From 3fc9d3aa2ba3f2b84414e130f987a2cb8a732b26 Mon Sep 17 00:00:00 2001
From: Liza Poggemeyer <elizapo@microsoft.com>
Date: Mon, 30 Apr 2018 16:54:13 +0000
Subject: [PATCH] Merged PR 7607: Landing page updates, push live 4/30

---
 browsers/edge/available-policies.md           |  2 +-
 .../educator-tib-get-started.md               |  9 ++-
 education/windows/switch-to-pro-education.md  |  4 +-
 .../windows-version-search.md                 |  2 +-
 ...el-windows-diagnostic-events-and-fields.md | 64 +++++++++----------
 windows/hub/TOC.md                            |  2 +-
 windows/hub/index.md                          |  6 +-
 .../attack-surface-reduction-exploit-guard.md | 41 +++++++++++-
 .../customize-attack-surface-reduction.md     | 11 +++-
 .../enable-attack-surface-reduction.md        | 11 +++-
 windows/whats-new/index.md                    |  3 +-
 .../whats-new-windows-10-version-1803.md      | 13 +++-
 12 files changed, 111 insertions(+), 57 deletions(-)

diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index fcdd64629c..1c19fbbff1 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -9,7 +9,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
 ms.localizationpriority: high
-ms.date: 4/20/2018 #Previous release date 09/13/2017
+ms.date: 4/30/2018 #Previsou release date 09/13/2017
 ---
 
 # Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
diff --git a/education/trial-in-a-box/educator-tib-get-started.md b/education/trial-in-a-box/educator-tib-get-started.md
index 2c4fd4b739..1995443537 100644
--- a/education/trial-in-a-box/educator-tib-get-started.md
+++ b/education/trial-in-a-box/educator-tib-get-started.md
@@ -26,8 +26,7 @@ ms.date: 03/18/2018
 | [![Try Learning Tools Immersive Reader](images/edu-TIB-setp-2-v3.png)](#edu-task2) | **Interested in significantly improving your students' reading speed and comprehension?<sup>[1](#footnote1)</sup>** </br>Try the [Learning Tools Immersive Reader](#edu-task2) to see how kids can learn to read faster, using text read aloud, and highlighting words for syntax. |
 | [![Launch Microsoft Teams](images/edu-TIB-setp-3-v3.png)](#edu-task3) | **Looking to foster collaboration, communication, and critical thinking in the classroom?** </br>Launch [Microsoft Teams](#edu-task3) and learn how to set up digital classroom discussions, respond to student questions, and organize class content. |
 | [![Open OneNote](images/edu-TIB-setp-4-v3.png)](#edu-task4) | **Trying to expand classroom creativity and interaction between students?** </br>Open [OneNote](#edu-task4) and create an example group project for your class. |
-| [![Try Photos app](images/edu-tib-setp-5-v4.png)](#edu-task5) | **Curious about telling stories through video?** </br>Try the [Photos app](#edu-task5) to make your own example video. |
-| [![Play with Minecraft: Education Edition](images/edu-tib-setp-6-v4.png)](#edu-task6) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task6) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
+| [![Play with Minecraft: Education Edition](images/edu-TIB-setp-5-v3.png)](#edu-task5) | **Want to teach kids to further collaborate and problem solve?** </br>Play with [Minecraft: Education Edition](#edu-task5) to see how it can be used as a collaborative and versatile platform across subjects to encourage 21st century skills. |
 |  |  |
 
 </br>
@@ -139,7 +138,7 @@ When you're not using the pen, just use the magnet to stick it to the left side
 </br>
 </br>
 
-![Inspire your students to tell their stories through video!](images/edu-tib-setp-5-jump2.png)
+<!-- ![Inspire your students to tell their stories through video!](images/edu-tib-setp-5-jump2.png)
 ## <a name="edu-task5"></a>5. Engage with students by creating videos
 
 PHOTOS APP VIDEO COMING SOON!
@@ -183,10 +182,10 @@ Use video to create a project summary.
 Check out this use case video of the Photos team partnering with the Bureau Of Fearless Ideas in Seattle to bring the Photos app to local middle school students: <a href="https://www.youtube.com/watch?v=0dFFAu6XwPg" target="_blank">https://www.youtube.com/watch?v=0dFFAu6XwPg</a>
 </br>
 </br>
-</br>
+</br> -->
 
 ![Further collaborate and problem solve with Minecraft: Education Edition](images/edu-TIB-setp-5-jump.png) 
-## <a name="edu-task6"></a>6. Get kids to further collaborate and problem solve
+## <a name="edu-task5"></a>5. Get kids to further collaborate and problem solve
 
 > [!VIDEO https://www.youtube.com/embed/QI_bRNUugog]
 
diff --git a/education/windows/switch-to-pro-education.md b/education/windows/switch-to-pro-education.md
index 715350a167..31b94541f8 100644
--- a/education/windows/switch-to-pro-education.md
+++ b/education/windows/switch-to-pro-education.md
@@ -7,8 +7,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: high
-author: CelesteDG
-ms.author: celested, MikeBlodge
+author: MikeBlodge
+ms.author: MikeBlodge
 ms.date: 10/30/2017
 ---
 
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index 701cab6076..871658d3ff 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: MikeBlodge
-ms.author: MikeBlodge, Kaushik Ainapure
+ms.author: MikeBlodge
 ms.date: 04/30/2018
 ---
 
diff --git a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
index bbc8aa6974..a57aebf1fb 100644
--- a/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
+++ b/windows/configuration/basic-level-windows-diagnostic-events-and-fields.md
@@ -9,7 +9,7 @@ ms.pagetype: security
 localizationpriority: high
 author: brianlic-msft
 ms.author: brianlic
-ms.date: 4/10/2018
+ms.date: 4/30/2018
 ---
 
 
@@ -1780,7 +1780,7 @@ Fired by UTC as a heartbeat signal.
 The following fields are available:
 
 - **AgentConnectionErrorsCount**  Number of non-timeout errors associated with the host/agent channel.
-- **CensusExitCode**  Last exit code of�Census task.
+- **CensusExitCode**  Last exit code of Census task.
 - **CensusStartTime**  Time of last Census run.
 - **CensusTaskEnabled**  True if Census is enabled, false otherwise.
 - **CompressedBytesUploaded**  Number of compressed bytes uploaded.
@@ -1807,14 +1807,14 @@ The following fields are available:
 - **LastAgentConnectionError**  Last non-timeout error encountered in the host/agent channel.
 - **LastEventSizeOffender**  Event name of last event which exceeded max event size.
 - **LastInvalidHttpCode**  Last invalid HTTP code received from Vortex.
-- **MaxActiveAgentConnectionCount**  Maximum number of active agents during this�heartbeat timeframe.
+- **MaxActiveAgentConnectionCount**  Maximum number of active agents during this heartbeat timeframe.
 - **MaxInUseScenarioCounter**  Soft maximum number of scenarios loaded by UTC.
 - **PreviousHeartBeatTime**  Time of last heartbeat event (allows chaining of events).
 - **SettingsHttpAttempts**  Number of attempts to contact OneSettings service.
-- **SettingsHttpFailures**  Number of failures from contacting�OneSettings service.
+- **SettingsHttpFailures**  Number of failures from contacting OneSettings service.
 - **ThrottledDroppedCount**  Number of events dropped due to throttling of noisy providers.
 - **UploaderDroppedCount**  Number of events dropped at the uploader layer of telemetry client.
-- **VortexFailuresTimeout**  Number of time out failures�received from Vortex.
+- **VortexFailuresTimeout**  Number of time out failures received from Vortex.
 - **VortexHttpAttempts**  Number of attempts to contact Vortex.
 - **VortexHttpFailures4xx**  Number of 400-499 error codes received from Vortex.
 - **VortexHttpFailures5xx**  Number of 500-599 error codes received from Vortex.
@@ -3956,7 +3956,7 @@ This event collects information when express could not be used and we fall back
 
 The following fields are available:
 
-- **FlightId**  The error code returned for the current install phase. 
+- **FlightId**  Unique ID for each flight. 
 - **ObjectId**  Unique value for each Update Agent mode. 
 - **PackageCount**  Number of packages that feel back to canonical. 
 - **PackageList**  PackageIds which fell back to canonical. 
@@ -3978,7 +3978,7 @@ The following fields are available:
 - **ObjectId**  Unique value for each Update Agent mode. 
 - **RelatedCV**  Correlation vector value generated from the latest USO scan.
 - **Result**  Outcome of the install phase of the update. 
-- **ScenarioId**  Unique value for each update attempt.  
+- **ScenarioId**  Indicates the update scenario.  
 - **SessionData**  String containing instructions to update agent for processing FODs and DUICs (Null for other scenarios).  
 - **SessionId**  Unique value for each update attempt.  
 - **UpdateId**  Unique ID for each update. 
@@ -4044,7 +4044,7 @@ The following fields are available:
 - **PostRebootResult**  Indicates the Hresult
 - **RelatedCV**  Correlation vector value generated from the latest USO scan
 - **ScenarioId**  The scenario ID. Example: MobileUpdate, DesktopLanguagePack, DesktopFeatureOnDemand, or DesktopDriverUpdate
-- **SessionId**  Unique value for each Update Agent mode attempt
+- **SessionId**  Unique value for each update attempt.
 - **UpdateId**  Unique ID for each update
 
 
@@ -4546,33 +4546,33 @@ The following fields are available:
 
 - **background**  If the download is happening in the background
 - **bytesRequested**  Number of bytes requested for download.
-- **cdnUrl**  Number of bytes requested for download
-- **costFlags**  Url of the source CDN
-- **deviceProfile**  Network cost flags
-- **diceRoll**  Identifies the usage or form factor (Desktop, Xbox, VM, etc)
-- **doClientVersion**  Random number used for determining if a client will use peering
-- **doErrorCode**  Version of the Delivery Optimization client
-- **downloadMode**  Delivery Optimization error code returned
-- **downloadModeSrc**  DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100)
-- **errorCode**  Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9)
-- **experimentId**  Error code returned
-- **fileID**  Used to correlate client/services calls that are part of the same test during A/B testing
-- **filePath**  ID of the File being downloaded
-- **fileSize**  Path to where the downloaded file will be written
-- **fileSizeCaller**  Total filesize of the file that was downloaded
-- **groupID**  Value for total file size provided by our caller
-- **isVpn**  ID for the group
-- **jobID**  If the machine is connected to a Virtual Private Network
-- **peerID**  Minimum filesize policy set for the device to allow Peering with Delivery Optimization
+- **cdnUrl**  Url of the source CDN
+- **costFlags**  Network cost flags
+- **deviceProfile**  Identifies the usage or form factor (Desktop, Xbox, VM, etc)
+- **diceRoll**  Random number used for determining if a client will use peering
+- **doClientVersion**  Version of the Delivery Optimization client
+- **doErrorCode**  Delivery Optimization error code returned
+- **downloadMode**  DownloadMode used (CdnOnly = 0, Lan = 1, Group = 2, Internet = 3, Simple = 99, Bypass = 100)
+- **downloadModeSrc**  Source of the DownloadMode setting (KvsProvider: 0, GeoProvider: 1, GeoVerProvider: 2, CpProvider: 3, DiscoveryProvider: 4, RegistryProvider: 5, GroupPolicyProvider: 6, MdmProvider: 7, SettingsProvider: 8, InvalidProviderType: 9)
+- **errorCode**  Error code returned
+- **experimentId**  Used to correlate client/services calls that are part of the same test during A/B testing
+- **fileID**  ID of the File being downloaded
+- **filePath**  Path to where the downloaded file will be written
+- **fileSize**  Total filesize of the file that was downloaded
+- **fileSizeCaller**  Value for total file size provided by our caller
+- **groupID**  ID for the group
+- **isVpn** If the machine is connected to a Virtual Private Network 
+- **jobID**  Identifier for the Windows Update Job
+- **peerID**  ID for this Delivery Optimization client
 - **predefinedCallerName**  Name of the API caller
-- **sessionID**  Name of the API Caller
-- **setConfigs**  ID of the Update being downloaded
+- **sessionID**  ID for the file download session
+- **setConfigs**  ID of the update being downloaded
 - **updateID**  ID for the file download session
-- **usedMemoryStream**  ID of the Update being downloaded
+- **usedMemoryStream**  If the download is using memory streaming in App downloads
 - **callerName**  Name of the API Caller
-- **minDiskSizeGB**  Identifier for the Windows Update Job
-- **minDiskSizePolicyEnforced**  The minimum disk size policy set for the device to allow Peering with Delivery Optimization
-- **minFileSizePolicy**  If there is an enforced mininum disk size requirement for peering
+- **minDiskSizeGB**  The minimum disk size policy set for the device to allow Peering with Delivery Optimization
+- **minDiskSizePolicyEnforced**  If there is an enforced mininum disk size requirement for peering
+- **minFileSizePolicy**  The minimum file size policy set for the device to allow Peering with Delivery Optimization
 - **scenarioID**  ID for the Scenario
 - **isEncrypted**  Whether the download is encrypted
 
diff --git a/windows/hub/TOC.md b/windows/hub/TOC.md
index 43202e6dde..cb339d35c0 100644
--- a/windows/hub/TOC.md
+++ b/windows/hub/TOC.md
@@ -1,5 +1,5 @@
 # [Windows 10 and Windows 10 Mobile](index.md)
-## [Get started](/windows/whats-new/get-started-with-1709)
+## [Get started](/windows/whats-new/whats-new-windows-10-version-1803)
 ## [What's new](/windows/whats-new)
 ## [Deployment](/windows/deployment)
 ## [Configuration](/windows/configuration)
diff --git a/windows/hub/index.md b/windows/hub/index.md
index 40d4c2db5e..7e81581590 100644
--- a/windows/hub/index.md
+++ b/windows/hub/index.md
@@ -8,7 +8,7 @@ author: greg-lindsay
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.date: 03/28/2018
+ms.date: 04/30/2018
 ---
 
 # Windows 10 and Windows 10 Mobile
@@ -18,9 +18,9 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
 
 &nbsp;
 
-> [!video https://www.microsoft.com/en-us/videoplayer/embed/43942201-bec9-4f8b-8ba7-2d9bfafa8bba?autoplay=false]
-
+> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
 
+## Check out [what's new in Windows 10, version 1803](../whats-new/whats-new-windows-10-version-1803).
 <br>
 <table border="0" width="100%" align="center">
   <tr style="text-align:center;">
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index 889d969f79..02ccecc491 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/30/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/01/2018
 ---
 
 
@@ -76,6 +76,11 @@ Block Office applications from injecting code into other processes | 75668C1F-73
 Block JavaScript or VBScript from launching downloaded executable content | D3E037E1-3EB8-44C8-A917-57927947596D
 Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
 Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+Block executable files from running unless they meet a prevalence, age, or trusted list criteria | 01443614-cd74-433a-b99e-2ecdc07bfc25
+Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d35
+Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
+Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
+Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
 
 The rules apply to the following Office apps running on Windows 10, version 1709. See the **Applies to** section at the start of this topic for a list of supported Office version.
 
@@ -147,7 +152,37 @@ Malware can use macro code in Office files to import and load Win32 DLLs, which
 
 This rule attempts to block Office files that contain macro code that is capable of importing Win32 DLLs. 
 
+### Rule: Block executable files from running unless they meet a prevalence, age, or trusted list criteria
+ 
+This rule blocks the following file types from being run or launched unless they meet prevalence or age criteria set by admins, or they are in a trusted list or exclusion list:
+ 
+- Executable files (such as .exe, .dll, or .scr) 
+- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
+ 
+### Rule: Use advanced protection against ransomware
+ 
+This rule provides an extra layer of protection against ransomware. Executable files that enter the system will be scanned to determine whether they are trustworthy. If the files exhibit characteristics that closely resemble ransomware, they are blocked from being run or launched, provided they are not already in the trusted list or exception list.
+ 
+### Rule: Block credential stealing from the Windows local security authority subsystem (lsass.exe)
+ 
+Local Security Authority Subsystem Service (LSASS) authenticates users who log in to a Windows computer. Windows Defender Credential Guard in Windows 10 normally prevents attempts to extract credentials from LSASS. However, some organizations can't enable Credential Guard on all of their computers because of compatibility issues with custom smartcard drivers or other programs that load into the Local Security Authority (LSA). In these cases, attackers can use tools like Mimikatz to scrape cleartext passwords and NTLM hashes from LSASS. This rule helps mitigate that risk by locking down LSASS.
 
+>[!IMPORTANT]
+>[Exclusions do not apply to this rule](customize-attack-surface-reduction.md#exclude-files-and-folders).
+ 
+### Rule: Block process creations originating from PSExec and WMI commands
+ 
+This rule blocks processes through PsExec and WMI commands from running, to prevent remote code execution that can spread malware attacks.
+
+>[!WARNING]
+>[Only use this rule if you are managing your devices with Intune or other MDM solution. If you use this rule with SCCM, it will prevent SCCM compliance rules from working, because this rule blocks the PSExec commands in SCCM.]
+ 
+### Rule: Block untrusted and unsigned processes that run from USB
+ 
+With this rule, admins can prevent unsigned or untrusted executable files from running from USB removable drives, including SD cards. Blocked file types include:
+ 
+- Executable files (such as .exe, .dll, or .scr) 
+- Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
 
 ## Requirements
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
index b046ee873b..c9fef6c9d8 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/09/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/01/2018
 ---
 
 # Customize Attack surface reduction
@@ -69,6 +69,11 @@ Block Office applications from creating executable content | [!include[Check mar
 Block Office applications from injecting code into other processes | [!include[Check mark no](images/svg/check-no.svg)] | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
 Block JavaScript or VBScript from launching downloaded executable content | [!include[Check mark no](images/svg/check-no.svg)] | D3E037E1-3EB8-44C8-A917-57927947596D
 Block executable content from email client and webmail | [!include[Check mark no](images/svg/check-no.svg)] | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
+Block executable files from running unless they meet a prevalence, age, or trusted list criteria | [!include[Check mark yes](images/svg/check-yes.svg)] | 01443614-cd74-433a-b99e-2ecdc07bfc25
+Use advanced protection against ransomware | [!include[Check mark yes](images/svg/check-yes.svg)] | c1db55ab-c21a-4637-bb3f-a12568109d35
+Block credential stealing from the Windows local security authority subsystem (lsass.exe) | [!include[Check mark no](images/svg/check-no.svg)] | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
+Block process creations originating from PSExec and WMI commands | [!include[Check mark yes](images/svg/check-yes.svg)] | d1e49aac-8f56-4280-b9ba-993a6d77406c
+Block untrusted and unsigned processes that run from USB | [!include[Check mark yes](images/svg/check-yes.svg)] | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
 
 See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index aafca3a295..0e8bf6b047 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/09/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/01/2018
 ---
 
 
@@ -59,6 +59,11 @@ Block Office applications from injecting code into other processes | 75668C1F-73
 Block JavaScript or VBScript from launching downloaded executable content | D3E037E1-3EB8-44C8-A917-57927947596D
 Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
 Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+Block executable files from running unless they meet a prevalence, age, or trusted list criteria | 01443614-cd74-433a-b99e-2ecdc07bfc25
+Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d35
+Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2
+Block process creations originating from PSExec and WMI commands | d1e49aac-8f56-4280-b9ba-993a6d77406c
+Block untrusted and unsigned processes that run from USB | b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4
 
 See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index 63f5964ba8..e37e313557 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -5,7 +5,7 @@ ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
 keywords: ["What's new in Windows 10", "Windows 10", "anniversary update", "contribute", "edit topic", "Creators Update", "Fall Creators Update"]
 ms.prod: w10
 author: TrudyHa
-ms.date: 10/16/2017
+ms.date: 04/30/2018
 ms.localizationpriority: high
 ---
 
@@ -16,6 +16,7 @@ Windows 10 provides IT professionals with advanced protection against modern sec
 
 ## In this section
 
+- [What's new in Windows 10, version 1803](whats-new-windows-10-version-1803.md)
 - [What's new in Windows 10, version 1709](whats-new-windows-10-version-1709.md)
 - [What's new in Windows 10, version 1703](whats-new-windows-10-version-1703.md)
 - [What's new in Windows 10, version 1607](whats-new-windows-10-version-1607.md)
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index 754cc45fc7..e246e4481c 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -51,7 +51,16 @@ For more information, see [Windows 10 Pro/Enterprise in S mode](https://docs.mic
 
 ### Windows 10 kiosk and Kiosk Browser
 
-With this release you can easily deploy and manage kiosk devices with Microsoft Intune in single and multiple app scenarios. This includes the new Kiosk Browser available from the Microsoft Store. Kiosk Browser is great for delivering a reliable and custom-tailored browsing experience for scenarios such as retail and signage. 
+With this release you can easily deploy and manage kiosk devices with Microsoft Intune in single and multiple app scenarios. This includes the new Kiosk Browser available from the Microsoft Store. Kiosk Browser is great for delivering a reliable and custom-tailored browsing experience for scenarios such as retail and signage. A summary of new features is below.
+
+- Using Intune, you can deploy the Kiosk Browser from the Microsoft Store, configure start URL, allowed URLs, and enable/disable navigation buttons.
+- Using Intune, you can deploy and configure shared devices and kiosks using assigned access to create a curated experience with the correct apps and configuration policies
+- Support for multiple screens for digital signage use cases.
+- The ability to ensure all MDM configurations are enforced on the device prior to entering assigned access using the Enrollment Status page.
+- The ability to configure and run Shell Launcher in addition to existing UWP Store apps.
+- A simplified process for creating and configuring an auto-logon kiosk account so that a public kiosk automatically enters a desired state after a reboot, a critical security requirement for public-facing use cases.
+- For multi-user Firstline Worker kiosk devices, instead of specifying every user, it’s now possible to assign different assigned access configurations to Azure AD groups or Active Directory groups.
+- To help with troubleshooting, you can now view error reports generated if an assigned access-configured app has issues.
 
 For more information, see: 
 - [Making IT simpler with a modern workplace](https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/)
@@ -210,7 +219,7 @@ Update Compliance has added Delivery Optimization to assess the bandwidth consum
 
 Device Health’s new App Reliability reports enable you to see where app updates or configuration changes may be needed to reduce crashes. The Login Health reports reveal adoption, success rates, and errors for Windows Hello and for passwords— for a smooth migration to the password-less future. For more information, see [Using Device Health](https://docs.microsoft.com/en-us/windows/deployment/update/device-health-using)
 
-## Edge
+## Microsoft Edge
 
 iOS and Android versions of Edge are now available. Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.