!NOTE] 
+> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
 
 ### Install prerequisite security update for Internet Explorer
 
 Ensure the following prerequisites are met before using site discovery:
 
-1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. 
+1. Install the prerequisite KBs to add Site Discovery support and the latest fixes from the [Microsoft Update Catalog](http://www.catalog.update.microsoft.com/home.aspx). Install the following:
-2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
+   - For Windows 7 and Windows 8.1 - March, 2017 (or later) Security Monthly Rollup
-3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. 
+   - For Windows 10 - Cumulative Update for Windows 10 Version 1607 (KB4015217) (or later)
+2. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Readiness deployment script](upgrade-readiness-deployment-script.md) to allow Internet Explorer data collection before you run it. In addition, to enable Site Discovery on Windows 10 set **Enhanced Telemetry Level** for the Feedback and Diagnostics setting (Privacy > Feedback & Diagnostics settings), and enable **Page Prediction within Internet Explorer 11**.
 
-    If necessary, you can also enable it by creating the following registry entry. 
+    If necessary, you can also enable data collection by creating the following registry entry. 
 
     HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection 
 

windows/threat-protection/windows-defender-atp/api-portal-mapping-windows-defender-advanced-threat-protection.md

@@ -25,52 +25,262 @@ Understand what data fields are exposed as part of the alerts API and how they m
 
 
 ##	Alert API fields and portal mapping
+The following table lists the available fields exposed in the alerts API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
+
+
+The ArcSight field column contains the default mapping between the Windows Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md).
+
 Field numbers match the numbers in the images below.
 
-Portal label  | SIEM field name | Description
+<table style="table-layout:fixed;width:100%" >
-:---|:---|:---
+  <tr>
-1	| LinkToWDATP |	Link back to the alert page in Windows Defender ATP
+    <th class>Portal label</th>
-2	|	Alert ID	| Alert ID visible in the link: `https://securitycenter.windows.com/alert/<alert id>`
+    <th class>SIEM field name</th>
-3	| AlertTitle | Alert	title
+    <th class>ArcSight field</th>
-4	| Actor |	Actor name
+    <th class>Example value</th>
-5	| AlertTime |	Last time the alert was observed
+    <th class>Description</th>
-6 | Severity |	Alert severity
+    <th class></th>
-7	| Category |	Alert category
+  </tr>
-8 | Status in queue | Alert status in queue
+  <tr>
-9	| ComputerDnsName|	Computer DNS name and machine name
+    <td class>1</td>
-10| IoaDefinitionId	| (Internal only)  <br><br>  ID for the IOA (Indication of attack) that this alert belongs to. It usually correlates with the title. <br><br> **Note**: This is an internal ID of the rule which triggers the alert. It's provided here as it can be used for aggregations in the SIEM.
+    <td class>AlertTitle</td>
-11 | UserName	| The user context relevant to the activity on the machine which triggered the alert. NOTE: Not yet populated.
+    <td class>name</td>
-12 | FileName	| File name
+    <td class>A dll was unexpectedly loaded into a high integrity process without a UAC prompt</td>
-13 | FileHash	| Sha1 of file observed
+    <td class>Value available for every alert.</td>
-14 | FilePath	| File path
+    <td class></td>
-15 | IpAddress |	IP of the IOC (when relevant)
+  </tr>
-16 | URL	| URL of the IOC (when relevant)  
+  <tr>
-17 | FullId	| (Internal only)  <br><br> Unique ID for each combination of IOC and Alert ID. Provides the ability to apply dedup logic in the SIEM.
+    <td class>2</td>
-18 | AlertPart	| (Internal only)  <br><br> Alerts which contain multiple IOCs will be split into several messages, each message contains one IOC and a running counter. The counter provides the ability to reconstruct the alerts in the SIEM.
+    <td class>Severity</td>
-19 | LastProccesedTimeUtc | (Internal only)  <br><br>	Time the alert was last processed in Windows Defender ATP.
+    <td class>deviceSeverity</td>
-20 | Source| Alert detection source (Windows Defender AV, Windows Defender ATP, and Device Guard)
+    <td class>Medium</td>
-21 | ThreatCategory| Windows Defender AV threat category
+    <td class>Value available for every alert.</td>
-22 | ThreatFamily |	Windows Defender AV family name
+    <td class></td>
-23 | RemediationAction |	Windows Defender AV threat category	 |
+  </tr>
-24 | WasExecutingWhileDetected	| Indicates if a file was running while being detected.
+  <tr>
-25|	RemediationIsSuccess	| Indicates if an alert was successfully remediated.
+    <td class>3</td>
-26 | Sha1	| Sha1 of file observed	in alert timeline and in file side pane (when available)
+    <td class>Category</td>
-27 | Md5 | Md5 of file observed	(when available)
+    <td class>deviceEventCategory</td>
-28 | Sha256 |	Sha256 of file observed	(when available)
+    <td class>Privilege Escalation</td>
-29	|	ThreatName	| Windows Defender AV threat name
+    <td class>Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>4</td>
+    <td class>Source</td>
+    <td class>sourceServiceName</td>
+    <td class>WindowsDefenderATP</td>
+    <td class>Windows Defender Antivirus or Windows Defender ATP. Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>5</td>
+    <td class>MachineName</td>
+    <td class>sourceHostName</td>
+    <td class>liz-bean</td>
+    <td class>Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>6</td>
+    <td class>FileName</td>
+    <td class>fileName</td>
+    <td class>Robocopy.exe</td>
+    <td class>Available for alerts associated with a file or process.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>7</td>
+    <td class>FilePath</td>
+    <td class>filePath</td>
+    <td class>C:\Windows\System32\Robocopy.exe</td>
+    <td class>Available for alerts associated with a file or process. \</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>8</td>
+    <td class>UserDomain</td>
+    <td class>sourceNtDomain</td>
+    <td class>contoso</td>
+    <td class>The domain of the user context running the activity, available for Windows Defender ATP behavioral based alerts.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>9</td>
+    <td class>UserName</td>
+    <td class>sourceUserName</td>
+    <td class>liz-bean</td>
+    <td class>The user context running the activity, available for Windows Defender ATP behavioral based alerts.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>10</td>
+    <td class>Sha1</td>
+    <td class>fileHash</td>
+    <td class>5b4b3985339529be3151d331395f667e1d5b7f35</td>
+    <td class>Available for alerts associated with a file or process.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>11</td>
+    <td class>Md5</td>
+    <td class>deviceCustomString5</td>
+    <td class>55394b85cb5edddff551f6f3faa9d8eb</td>
+    <td class>Available for Windows Defender AV alerts.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>12</td>
+    <td class>Sha256</td>
+    <td class>deviceCustomString6</td>
+    <td class>9987474deb9f457ece2a9533a08ec173a0986fa3aa6ac355eeba5b622e4a43f5</td>
+    <td class>Available for Windows Defender AV alerts.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>13</td>
+    <td class>ThreatName</td>
+    <td class>eviceCustomString1</td>
+    <td class>Trojan:Win32/Skeeyah.A!bit</td>
+    <td class>Available for Windows Defender AV alerts.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>14</td>
+    <td class>IpAddress</td>
+    <td class>sourceAddress</td>
+    <td class>218.90.204.141</td>
+    <td class>Available for alerts associated to network events. For example, 'Communication to a malicious network destination'.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>15</td>
+    <td class>Url</td>
+    <td class>requestUrl</td>
+    <td class>down.esales360.cn</td>
+    <td class>Availabe for alerts associated to network events. For example, 'Communication to a malicious network destination'.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>16</td>
+    <td class>RemediationIsSuccess</td>
+    <td class>deviceCustomNumber2</td>
+    <td class>TRUE</td>
+    <td class>Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>17</td>
+    <td class>WasExecutingWhileDetected</td>
+    <td class>deviceCustomNumber1</td>
+    <td class>FALSE</td>
+    <td class>Available for Windows Defender AV alerts. ArcSight value is 1 when TRUE and 0 when FALSE.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>18</td>
+    <td class>AlertId</td>
+    <td class>externalId</td>
+    <td class>636210704265059241_673569822</td>
+    <td class>Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>19</td>
+    <td class>LinkToWDATP</td>
+    <td class>flexString1</td>
+    <td class>`https://securitycenter.windows.com/alert/636210704265059241_673569822`</td>
+    <td class>Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>20</td>
+    <td class>AlertTime</td>
+    <td class>deviceReceiptTime</td>
+    <td class>2017-05-07T01:56:59.3191352Z</td>
+    <td class>The time the activity relevant to the alert occurred. Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>21</td>
+    <td class>MachineDomain</td>
+    <td class>sourceDnsDomain</td>
+    <td class>contoso.com</td>
+    <td class>Domain name not relevant for AAD joined machines. Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>22</td>
+    <td class>Actor</td>
+    <td class>deviceCustomString4</td>
+    <td class></td>
+    <td class>Available for alerts related to a known actor group.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>21+5</td>
+    <td class>ComputerDnsName</td>
+    <td class>No mapping</td>
+    <td class>liz-bean.contoso.com</td>
+    <td class>The machine fully qualified domain name. Value available for every alert.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class></td>
+    <td class>LogOnUsers</td>
+    <td class>sourceUserId</td>
+    <td class>contoso\liz-bean; contoso\jay-hardee</td>
+    <td class>The domain and user of the interactive logon user/s at the time of the event. Note: For machines on Windows 10 version 1607, the domain information will not be available.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class>Internal field</td>
+    <td class>LastProcessedTimeUtc</td>
+    <td class>No mapping</td>
+    <td class>2017-05-07T01:56:58.9936648Z</td>
+    <td class>Time when event arrived at the backend. This field can be used when setting the request parameter for the range of time that alerts are retrieved.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class></td>
+    <td class>Not part of the schema</td>
+    <td class>deviceVendor</td>
+    <td class></td>
+    <td class>Static value in the ArcSight mapping - 'Microsoft'.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class></td>
+    <td class>Not part of the schema</td>
+    <td class>deviceProduct</td>
+    <td class></td>
+    <td class>Static value in the ArcSight mapping - 'Windows Defender ATP'.</td>
+    <td class></td>
+  </tr>
+  <tr>
+    <td class></td>
+    <td class>Not part of the schema</td>
+    <td class>deviceVersion</td>
+    <td class></td>
+    <td class>Static value in the ArcSight mapping - '2.0', used to identify the mapping versions.</td>
+    <td class></td>
+  </tr>
+</table>
 
->[!NOTE]
-> Fields #21-29 are related to Windows Defender Antivirus alerts.
 
-![Image of actor profile with numbers](images/atp-actor.png)
+![Image of alert with numbers](images/atp-alert-page.png)
 
-![Image of alert timeline with numbers](images/atp-alert-timeline-numbered.png)
+![Image of alert details pane with numbers](images/atp-siem-mapping13.png)
 
-![Image of new alerts with numbers](images/atp-alert-source.png)
+![Image of alert timeline with numbers](images/atp-siem-mapping3.png)
 
-![Image of machine timeline with numbers](images/atp-remediated-alert.png)
+![Image of alert timeline with numbers](images/atp-siem-mapping4.png)
 
-![Image of file details](images/atp-file-details.png)
+![Image machine view](images/atp-mapping6.png)
+
+![Image browser URL](images/atp-mapping5.png)
+
+![Image actor alert](images/atp-mapping7.png)
 
 
 ## Related topics

windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md

@@ -24,14 +24,14 @@ localizationpriority: high
 
 <span id="sccm1606"/>
 ## Configure endpoints using System Center Configuration Manager (current branch) version 1606
-System Center Configuration Manager (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
+System Center Configuration Manager (SCCM) (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
 
 >[!NOTE]
 > If you’re using SCCM client version 1606 with server version 1610 or above, you must upgrade the client version to match the server version.
 
 <span id="sccm1602"/>
 ## Configure endpoints using System Center Configuration Manager earlier versions
-You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions:
+You can use existing System Center Configuration Manager functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions:
 
 - System Center 2012 Configuration Manager
 - System Center 2012 R2 Configuration Manager

windows/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md

@@ -1,6 +1,6 @@
 ---
 title: Investigate Windows Defender Advanced Threat Protection alerts
-description: Use the investigation options to get details on which alerts are affecting your network, what they mean, and how to resolve them.
+description: Use the investigation options to get details on alerts are affecting your network, what they mean, and how to resolve them.
 keywords: investigate, investigation, machines, machine, endpoints, endpoint, alerts queue, dashboard, IP address, file, submit, submissions, deep analysis, timeline, search, domain, URL, IP
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -15,30 +15,35 @@ localizationpriority: high
 
 **Applies to:**
 
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-You can click an alert in any of the [alert queues](alerts-queue-windows-defender-advanced-threat-protection.md) to begin an investigation. Selecting an alert brings up the **Alert management pane**, while clicking an alert brings you the alert details view where general information about the alert, some recommended actions, an alert process tree, an incident graph, and an alert timeline is shown.  
+Investigate alerts that are affecting your network, what they mean, and how to resolve them. Use the alert details view to see various tiles that provide information about alerts. You can also manage an alert and see alert metadata along with other information that can help you make better decisions on how to approach them.
+
+![Image of the alert page](images/atp-alert-details.png)
+
+
+The alert context tile shows the where, who, and when context of the alert. As with other pages, you can click on the icon beside the name or user account to bring up the machine or user details pane. The alert details view also has a status tile that shows the status of the alert in the queue. You'll also see a description and a set of recommended actions which you can expand.
+
+For more information about managing alerts, see [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md).
+
+The alert details page also shows the alert process tree, an incident graph, and an alert timeline.
 
 You can click on the machine link from the alert view to navigate to the machine. The alert will be highlighted automatically, and the timeline will display the appearance of the alert and its evidence in the **Machine timeline**. If the alert appeared more than once on the machine, the latest occurrence will be displayed in the **Machine timeline**.
 
 Alerts attributed to an adversary or actor display a colored tile with the actor's name.
 
-![A detailed view of an alert when clicked](images/alert-details.png)
+![A detailed view of an alert when clicked](images/atp-actor-alert.png)
 
 Click on the actor's name to see the threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, their tools, tactics, and processes (TTPs) and areas where they've been observed worldwide. You will also see a set of recommended actions to take.
 
 Some actor profiles include a link to download a more comprehensive threat intelligence report.
 
-![Image of detailed actor profile](images/atp-actor-report.png)
+![Image of detailed actor profile](images/atp-detailed-actor.png)
 
 The detailed alert profile helps you understand who the attackers are, who they target, what techniques, tools, and procedures (TTPs) they use, which geolocations they are active in, and finally, what recommended actions you may take. In many cases, you can download a more detailed Threat Intelligence report about this attacker or campaign for offline reading.
 
 ## Alert process tree
-The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence and other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page.
+The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence, together with other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page.
 
 ![Image of the alert process tree](images/atp-alert-process-tree.png)
 
@@ -46,11 +51,15 @@ The **Alert process tree** expands to display the execution path of the alert, i
 
 The alert and related events or evidence have circles with thunderbolt icons inside them.
 
+
 >[!NOTE]
 >The alert process tree might not be available in some alerts.
 
-Clicking in the circle immediately to the left of the indicator displays the **Alert details** pane where you can take a deeper look at the details about the alert. It displays rich information about the selected process, file, IP address, and other details taken from the entity's page –  while remaining on the alert page, so you never leave the current context of your investigation.  
+Clicking in the circle immediately to the left of the indicator displays its details.
 
+![Image of the alert details pane](images/atp-alert-mgt-pane.png)
+
+The alert details pane helps you take a deeper look at the details about the alert. It displays rich information about the execution details, file details, detections, observed worldwide, observed in organization, and other details taken from the entity's page –  while remaining on the alert page, so you never leave the current context of your investigation.  
 
 
 ## Incident graph
@@ -58,9 +67,7 @@ The **Incident Graph**  provides a visual representation of the organizational f
 
 ![Image of the Incident graph](images/atp-incident-graph.png)
 
-The **Incident Graph**  previously supported expansion by File and Process, and now supports expansion by additional criteria: known processes and Destination IP Address.
+The **Incident Graph** supports expansion by File, Process, command line, or Destination IP Address, as appropriate.
-
-The Windows Defender ATP service keeps track of "known processes". Alerts related to known processes mostly include specific command lines, that combined are the basis for the alert. The **Incident Graph** supports expanding known processes with their command line to display other machines where the known process and the same command line were observed.
 
 The **Incident Graph** expansion by destination IP Address, shows the organizational footprint of communications with this IP Address without having to change context by navigating to the IP Address page.
 

windows/threat-protection/windows-defender-atp/investigate-machines-windows-defender-advanced-threat-protection.md

@@ -15,10 +15,6 @@ localizationpriority: high
 
 **Applies to:**
 
-- Windows 10 Enterprise
-- Windows 10 Education
-- Windows 10 Pro
-- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 ## Investigate machines
@@ -55,7 +51,9 @@ You'll also see details such as logon types for each user account, the user grou
 
  For more information, see [Investigate user entities](investigate-user-windows-defender-advanced-threat-protection.md).
 
-The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert.
+The **Alerts related to this machine** section provides a list of alerts that are associated with the machine. You can also manage alerts from this section by clicking the circle icons to the left of the alert (or using Ctrl or Shift + click to select multiple alerts).
+
+This list is a filtered version of the [Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md), and shows the date when the alert's last activity was detected, a short description of the alert, the user account associated with the alert, the alert's severity, the alert's status in the queue, and who is addressing the alert. You'll also see a list of displayed alerts and you'll be able to quickly know the total number of alerts on the machine.
 
 You can also choose to highlight an alert from the **Alerts related to this machine** or from the  **Machine timeline** section to see the correlation between the alert and its related events on the machine by right-clicking on the alert and selecting **Select and mark events**. This highlights the alert and its related events and helps distinguish them from other alerts and events appearing in the timeline. Highlighted events are displayed in all information levels whether you choose to view the timeline by **Detections**, **Behaviors**, or **Verbose**.