**Note** For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
-| Memory |
Windows 10 (32-bit) - 1 GB
Windows 10 (64-bit) - 2 GB
|
-| Hard drive space |
Windows 10 (32-bit) - 16 GB
Windows 10 (64-bit) - 20 GB
|
-| DVD drive | DVD-ROM drive (if installing from a DVD-ROM) |
-| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
-| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
-| Peripherals | Internet connection and a compatible pointing device |
+| Item | Minimum requirements |
+|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) |
+| Operating system |
Windows 10 (32-bit or 64-bit)
Windows 10 Mobile
Note For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
+| Memory |
Windows 10 (32-bit) - 1 GB
Windows 10 (64-bit) - 2 GB
|
+| Hard drive space |
Windows 10 (32-bit) - 16 GB
Windows 10 (64-bit) - 20 GB
|
+| DVD drive | DVD-ROM drive (if installing from a DVD-ROM) |
+| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
+| Graphics card | Microsoft DirectX 9 or later with Windows Display Driver Model (WDDM) 1.0 driver |
+| Peripherals | Internet connection and a compatible pointing device |
+
---
-
+
## Supported languages
-Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/en-us/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages.
+Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages.
If the extension does not work after install, restart Microsoft Edge. If the extension still does not work, provide feedback through the Feedback Hub.
-| Language | Country/Region | Code |
-| ------------------------ | -------------- | ------ |
-| Afrikaans (South Africa) | South Africa | af-ZA |
-| Albanian (Albania) | Albania | sq-AL |
-| Amharic | Ethiopia | am-ET |
-| Arabic (Saudi Arabia) | Saudi Arabia | ar-SA |
-| Armenian | Armenia | hy-AM |
-| Assamese | India | as-IN |
-| Azerbaijani (Latin, Azerbaijan) | Azerbaijan | az-Latn-AZ |
-| Bangla (Bangladesh) | Bangladesh | bn-BD |
-| Bangla (India) | India | bn-IN |
-| Basque (Basque) | Spain | eu-ES |
-| Belarusian (Belarus) | Belarus | be-BY |
-| Bosnian (Latin) | Bosnia and Herzegovina | bs-Latn-BA |
-| Bulgarian (Bulgaria) | Bulgaria | bg-BG |
-| Catalan (Catalan) | Spain | ca-ES |
-| Central Kurdish (Arabic) | Iraq | ku-Arab-IQ |
-| Cherokee (Cherokee) | United States | chr-Cher-US |
-| Chinese (Hong Kong SAR) | Hong Kong Special Administrative Region | zh-HK |
-| Chinese (Simplified, China) | People's Republic of China | zh-CN |
-| Chinese (Traditional, Taiwan) | Taiwan | zh-TW |
-| Croatian (Croatia) | Croatia | hr-HR |
-| Czech (Czech Republic) | Czech Republic | cs-CZ |
-| Danish (Denmark) | Denmark | da-DK |
-| Dari | Afghanistan | prs-AF |
-| Dutch (Netherlands) | Netherlands | nl-NL |
-| English (United Kingdom) | United Kingdom | en-GB |
-| English (United States) | United States | en-US |
-| Estonian (Estonia) | Estonia | et-EE |
-| Filipino (Philippines) | Philippines | fil-PH |
-| Finnish (Finland) | Finland | fi_FI |
-| French (Canada) | Canada | fr-CA |
-| French (France) | France | fr-FR |
-| Galician (Galician) | Spain | gl-ES |
-| Georgian | Georgia | ka-GE |
-| German (Germany) | Germany | de-DE |
-| Greek (Greece) | Greece | el-GR |
-| Gujarati | India | gu-IN |
-| Hausa (Latin, Nigeria) | Nigeria | ha-Latn-NG |
-| Hebrew (Israel) | Israel | he-IL |
-| Hindi (India) | India | hi-IN |
-| Hungarian (Hungary) | Hungary | hu-HU |
-| Icelandic | Iceland | is-IS |
-| Igbo | Nigeria | ig-NG |
-| Indonesian (Indonesia) | Indonesia | id-ID |
-| Irish | Ireland | ga-IE |
-| isiXhosa | South Africa | xh-ZA |
-| isiZulu | South Africa | zu-ZA |
-| Italian (Italy) | Italy | it-IT |
-| Japanese (Japan) | Japan | ja-JP |
-| Kannada | India | kn-IN |
-| Kazakh (Kazakhstan) | Kazakhstan | kk-KZ |
-| Khmer (Cambodia) | Cambodia | km-KH |
-| K'iche' | Guatemala | quc-Latn-GT |
-| Kinyarwanda | Rwanda | rw-RW |
-| KiSwahili | Kenya, Tanzania | sw-KE |
-| Konkani | India | kok-IN |
-| Korean (Korea) | Korea | ko-KR |
-| Kyrgyz | Kyrgyzstan | ky-KG |
-| Lao (Laos) | Lao P.D.R. | lo-LA |
-| Latvian (Latvia) | Latvia | lv-LV |
-| Lithuanian (Lithuania) | Lithuania | lt-LT |
-| Luxembourgish (Luxembourg) | Luxembourg | lb-LU |
-| Macedonian (Former Yugoslav Republic of Macedonia) | Macedonia (FYROM) | mk-MK |
-| Malay (Malaysia) | Malaysia, Brunei, and Singapore | ms-MY |
-| Malayalam | India | ml-IN |
-| Maltese | Malta | mt-MT |
-| Maori | New Zealand | mi-NZ |
-| Marathi | India | mr-IN |
-| Mongolian (Cyrillic) | Mongolia | mn-MN |
-| Nepali | Federal Democratic Republic of Nepal | ne-NP |
-| Norwegian (Nynorsk) | Norway | nn-NO |
-| Norwegian, Bokmål (Norway) | Norway | nb-NO |
-| Odia | India | or-IN |
-| Polish (Poland) | Poland | pl-PL |
-| Portuguese (Brazil) | Brazil | pt-BR |
-| Portuguese (Portugal) | Portugal | pt-PT |
-| Punjabi | India | pa-IN |
-| Punjabi (Arabic) | Pakistan | pa-Arab-PK |
-| Quechua | Peru | quz-PE |
-| Romanian (Romania) | Romania | ro-RO |
-| Russian (Russia) | Russia | ru-RU |
-| Scottish Gaelic | United Kingdom | gd-GB |
-| Serbian (Cyrillic, Bosnia, and Herzegovina) | Bosnia and Herzegovina | sr-Cyrl-BA |
-| Serbian (Cyrillic, Serbia) | Serbia | sr-Cyrl-RS |
-| Serbian (Latin, Serbia) | Serbia | sr-Latn-RS |
-| Sesotho sa Leboa | South Africa | nso-ZA |
-| Setswana (South Africa) | South Africa and Botswana | tn-ZA |
-| Sindhi (Arabic) | Pakistan | sd-Arab-PK |
-| Sinhala | Sri Lanka | si-LK |
-| Slovak (Slovakia) | Slovakia | sk-SK |
-| Slovenian (Slovenia) | Slovenia | sl-SL |
-| Spanish (Mexico) | Mexico | es-MX |
-| Spanish (Spain, International Sort) | Spain | en-ES |
-| Swedish (Sweden) | Sweden | sv-SE |
-| Tajik (Cyrillic) | Tajikistan | tg-Cyrl-TJ |
-| Tamil (India) | India and Sri Lanka | ta-IN |
-| Tatar | Russia | tt-RU |
-| Telugu | India | te-IN |
-| Thai (Thailand) | Thailand | th-TH |
-| Tigrinya (Ethiopia) | Ethiopia | ti-ET |
-| Turkish (Turkey) | Turkey | tr-TR |
-| Turkmen | Turkmenistan | tk-TM |
-| Ukrainian (Ukraine) | Ukraine | uk-UA |
-| Urdu | Pakistan | ur-PK |
-| Uyghur | People's Republic of China | ug-CN |
-| Uzbek (Latin, Uzbekistan) | Uzbekistan | uz-Latn-UZ |
-| Valencian | Spain | ca-ES-valencia |
-| Vietnamese | Vietnam | vi-VN |
-| Welsh | United Kingdom | cy-GB |
-| Wolof | Senegal | wo-SN |
-| Yoruba | Nigeria | yo-NG |
----
\ No newline at end of file
+| Language | Country/Region | Code |
+|----------------------------------------------------|-----------------------------------------|----------------|
+| Afrikaans (South Africa) | South Africa | af-ZA |
+| Albanian (Albania) | Albania | sq-AL |
+| Amharic | Ethiopia | am-ET |
+| Arabic (Saudi Arabia) | Saudi Arabia | ar-SA |
+| Armenian | Armenia | hy-AM |
+| Assamese | India | as-IN |
+| Azerbaijani (Latin, Azerbaijan) | Azerbaijan | az-Latn-AZ |
+| Bangla (Bangladesh) | Bangladesh | bn-BD |
+| Bangla (India) | India | bn-IN |
+| Basque (Basque) | Spain | eu-ES |
+| Belarusian (Belarus) | Belarus | be-BY |
+| Bosnian (Latin) | Bosnia and Herzegovina | bs-Latn-BA |
+| Bulgarian (Bulgaria) | Bulgaria | bg-BG |
+| Catalan (Catalan) | Spain | ca-ES |
+| Central Kurdish (Arabic) | Iraq | ku-Arab-IQ |
+| Cherokee (Cherokee) | United States | chr-Cher-US |
+| Chinese (Hong Kong SAR) | Hong Kong Special Administrative Region | zh-HK |
+| Chinese (Simplified, China) | People's Republic of China | zh-CN |
+| Chinese (Traditional, Taiwan) | Taiwan | zh-TW |
+| Croatian (Croatia) | Croatia | hr-HR |
+| Czech (Czech Republic) | Czech Republic | cs-CZ |
+| Danish (Denmark) | Denmark | da-DK |
+| Dari | Afghanistan | prs-AF |
+| Dutch (Netherlands) | Netherlands | nl-NL |
+| English (United Kingdom) | United Kingdom | en-GB |
+| English (United States) | United States | en-US |
+| Estonian (Estonia) | Estonia | et-EE |
+| Filipino (Philippines) | Philippines | fil-PH |
+| Finnish (Finland) | Finland | fi_FI |
+| French (Canada) | Canada | fr-CA |
+| French (France) | France | fr-FR |
+| Galician (Galician) | Spain | gl-ES |
+| Georgian | Georgia | ka-GE |
+| German (Germany) | Germany | de-DE |
+| Greek (Greece) | Greece | el-GR |
+| Gujarati | India | gu-IN |
+| Hausa (Latin, Nigeria) | Nigeria | ha-Latn-NG |
+| Hebrew (Israel) | Israel | he-IL |
+| Hindi (India) | India | hi-IN |
+| Hungarian (Hungary) | Hungary | hu-HU |
+| Icelandic | Iceland | is-IS |
+| Igbo | Nigeria | ig-NG |
+| Indonesian (Indonesia) | Indonesia | id-ID |
+| Irish | Ireland | ga-IE |
+| isiXhosa | South Africa | xh-ZA |
+| isiZulu | South Africa | zu-ZA |
+| Italian (Italy) | Italy | it-IT |
+| Japanese (Japan) | Japan | ja-JP |
+| Kannada | India | kn-IN |
+| Kazakh (Kazakhstan) | Kazakhstan | kk-KZ |
+| Khmer (Cambodia) | Cambodia | km-KH |
+| K'iche' | Guatemala | quc-Latn-GT |
+| Kinyarwanda | Rwanda | rw-RW |
+| KiSwahili | Kenya, Tanzania | sw-KE |
+| Konkani | India | kok-IN |
+| Korean (Korea) | Korea | ko-KR |
+| Kyrgyz | Kyrgyzstan | ky-KG |
+| Lao (Laos) | Lao P.D.R. | lo-LA |
+| Latvian (Latvia) | Latvia | lv-LV |
+| Lithuanian (Lithuania) | Lithuania | lt-LT |
+| Luxembourgish (Luxembourg) | Luxembourg | lb-LU |
+| Macedonian (Former Yugoslav Republic of Macedonia) | Macedonia (FYROM) | mk-MK |
+| Malay (Malaysia) | Malaysia, Brunei, and Singapore | ms-MY |
+| Malayalam | India | ml-IN |
+| Maltese | Malta | mt-MT |
+| Maori | New Zealand | mi-NZ |
+| Marathi | India | mr-IN |
+| Mongolian (Cyrillic) | Mongolia | mn-MN |
+| Nepali | Federal Democratic Republic of Nepal | ne-NP |
+| Norwegian (Nynorsk) | Norway | nn-NO |
+| Norwegian, Bokmål (Norway) | Norway | nb-NO |
+| Odia | India | or-IN |
+| Polish (Poland) | Poland | pl-PL |
+| Portuguese (Brazil) | Brazil | pt-BR |
+| Portuguese (Portugal) | Portugal | pt-PT |
+| Punjabi | India | pa-IN |
+| Punjabi (Arabic) | Pakistan | pa-Arab-PK |
+| Quechua | Peru | quz-PE |
+| Romanian (Romania) | Romania | ro-RO |
+| Russian (Russia) | Russia | ru-RU |
+| Scottish Gaelic | United Kingdom | gd-GB |
+| Serbian (Cyrillic, Bosnia, and Herzegovina) | Bosnia and Herzegovina | sr-Cyrl-BA |
+| Serbian (Cyrillic, Serbia) | Serbia | sr-Cyrl-RS |
+| Serbian (Latin, Serbia) | Serbia | sr-Latn-RS |
+| Sesotho sa Leboa | South Africa | nso-ZA |
+| Setswana (South Africa) | South Africa and Botswana | tn-ZA |
+| Sindhi (Arabic) | Pakistan | sd-Arab-PK |
+| Sinhala | Sri Lanka | si-LK |
+| Slovak (Slovakia) | Slovakia | sk-SK |
+| Slovenian (Slovenia) | Slovenia | sl-SL |
+| Spanish (Mexico) | Mexico | es-MX |
+| Spanish (Spain, International Sort) | Spain | en-ES |
+| Swedish (Sweden) | Sweden | sv-SE |
+| Tajik (Cyrillic) | Tajikistan | tg-Cyrl-TJ |
+| Tamil (India) | India and Sri Lanka | ta-IN |
+| Tatar | Russia | tt-RU |
+| Telugu | India | te-IN |
+| Thai (Thailand) | Thailand | th-TH |
+| Tigrinya (Ethiopia) | Ethiopia | ti-ET |
+| Turkish (Turkey) | Turkey | tr-TR |
+| Turkmen | Turkmenistan | tk-TM |
+| Ukrainian (Ukraine) | Ukraine | uk-UA |
+| Urdu | Pakistan | ur-PK |
+| Uyghur | People's Republic of China | ug-CN |
+| Uzbek (Latin, Uzbekistan) | Uzbekistan | uz-Latn-UZ |
+| Valencian | Spain | ca-ES-valencia |
+| Vietnamese | Vietnam | vi-VN |
+| Welsh | United Kingdom | cy-GB |
+| Wolof | Senegal | wo-SN |
+| Yoruba | Nigeria | yo-NG |
+
+---
diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index e62e7d861d..37bef54e3a 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -1,16 +1,17 @@
---
-description: You can customize your organization’s browser settings in Microsoft Edge with Group Policy or Microsoft Intune, or other MDM service. When you do this, you set the policy once and then copy it onto many computers—that is, touch once, configure many.
+description: You can customize your organization’s browser settings in Microsoft Edge with Group Policy or Microsoft Intune, or other MDM service. When you do this, you set the policy once and then copy it onto many computers—that is, touch once, configure many.
ms.assetid: 2e849894-255d-4f68-ae88-c2e4e31fa165
-author: shortpatti
-ms.author: pashort
-manager: dougkim
+ms.reviewer:
+author: dansimp
+ms.author: dansimp
+audience: itpro
+manager: dansimp
ms.prod: edge
ms.mktglfcycl: explore
ms.topic: reference
ms.sitesec: library
title: Group Policy and Mobile Device Management settings for Microsoft Edge (Microsoft Edge for IT Pros)
ms.localizationpriority: medium
-ms.date: 10/29/2018
---
# Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge
@@ -218,4 +219,4 @@ Some policy settings have additional options you can configure. For example, if
- [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921)
- [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922)
- [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923)
-- [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
\ No newline at end of file
+- [Group Policy and Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index 6d86a32508..2529a88fea 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -6,18 +6,20 @@ ms.topic: reference
ms.mktglfcycl: explore
ms.sitesec: library
ms.localizationpriority: medium
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+audience: itpro
+manager: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.author: dansimp
---
# Change history for Microsoft Edge
Discover what's new and updated in the Microsoft Edge for both Windows 10 and Windows 10 Mobile.
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
-# [2018](#tab/2018)
-
+#### [2018](#tab/2018/)
## October 2018
The Microsoft Edge team introduces new group policies and MDM settings for Microsoft Edge on Windows 10. The new policies let you enable/disable
@@ -31,45 +33,45 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi
-| **New or updated** | **Group Policy** | **Description** |
-|------------|-----------------|--------------------|
-| New | [Allow fullscreen mode](group-policies/browser-settings-management-gp.md#allow-fullscreen-mode) | [!INCLUDE [allow-fullscreen-mode-shortdesc](shortdesc/allow-fullscreen-mode-shortdesc.md)] |
-| New | [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-prelaunch-shortdesc](shortdesc/allow-prelaunch-shortdesc.md)] |
-| New | [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-tab-preloading-shortdesc](shortdesc/allow-tab-preloading-shortdesc.md)] |
-| New | [Allow printing](group-policies/browser-settings-management-gp.md#allow-printing) | [!INCLUDE [allow-printing-shortdesc](shortdesc/allow-printing-shortdesc.md)] |
-| New | [Allow Saving History](group-policies/browser-settings-management-gp.md#allow-saving-history) | [!INCLUDE [allow-saving-history-shortdesc](shortdesc/allow-saving-history-shortdesc.md)] |
-| New | [Allow sideloading of Extensions](group-policies/extensions-management-gp.md#allow-sideloading-of-extensions) | [!INCLUDE [allow-sideloading-of-extensions-shortdesc](shortdesc/allow-sideloading-of-extensions-shortdesc.md)] |
-| New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] |
-| New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] |
-| New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] |
-| New | [Configure kiosk mode](available-policies.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] |
-| New | [Configure kiosk reset after idle timeout](available-policies.md#configure-kiosk-reset-after-idle-timeout) |[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] |
-| New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] |
-| New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] |
-| New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] |
-| New | [Prevent turning off required extensions](group-policies/extensions-management-gp.md#prevent-turning-off-required-extensions) | [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] |
-| New | [Set Home Button URL](group-policies/home-button-gp.md#set-home-button-url) | [!INCLUDE [set-home-button-url-shortdesc](shortdesc/set-home-button-url-shortdesc.md)] |
-| New | [Set New Tab page URL](group-policies/new-tab-page-settings-gp.md#set-new-tab-page-url) | [!INCLUDE [set-new-tab-url-shortdesc](shortdesc/set-new-tab-url-shortdesc.md)] |
-| Updated | [Show message when opening sites in Internet Explorer](group-policies/interoperability-enterprise-guidance-gp.md#show-message-when-opening-sites-in-internet-explorer) | [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] |
-| New | [Unlock Home Button](group-policies/home-button-gp.md#unlock-home-button) | [!INCLUDE [unlock-home-button-shortdesc](shortdesc/unlock-home-button-shortdesc.md)] |
-
-
-# [2017](#tab/2017)
+| **New or updated** | **Group Policy** | **Description** |
+|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
+| New | [Allow fullscreen mode](group-policies/browser-settings-management-gp.md#allow-fullscreen-mode) | [!INCLUDE [allow-fullscreen-mode-shortdesc](shortdesc/allow-fullscreen-mode-shortdesc.md)] |
+| New | [Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-pre-launch-at-windows-startup-when-the-system-is-idle-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-prelaunch-shortdesc](shortdesc/allow-prelaunch-shortdesc.md)] |
+| New | [Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed](group-policies/prelaunch-preload-gp.md#allow-microsoft-edge-to-load-the-start-and-new-tab-page-at-windows-startup-and-each-time-microsoft-edge-is-closed) | [!INCLUDE [allow-tab-preloading-shortdesc](shortdesc/allow-tab-preloading-shortdesc.md)] |
+| New | [Allow printing](group-policies/browser-settings-management-gp.md#allow-printing) | [!INCLUDE [allow-printing-shortdesc](shortdesc/allow-printing-shortdesc.md)] |
+| New | [Allow Saving History](group-policies/browser-settings-management-gp.md#allow-saving-history) | [!INCLUDE [allow-saving-history-shortdesc](shortdesc/allow-saving-history-shortdesc.md)] |
+| New | [Allow sideloading of Extensions](group-policies/extensions-management-gp.md#allow-sideloading-of-extensions) | [!INCLUDE [allow-sideloading-of-extensions-shortdesc](shortdesc/allow-sideloading-of-extensions-shortdesc.md)] |
+| New | [Configure collection of browsing data for Microsoft 365 Analytics](group-policies/telemetry-management-gp.md#configure-collection-of-browsing-data-for-microsoft-365-analytics) | [!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)] |
+| New | [Configure Favorites Bar](group-policies/favorites-management-gp.md#configure-favorites-bar) | [!INCLUDE [configure-favorites-bar-shortdesc](shortdesc/configure-favorites-bar-shortdesc.md)] |
+| New | [Configure Home Button](group-policies/home-button-gp.md#configure-home-button) | [!INCLUDE [configure-home-button-shortdesc](shortdesc/configure-home-button-shortdesc.md)] |
+| New | [Configure kiosk mode](available-policies.md#configure-kiosk-mode) | [!INCLUDE [configure-kiosk-mode-shortdesc](shortdesc/configure-kiosk-mode-shortdesc.md)] |
+| New | [Configure kiosk reset after idle timeout](available-policies.md#configure-kiosk-reset-after-idle-timeout) | [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)] |
+| New | [Configure Open Microsoft Edge With](group-policies/start-pages-gp.md#configure-open-microsoft-edge-with) | [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](shortdesc/configure-open-microsoft-edge-with-shortdesc.md)] |
+| New | [Prevent certificate error overrides](group-policies/security-privacy-management-gp.md#prevent-certificate-error-overrides) | [!INCLUDE [prevent-certificate-error-overrides-shortdesc](shortdesc/prevent-certificate-error-overrides-shortdesc.md)] |
+| New | [Prevent users from turning on browser syncing](group-policies/sync-browser-settings-gp.md#prevent-users-from-turning-on-browser-syncing) | [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)] |
+| New | [Prevent turning off required extensions](group-policies/extensions-management-gp.md#prevent-turning-off-required-extensions) | [!INCLUDE [prevent-turning-off-required-extensions-shortdesc](shortdesc/prevent-turning-off-required-extensions-shortdesc.md)] |
+| New | [Set Home Button URL](group-policies/home-button-gp.md#set-home-button-url) | [!INCLUDE [set-home-button-url-shortdesc](shortdesc/set-home-button-url-shortdesc.md)] |
+| New | [Set New Tab page URL](group-policies/new-tab-page-settings-gp.md#set-new-tab-page-url) | [!INCLUDE [set-new-tab-url-shortdesc](shortdesc/set-new-tab-url-shortdesc.md)] |
+| Updated | [Show message when opening sites in Internet Explorer](group-policies/interoperability-enterprise-guidance-gp.md#show-message-when-opening-sites-in-internet-explorer) | [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)] |
+| New | [Unlock Home Button](group-policies/home-button-gp.md#unlock-home-button) | [!INCLUDE [unlock-home-button-shortdesc](shortdesc/unlock-home-button-shortdesc.md)] |
+#### [2017](#tab/2017/)
## September 2017
+
|New or changed topic | Description |
|---------------------|-------------|
|[Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros](microsoft-edge-faq.md) | New |
## February 2017
+
|New or changed topic | Description |
|----------------------|-------------|
|[Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](available-policies.md) |Added new Group Policy and MDM settings for the Windows Insider Program. Reformatted for easier readability outside of scrolling table. |
-# [2016](#tab/2016)
-
+#### [2016](#tab/2016/)
## November 2016
+
|New or changed topic | Description |
|----------------------|-------------|
|[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added the infographic image and a download link.|
@@ -79,6 +81,7 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi
|[Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Added a link to the Microsoft Edge infographic, helping you to evaluate the potential impact of using Microsoft Edge in your organization. |
## July 2016
+
|New or changed topic | Description |
|----------------------|-------------|
|[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)| Updated to include a note about the Long Term Servicing Branch (LTSB). |
@@ -87,6 +90,7 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi
## June 2016
+
|New or changed topic | Description |
|----------------------|-------------|
|[Security enhancements for Microsoft Edge](security-enhancements-microsoft-edge.md) |New |
@@ -97,4 +101,4 @@ We have discontinued the **Configure Favorites** group policy, so use the [Provi
|----------------------|-------------|
|[Available Policies for Microsoft Edge](available-policies.md) | Added new policies and the Supported versions column for Windows 10 Insider Preview. |
----
+* * *
diff --git a/browsers/edge/docfx.json b/browsers/edge/docfx.json
index c0761e7192..640106062b 100644
--- a/browsers/edge/docfx.json
+++ b/browsers/edge/docfx.json
@@ -1,39 +1,52 @@
{
"build": {
- "content":
- [
- {
- "files": ["**/*.md","**/*.yml"],
- "exclude": ["**/obj/**"]
- }
- ],
+ "content": [
+ {
+ "files": [
+ "**/*.md",
+ "**/*.yml"
+ ],
+ "exclude": [
+ "**/obj/**",
+ "**/includes/**",
+ "**/shortdesc/**"
+ ]
+ }
+ ],
"resource": [
- {
- "files": ["**/images/**"],
- "exclude": ["**/obj/**"]
- }
+ {
+ "files": [
+ "**/images/**",
+ "**/*.png",
+ "**/*.jpg",
+ "**/*.gif"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
- "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.technology": "microsoft-edge",
- "ms.topic": "article",
- "ms.author": "shortpatti",
- "ms.date": "04/05/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.microsoft-edge"
- }
- }
+ "breadcrumb_path": "/microsoft-edge/deploy/breadcrumb/toc.json",
+ "ROBOTS": "INDEX, FOLLOW",
+ "ms.technology": "microsoft-edge",
+ "audience": "ITPro",
+ "ms.topic": "article",
+ "manager": "laurawi",
+ "ms.prod": "edge",
+ "feedback_system": "None",
+ "hideEdit": true,
+ "_op_documentIdPathDepotMapping": {
+ "./": {
+ "depot_name": "Win.microsoft-edge",
+ "folder_relative_path_in_docset": "./"
+ }
+ },
+ "titleSuffix": "Edge"
},
- "externalReference": [
- ],
+ "externalReference": [],
"template": "op.html",
"dest": "browsers/edge",
- "markdownEngineName": "dfm"
+ "markdownEngineName": "markdig"
}
-}
\ No newline at end of file
+}
diff --git a/browsers/edge/edge-technical-demos.md b/browsers/edge/edge-technical-demos.md
index 4044596777..d8eb14bd02 100644
--- a/browsers/edge/edge-technical-demos.md
+++ b/browsers/edge/edge-technical-demos.md
@@ -1,11 +1,14 @@
---
-title: Microsoft Edge training and demonstrations
+title: Microsoft Edge training and demonstrations
+ms.reviewer:
+audience: itpro
+manager: dansimp
description: Get access to training and demonstrations for Microsoft Edge.
ms.prod: edge
ms.topic: article
-ms.manager: elizapo
-author: lizap
-ms.author: elizapo
+ms.manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.localizationpriority: high
---
@@ -27,10 +30,10 @@ Find out more about new and improved features of Microsoft Edge, and how you can
Get a behind the scenes look at Microsoft Edge and the improvements we've made to make it faster and more efficient.
-![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es14]
+> [!VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es14/player]
### Building a safer browser: Four guards to keep users safe
Learn about our security strategy and how we use the Four Guards to keep your users safe while they browse the Internet.
-![VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es03]
\ No newline at end of file
+> [!VIDEO https://channel9.msdn.com/events/webplatformsummit/microsoft-edge-web-summit-2017/es03/player]
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index 5fa2461985..40444da9f6 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -1,23 +1,28 @@
---
description: If you're having problems with Microsoft Edge, this topic tells how to use the Enterprise Mode site list to automatically open sites using IE11.
ms.assetid: 89c75f7e-35ca-4ca8-96fa-b3b498b53bE4
-author: shortpatti
-ms.author: pashort
-ms.manager: dougkim
-ms.prod: browser-edge
+ms.reviewer:
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
+ms.manager: dansimp
+ms.prod: edge
ms.topic: reference
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: appcompat
title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
ms.localizationpriority: medium
-ms.date: 10/24/2018
---
# Use Enterprise Mode to improve compatibility
> Applies to: Windows 10
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
If you have specific websites and apps that have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites open in Internet Explorer 11 automatically. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to automatically open using IE11 with the **Send all intranet sites to IE** group policy.
Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
@@ -39,11 +44,11 @@ If you're having trouble deciding whether Microsoft Edge is right for your organ
|Microsoft Edge |IE11 |
|---------|---------|
-|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
**Cortana.** Enabled by default in Microsoft Edge, Cortona lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
|
+|Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
**Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on web pages.
**Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout optimized for your screen size. While in reading view, you can also save web pages or PDF files to your reading list, for later viewing.
**Cortana.** Enabled by default in Microsoft Edge, Cortana lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
**Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
|IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
**Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
**Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps. **IE11 does not support some modern CSS properties, JavaScript modules and certain APIs.**
**More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like Windows Defender SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
**Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
**Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
**Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment and includes more than 1,600 Group Policies and preferences for granular control.
|
## Configure the Enterprise Mode Site List
-[Available policy options](includes/configure-enterprise-mode-site-list-include.md)
+[!INCLUDE [Available policy options](includes/configure-enterprise-mode-site-list-include.md)]
## Related topics
diff --git a/browsers/edge/group-policies/address-bar-settings-gp.md b/browsers/edge/group-policies/address-bar-settings-gp.md
index b8b82b3882..d718092a90 100644
--- a/browsers/edge/group-policies/address-bar-settings-gp.md
+++ b/browsers/edge/group-policies/address-bar-settings-gp.md
@@ -4,10 +4,12 @@ description: Microsoft Edge, by default, shows a list of search suggestions in t
services:
keywords:
ms.localizationpriority: medium
-manager: dougkim
-author: shortpatti
-ms.author: pashort
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Address bar
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, shows a list of search suggestions in the address bar. You can minimize network connections from Microsoft Edge to Microsoft services by hiding the functionality of the Address bar drop-down list.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/adobe-settings-gp.md b/browsers/edge/group-policies/adobe-settings-gp.md
index 3ad76e0397..7d9d3e6652 100644
--- a/browsers/edge/group-policies/adobe-settings-gp.md
+++ b/browsers/edge/group-policies/adobe-settings-gp.md
@@ -4,10 +4,12 @@ description: Adobe Flash Player still has a significant presence on the internet
services:
keywords:
ms.localizationpriority: medium
-manager: dougkim
-author: shortpatti
-ms.author: pashort
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Adobe Flash
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Adobe Flash Player still has a significant presence on the internet, such as digital ads. However, open standards, such as HTML5, provide many of the capabilities and functionalities becoming an alternative for content on the web. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
diff --git a/browsers/edge/group-policies/books-library-management-gp.md b/browsers/edge/group-policies/books-library-management-gp.md
index d2e9d6ea91..b2689d9638 100644
--- a/browsers/edge/group-policies/books-library-management-gp.md
+++ b/browsers/edge/group-policies/books-library-management-gp.md
@@ -4,10 +4,12 @@ description: Microsoft Edge decreases the amount of storage used by book files b
services:
keywords:
ms.localizationpriority: medium
-manager: dougkim
-author: shortpatti
-ms.author: pashort
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Books Library
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge decreases the amount of storage used by book files by downloading them to a shared folder in Windows. You can configure Microsoft Edge to update the configuration data for the library automatically or gather diagnostic data, such as usage data.
@@ -33,4 +38,4 @@ You can find the Microsoft Edge Group Policy settings in the following location
[!INCLUDE [allow-ext-telemetry-books-tab-include.md](../includes/allow-ext-telemetry-books-tab-include.md)]
## Always show the Books Library in Microsoft Edge
-[!INCLUDE [always-enable-book-library-include.md](../includes/always-enable-book-library-include.md)]
\ No newline at end of file
+[!INCLUDE [always-enable-book-library-include.md](../includes/always-enable-book-library-include.md)]
diff --git a/browsers/edge/group-policies/browser-settings-management-gp.md b/browsers/edge/group-policies/browser-settings-management-gp.md
index 2570cc3c69..2301806f5f 100644
--- a/browsers/edge/group-policies/browser-settings-management-gp.md
+++ b/browsers/edge/group-policies/browser-settings-management-gp.md
@@ -4,10 +4,12 @@ description: Not only do the other Microsoft Edge group policies enhance the bro
services:
keywords:
ms.localizationpriority: medium
-manager: dougkim
-author: shortpatti
-ms.author: pashort
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Browser experience
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Not only do the other Microsoft Edge group policies enhance the browsing experience, but we also want to mention some of the other and common browsing experiences. For example, printing web content is a common browsing experience. However, if you want to prevent users from printing web content, Microsoft Edge has a group policy that allows you to prevent printing. The same goes for Pop-up Blocker; Microsoft Edge has a group policy that lets you prevent pop-up windows or let users choose to use Pop-up Blocker. You can use any one of the following group policies to continue enhancing the browsing experience for your users.
diff --git a/browsers/edge/group-policies/developer-settings-gp.md b/browsers/edge/group-policies/developer-settings-gp.md
index ca4870ac95..67c6d1284c 100644
--- a/browsers/edge/group-policies/developer-settings-gp.md
+++ b/browsers/edge/group-policies/developer-settings-gp.md
@@ -1,13 +1,15 @@
---
-title: Microsoft Edge - Developer tools
-description: Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
+title: Microsoft Edge - Developer tools
+description: Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
services:
keywords:
ms.localizationpriority: medium
-managre: dougkim
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Developer tools
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, allows users to use the F12 developer tools as well as access the about:flags page. You can prevent users from using the F12 developer tools or from accessing the about:flags page.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/extensions-management-gp.md b/browsers/edge/group-policies/extensions-management-gp.md
index 3a7fc2dfe5..dc9b9406b4 100644
--- a/browsers/edge/group-policies/extensions-management-gp.md
+++ b/browsers/edge/group-policies/extensions-management-gp.md
@@ -4,10 +4,12 @@ description: Currently, Microsoft Edge allows users to add or personalize, and u
services:
keywords:
ms.localizationpriority: medium
-manager: dougkim
-author: shortpatti
-ms.author: pashort
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Extensions
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Currently, Microsoft Edge allows users to add or personalize, and uninstall extensions. You can prevent users from uninstalling extensions or sideloading of extensions, which does not prevent sideloading using Add-AppxPackage via PowerShell. Allowing sideloading of extensions installs and runs unverified extensions.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
diff --git a/browsers/edge/group-policies/favorites-management-gp.md b/browsers/edge/group-policies/favorites-management-gp.md
index 13c415afdf..9a022da181 100644
--- a/browsers/edge/group-policies/favorites-management-gp.md
+++ b/browsers/edge/group-policies/favorites-management-gp.md
@@ -1,13 +1,15 @@
---
title: Microsoft Edge - Favorites group policies
-description: Configure Microsoft Edge to either show or hide the favorites bar on all pages. Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
+description: Configure Microsoft Edge to either show or hide the favorites bar on all pages. Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
services:
keywords:
ms.localizationpriority: medium
-manager: dougkim
-author: shortpatti
-ms.author: pashort
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.topic: reference
ms.prod: edge
ms.mktglfcycl: explore
@@ -16,6 +18,9 @@ ms.sitesec: library
# Favorites
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages. Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
>[!TIP]
@@ -35,4 +40,4 @@ You can find the Microsoft Edge Group Policy settings in the following location
[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)]
## Provision Favorites
-[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)]
\ No newline at end of file
+[!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)]
diff --git a/browsers/edge/group-policies/home-button-gp.md b/browsers/edge/group-policies/home-button-gp.md
index 3f22c2897d..8f498a5d58 100644
--- a/browsers/edge/group-policies/home-button-gp.md
+++ b/browsers/edge/group-policies/home-button-gp.md
@@ -1,10 +1,12 @@
---
title: Microsoft Edge - Home button group policies
description: Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
@@ -14,6 +16,9 @@ ms.topic: reference
# Home button
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge shows the home button, by default, and by clicking it the Start page loads. With the relevant Home button policies, you can configure the Home button to load the New tab page or a specific page. You can also configure Microsoft Edge to hide the home button.
## Relevant group policies
diff --git a/browsers/edge/group-policies/index.yml b/browsers/edge/group-policies/index.yml
index 6e7a2ccb42..cb590ce308 100644
--- a/browsers/edge/group-policies/index.yml
+++ b/browsers/edge/group-policies/index.yml
@@ -2,19 +2,19 @@
documentType: LandingData
-title: Microsoft Edge group policies
+title: Microsoft Edge Legacy group policies
metadata:
document_id:
- title: Microsoft Edge group policies
+ title: Microsoft Edge Legacy group policies
- description: Learn how to configure group policies in Microsoft Edge on Windows 10.
+ description: Learn how to configure group policies in Microsoft Edge Legacy on Windows 10.
- text: Some of the features in Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
+ text: Some of the features in Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar. (To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).)
- keywords: Microsoft Edge, Windows 10, Windows 10 Mobile
+ keywords: Microsoft Edge Legacy, Windows 10, Windows 10 Mobile
ms.localizationpriority: medium
@@ -36,7 +36,7 @@ sections:
- type: markdown
- text: Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
+ text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Microsoft Edge Legacy works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPOs) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
- items:
@@ -92,7 +92,7 @@ sections:
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/developer-settings-gp
- html:
Learn how configure Microsoft Edge for development and testing.
+ html:
Learn how to configure Microsoft Edge for development and testing.
image:
diff --git a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
index 9e39200fe0..f1a0929bb3 100644
--- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
+++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
@@ -2,10 +2,12 @@
title: Microsoft Edge - Interoperability and enterprise mode guidance
description: Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
ms.localizationpriority: medium
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
@@ -14,6 +16,9 @@ ms.topic: reference
# Interoperability and enterprise mode guidance
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
>[!TIP]
diff --git a/browsers/edge/group-policies/new-tab-page-settings-gp.md b/browsers/edge/group-policies/new-tab-page-settings-gp.md
index b18871a3e6..2f61f0bd35 100644
--- a/browsers/edge/group-policies/new-tab-page-settings-gp.md
+++ b/browsers/edge/group-policies/new-tab-page-settings-gp.md
@@ -1,10 +1,12 @@
---
title: Microsoft Edge - New Tab page group policies
description: Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.localizationpriority: medium
ms.prod: edge
ms.mktglfcycl: explore
@@ -15,6 +17,9 @@ ms.topic: reference
# New Tab page
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge loads the default New tab page by default. With the relevant New Tab policies, you can set a URL to load in the New Tab page and prevent users from making changes. You can also load a blank page instead or let the users choose what loads.
>[!NOTE]
@@ -42,4 +47,4 @@ You can find the Microsoft Edge Group Policy settings in the following location
[!INCLUDE [set-new-tab-url-include](../includes/set-new-tab-url-include.md)]
## Allow web content on New Tab page
-[!INCLUDE [allow-web-content-new-tab-page-include](../includes/allow-web-content-new-tab-page-include.md)]
\ No newline at end of file
+[!INCLUDE [allow-web-content-new-tab-page-include](../includes/allow-web-content-new-tab-page-include.md)]
diff --git a/browsers/edge/group-policies/prelaunch-preload-gp.md b/browsers/edge/group-policies/prelaunch-preload-gp.md
index 8baa1858bb..5c4bf7c5fe 100644
--- a/browsers/edge/group-policies/prelaunch-preload-gp.md
+++ b/browsers/edge/group-policies/prelaunch-preload-gp.md
@@ -1,16 +1,21 @@
---
title: Microsoft Edge - Prelaunch and tab preload group policies
description: Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
-ms.date: 10/02/2018
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
+ms.prod: edge
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: reference
---
# Prelaunch Microsoft Edge and preload tabs in the background
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start up Microsoft Edge. You can also configure Microsoft Edge to prevent Microsoft Edge from pre-launching.
Additionally, Microsoft Edge preloads the Start and New Tab pages during Windows sign in, which minimizes the amount of time required to start Microsoft Edge and load a new tab. You can also configure Microsoft Edge to prevent preloading of tabs.
@@ -39,4 +44,4 @@ You can find the Microsoft Edge Group Policy settings in the following location
[!INCLUDE [allow-prelaunch-include](../includes/allow-prelaunch-include.md)]
## Allow Microsoft Edge to load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed
-[!INCLUDE [allow-tab-preloading-include](../includes/allow-tab-preloading-include.md)]
\ No newline at end of file
+[!INCLUDE [allow-tab-preloading-include](../includes/allow-tab-preloading-include.md)]
diff --git a/browsers/edge/group-policies/search-engine-customization-gp.md b/browsers/edge/group-policies/search-engine-customization-gp.md
index 75677a0ec8..480d0e275f 100644
--- a/browsers/edge/group-policies/search-engine-customization-gp.md
+++ b/browsers/edge/group-policies/search-engine-customization-gp.md
@@ -1,16 +1,21 @@
---
title: Microsoft Edge - Search engine customization group policies
-description: Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
-ms.date: 10/02/2018
+description: Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default.
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
+ms.prod: edge
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: reference
---
# Search engine customization
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge, by default, uses the search engine specified in App settings, which lets users make changes. You can prevent users from making changes and still use the search engine specified in App settings by disabling the Allow search engine customization policy. You can also use the policy-set search engine specified in the OpenSearch XML file in which you can configure up to five additional search engines and setting any one of them as the default.
## Relevant group policies
diff --git a/browsers/edge/group-policies/security-privacy-management-gp.md b/browsers/edge/group-policies/security-privacy-management-gp.md
index cf137c8439..033d73b50e 100644
--- a/browsers/edge/group-policies/security-privacy-management-gp.md
+++ b/browsers/edge/group-policies/security-privacy-management-gp.md
@@ -1,16 +1,21 @@
---
title: Microsoft Edge - Security and privacy group policies
-description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+description: Microsoft Edge helps to defend from increasingly sophisticated and prevalent web-based attacks against Windows. While most websites are safe, some sites have been designed to steal personal information or gain access to your system’s resources.
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: reference
---
# Security and privacy
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge is designed with improved security in mind, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows. Because Microsoft Edge is designed like a Universal Windows app, changing the browser to an app, it fundamentally changes the process model so that both the outer manager process and the different content processes all live within app container sandboxes.
Microsoft Edge runs in 64-bit not just by default, but anytime it’s running on a 64-bit operating system. Because Microsoft Edge doesn’t support legacy ActiveX controls or 3rd-party binary extensions, there’s no longer a reason to run 32-bit processes on a 64-bit system.
@@ -56,17 +61,18 @@ Another method thieves often use _hacking_ to attack a system through malformed
Microsoft Edge addresses these threats to help make browsing the web a safer experience.
-| Feature | Description |
-|---|---|
-| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). |
-| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. |
-| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include
Certificate Reputation system: Protects users from fraudulent certificates.
|
-| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:
Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). HSTS helps ensure that connections to important sites, such as to your bank, are always secured.
**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. |
-| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. |
-| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. |
-| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. |
-| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. |
-| **All web content runs in an app container sandbox** |Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. |
-| **Extension model and HTML5 support** |Microsoft Edge does not support binary extensions because they can bring code and data into the browser’s processes without any protection. So if anything goes wrong, the entire browser itself can be compromised or go down. We encourage everyone to use our scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). |
-| **Reduced attack surfaces** |Microsoft Edge does not support VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Many IE browser vulnerabilities only appear in legacy document modes, so removing support reduced attack surface making the browser more secure.
It also means that it’s not as backward compatible. With this reduced backward compatibility, Microsoft Edge automatically falls back to Internet Explorer 11 for any apps that need backward compatibility. This fall back happens when you use the Enterprise Mode Site List. |
+| Feature | Description |
+|-----------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **[Windows Hello](https://blogs.windows.com/bloggingwindows/2015/03/17/making-windows-10-more-personal-and-more-secure-with-windows-hello/)** | Microsoft Edge is the first browser to natively support Windows Hello to authenticate the user and the website with asymmetric cryptography technology, powered by early implementation of the [Web Authentication (formerly FIDO 2.0 Web API) specification](https://w3c.github.io/webauthn/). |
+| **Microsoft SmartScreen** | Defends against phishing by performing reputation checks on sites visited and blocking any sites that are thought to be a phishing site. SmartScreen also helps to defend against installing malicious software, drive-by attacks, or file downloads, even from trusted sites. Drive-by attacks are malicious web-based attacks that compromise your system by targeting security vulnerabilities in commonly used software and may be hosted on trusted sites. |
+| **Certificate Reputation system** | Collects data about certificates in use, detecting new certificates and flagging fraudulent certificates automatically, and sends the data to Microsoft. The systems and tools in place include
Certificate Reputation system: Protects users from fraudulent certificates.
|
+| **Microsoft EdgeHTML and modern web standards** | Microsoft Edge uses Microsoft EdgeHTML as the rendering engine. This engine focuses on modern standards letting web developers build and maintain a consistent site across all modern browsers. It also helps to defend against hacking through these security standards features:
Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). HSTS helps ensure that connections to important sites, such as to your bank, are always secured.
**NOTE:** Both Microsoft Edge and Internet Explorer 11 support HSTS. |
+| **Code integrity and image loading restrictions** | Microsoft Edge content processes support code integrity and image load restrictions, helping to prevent malicious DLLs from loading or injecting into the content processes. Only [properly signed images](https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/) are allowed to load into Microsoft Edge. Binaries on remote devices (such as UNC or WebDAV) can’t load. |
+| **Memory corruption mitigations** | Memory corruption attacks frequently happen to apps written in C or C++ don’t provide safety or buffer overflow protection. When an attacker provides malformed input to a program, the program’s memory becomes corrupt allowing the attacker to take control of the program. Although attackers have adapted and invented new ways to attack, we’ve responded with memory safety defenses, mitigating the most common forms of attack, including and especially [use-after-free (UAF)](https://cwe.mitre.org/data/definitions/416.html) vulnerabilities. |
+| **Memory Garbage Collector (MemGC) mitigation** | MemGC replaces Memory Protector and helps to protect the browser from UAF vulnerabilities. MemGC frees up memory from the programmer and automating it. Only freeing memory when the automation detects no references left pointing to a given block of memory. |
+| **Control Flow Guard** | Attackers use memory corruption attacks to gain control of the CPU program counter to jump to any code location they want. Control Flow Guard, a Microsoft Visual Studio technology, compiles checks around code that performs indirect jumps based on a pointer. Those jumps get restricted to function entry points with known addresses only making attacker take-overs must more difficult constraining where an attack jumps. |
+| **All web content runs in an app container sandbox** | Microsoft Edge takes the sandbox even farther, running its content processes in containers not just by default, but all of the time. Microsoft Edge doesn’t support 3rd party binary extensions, so there is no reason for it to run outside of the container, making Microsoft Edge more secure. |
+| **Extension model and HTML5 support** | Microsoft Edge does not support binary extensions because they can bring code and data into the browser’s processes without any protection. So if anything goes wrong, the entire browser itself can be compromised or go down. We encourage everyone to use our scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/). |
+| **Reduced attack surfaces** | Microsoft Edge does not support VBScript, JScript, VML, Browser Helper Objects, Toolbars, ActiveX controls, and [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Many IE browser vulnerabilities only appear in legacy document modes, so removing support reduced attack surface making the browser more secure.
It also means that it’s not as backward compatible. With this reduced backward compatibility, Microsoft Edge automatically falls back to Internet Explorer 11 for any apps that need backward compatibility. This fall back happens when you use the Enterprise Mode Site List. |
+
---
diff --git a/browsers/edge/group-policies/start-pages-gp.md b/browsers/edge/group-policies/start-pages-gp.md
index 55df08e642..5ea55bba9f 100644
--- a/browsers/edge/group-policies/start-pages-gp.md
+++ b/browsers/edge/group-policies/start-pages-gp.md
@@ -1,11 +1,13 @@
---
title: Microsoft Edge - Start pages group policies
-description: Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+description: Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.localizationpriority: medium
ms.date: 10/02/2018
+ms.reviewer:
ms.prod: edge
ms.mktglfcycl: explore
ms.sitesec: library
@@ -14,6 +16,9 @@ ms.topic: reference
# Start pages
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge loads the pages specified in App settings as the default Start pages. With the relevant Start pages policies, you can configure Microsoft Edge to load either the Start page, New tab page, previously opened pages, or a specific page or pages. You can also configure Microsoft Edge to prevent users from making changes.
## Relevant group policies
diff --git a/browsers/edge/group-policies/sync-browser-settings-gp.md b/browsers/edge/group-policies/sync-browser-settings-gp.md
index aac83e87ca..cdce19d2e5 100644
--- a/browsers/edge/group-policies/sync-browser-settings-gp.md
+++ b/browsers/edge/group-policies/sync-browser-settings-gp.md
@@ -1,16 +1,20 @@
---
-title: Microsoft Edge - Sync browser settings
+title: Microsoft Edge - Sync browser settings
description: By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: reference
---
# Sync browser settings
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. The “browser” group uses the Sync your Settings option in Settings to sync information like history and favorites. You can configure Microsoft Edge to prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy.
@@ -41,4 +45,4 @@ To verify the settings:
[!INCLUDE [do-not-sync-browser-settings-include](../includes/do-not-sync-browser-settings-include.md)]
## Prevent users from turning on browser syncing
-[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)]
\ No newline at end of file
+[!INCLUDE [prevent-users-to-turn-on-browser-syncing-include](../includes/prevent-users-to-turn-on-browser-syncing-include.md)]
diff --git a/browsers/edge/group-policies/telemetry-management-gp.md b/browsers/edge/group-policies/telemetry-management-gp.md
index c83cd2848c..fb3329f960 100644
--- a/browsers/edge/group-policies/telemetry-management-gp.md
+++ b/browsers/edge/group-policies/telemetry-management-gp.md
@@ -1,16 +1,21 @@
---
title: Microsoft Edge - Telemetry and data collection group policies
description: Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information.
-manager: dougkim
-ms.author: pashort
-author: shortpatti
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
ms.date: 10/02/2018
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: reference
---
# Telemetry and data collection
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
+
Microsoft Edge gathers diagnostic data, intranet history, internet history, tracking information of sites visited, and Live Tile metadata. You can configure Microsoft Edge to collect all or none of this information.
You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
@@ -27,4 +32,4 @@ You can find the Microsoft Edge Group Policy settings in the following location
[!INCLUDE [configure-do-not-track-include.md](../includes/configure-do-not-track-include.md)]
## Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
-[!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)]
\ No newline at end of file
+[!INCLUDE [prevent-live-tile-pinning-start-include](../includes/prevent-live-tile-pinning-start-include.md)]
diff --git a/browsers/edge/img-microsoft-edge-infographic-lg.md b/browsers/edge/img-microsoft-edge-infographic-lg.md
index e9d8b67cc2..9b329c580b 100644
--- a/browsers/edge/img-microsoft-edge-infographic-lg.md
+++ b/browsers/edge/img-microsoft-edge-infographic-lg.md
@@ -2,10 +2,15 @@
description: A full-sized view of the Microsoft Edge infographic.
title: Full-sized view of the Microsoft Edge infographic
ms.date: 11/10/2016
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
---
Return to: [Browser: Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
-Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/en-us/download/details.aspx?id=53892)
+Download image: [Total Economic Impact of Microsoft Edge: Infographic](https://www.microsoft.com/download/details.aspx?id=53892)
diff --git a/browsers/edge/includes/allow-address-bar-suggestions-include.md b/browsers/edge/includes/allow-address-bar-suggestions-include.md
index fef471693a..fdcebd090e 100644
--- a/browsers/edge/includes/allow-address-bar-suggestions-include.md
+++ b/browsers/edge/includes/allow-address-bar-suggestions-include.md
@@ -1,49 +1,52 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-address-bar-drop-down-shortdesc](../shortdesc/allow-address-bar-drop-down-shortdesc.md)]
-
-
-### Supported values
-
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented. Hide the Address bar drop-down list and disable the _Show search and site suggestions as I type_ toggle in Settings. | |
-|Enabled or not configured **(default)** |1 |1 |Allowed. Show the Address bar drop-down list and make it available. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Address bar drop-down list suggestions
-- **GP name:** AllowAddressBarDropdown
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowaddressbardropdown)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI
-- **Value name:** ShowOneBox
-- **Value type:** REG_DWORD
-
-
-### Related policies
-
-[Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-address-bar-drop-down-shortdesc](../shortdesc/allow-address-bar-drop-down-shortdesc.md)]
+
+
+### Supported values
+
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|-----------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented. Hide the Address bar drop-down list and disable the *Show search and site suggestions as I type* toggle in Settings. |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed. Show the Address bar drop-down list and make it available. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Address bar drop-down list suggestions
+- **GP name:** AllowAddressBarDropdown
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowAddressBarDropdown](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowaddressbardropdown)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAddressBarDropdown
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI
+- **Value name:** ShowOneBox
+- **Value type:** REG_DWORD
+
+
+### Related policies
+
+[Configure search suggestions in Address bar](../available-policies.md#configure-search-suggestions-in-address-bar): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/allow-adobe-flash-include.md b/browsers/edge/includes/allow-adobe-flash-include.md
index c3965dd477..3a7671c32a 100644
--- a/browsers/edge/includes/allow-adobe-flash-include.md
+++ b/browsers/edge/includes/allow-adobe-flash-include.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
+author: eavena
+ms.author: eravena
ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -14,10 +17,11 @@ ms:topic: include
### Supported values
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled |0 |0 |Prevented |
-|Enabled **(default)** |1 |1 |Allowed |
+| Group Policy | MDM | Registry | Description |
+|-----------------------|:---:|:--------:|-------------|
+| Disabled | 0 | 0 | Prevented |
+| Enabled **(default)** | 1 | 1 | Allowed |
+
---
### ADMX info and settings
@@ -31,7 +35,7 @@ ms:topic: include
#### MDM settings
- **MDM name:** Browser/[AllowFlash](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowflash)
- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAdobeFlash
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlash
- **Data type:** Integer
#### Registry settings
diff --git a/browsers/edge/includes/allow-clearing-browsing-data-include.md b/browsers/edge/includes/allow-clearing-browsing-data-include.md
index a3bd064c75..bd8b84f244 100644
--- a/browsers/edge/includes/allow-clearing-browsing-data-include.md
+++ b/browsers/edge/includes/allow-clearing-browsing-data-include.md
@@ -1,44 +1,47 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Prevented)*
-
-[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
-
-### Supported values
-
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Prevented. Users can configure the _Clear browsing data_ option in Settings. | |
-|Enabled |1 |1 |Allowed. Clear the browsing data upon exit automatically. | |
----
-
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow clearing browsing data on exit
-- **GP name:** AllowClearingBrowsingDataOnExit
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-clearbrowsingdataonexit)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
-- **Data type:** Integer
-
-#### Registry
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy
-- **Value name:** ClearBrowsingHistoryOnExit
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Prevented)*
+
+[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
+
+### Supported values
+
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|------------------------------------------|:---:|:--------:|------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Prevented. Users can configure the *Clear browsing data* option in Settings. | |
+| Enabled | 1 | 1 | Allowed. Clear the browsing data upon exit automatically. |  |
+
+---
+
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow clearing browsing data on exit
+- **GP name:** AllowClearingBrowsingDataOnExit
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ClearBrowsingDataOnExit](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-clearbrowsingdataonexit)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ClearBrowsingDataOnExit
+- **Data type:** Integer
+
+#### Registry
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Privacy
+- **Value name:** ClearBrowsingHistoryOnExit
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-config-updates-books-include.md b/browsers/edge/includes/allow-config-updates-books-include.md
index 21454f87b9..02b449e5e2 100644
--- a/browsers/edge/includes/allow-config-updates-books-include.md
+++ b/browsers/edge/includes/allow-config-updates-books-include.md
@@ -1,46 +1,49 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented. | |
-|Enabled or not configured **(default)** |1 |1 |Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow configuration updates for the Books Library
-- **GP name:** AllowConfigurationUpdateForBooksLibrary
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary
-- **Value name:** AllowConfigurationUpdateForBooksLibrary
-- **Value type:** REG_DWORD
-
-### Related topics
-
-[!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)]
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented. |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed. Microsoft Edge updates the configuration data for the Books Library automatically. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow configuration updates for the Books Library
+- **GP name:** AllowConfigurationUpdateForBooksLibrary
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowConfigurationUpdateForBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowConfigurationUpdateForBooksLibrary
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\BooksLibrary
+- **Value name:** AllowConfigurationUpdateForBooksLibrary
+- **Value type:** REG_DWORD
+
+### Related topics
+
+[!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)]
+
+
diff --git a/browsers/edge/includes/allow-cortana-include.md b/browsers/edge/includes/allow-cortana-include.md
index 867850d83f..248600e48b 100644
--- a/browsers/edge/includes/allow-cortana-include.md
+++ b/browsers/edge/includes/allow-cortana-include.md
@@ -1,43 +1,46 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Enabled (Allowed)*
-
-[!INCLUDE [allow-cortana-shortdesc](../shortdesc/allow-cortana-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented. Users can still search to find items on their device. | |
-|Enabled **(default)** |1 |1 |Allowed. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Cortana
-- **GP name:** AllowCortana
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Experience/[AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)
-- **Supported devices:** Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\Windows\Windows Search
-- **Value name:** AllowCortana
-- **Value type:** REG_DWORD
-
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Allowed)*
+
+[!INCLUDE [allow-cortana-shortdesc](../shortdesc/allow-cortana-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------|:---:|:--------:|------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented. Users can still search to find items on their device. |  |
+| Enabled **(default)** | 1 | 1 | Allowed. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Cortana
+- **GP name:** AllowCortana
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Experience/[AllowCortana](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)
+- **Supported devices:** Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\Windows\Windows Search
+- **Value name:** AllowCortana
+- **Value type:** REG_DWORD
+
+
+
diff --git a/browsers/edge/includes/allow-dev-tools-include.md b/browsers/edge/includes/allow-dev-tools-include.md
index b335926754..8a715d6905 100644
--- a/browsers/edge/includes/allow-dev-tools-include.md
+++ b/browsers/edge/includes/allow-dev-tools-include.md
@@ -1,44 +1,47 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
->*Default setting: Enabled (Allowed)*
-
-[!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
-
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled |1 |1 |Allowed | |
----
-
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Developer Tools
-- **GP name:** AllowDeveloperTools
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools)
-- **Supported devices:** Desktop
-- **URI full Path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12
-- **Value name:** AllowDeveloperTools
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Enabled (Allowed)*
+
+[!INCLUDE [allow-developer-tools-shortdesc](../shortdesc/allow-developer-tools-shortdesc.md)]
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled | 1 | 1 | Allowed | |
+
+---
+
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Developer Tools
+- **GP name:** AllowDeveloperTools
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowDeveloperTools](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdevelopertools)
+- **Supported devices:** Desktop
+- **URI full Path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDeveloperTools
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12
+- **Value name:** AllowDeveloperTools
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-enable-book-library-include.md b/browsers/edge/includes/allow-enable-book-library-include.md
index ec76df7f79..be4dcd7cfd 100644
--- a/browsers/edge/includes/allow-enable-book-library-include.md
+++ b/browsers/edge/includes/allow-enable-book-library-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
->*Default setting: Disabled or not configured*
-
-[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Show the Books Library only in countries or regions where supported. | |
-|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | |
----
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Always show the Books Library in Microsoft Edge
-- **GP name:** AlwaysEnableBooksLibrary
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[Browser/AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** AlwaysEnableBooksLibrary
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
+>*Default setting: Disabled or not configured*
+
+[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
+| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | |
+
+---
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Always show the Books Library in Microsoft Edge
+- **GP name:** AlwaysEnableBooksLibrary
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[Browser/AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** AlwaysEnableBooksLibrary
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
index f078711142..1b39d3081d 100644
--- a/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
+++ b/browsers/edge/includes/allow-ext-telemetry-books-tab-include.md
@@ -1,43 +1,46 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*
->*Default setting: Disabled or not configured (Gather and send only basic diagnostic data)*
-
-[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Gather and send only basic diagnostic data. | |
-|Enabled |1 |1 |Gather all diagnostic data. For this policy to work correctly, you must set the diagnostic data in _Settings > Diagnostics & feedback_ to **Full**. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow extended telemetry for the Books tab
-- **GP name:** EnableExtendedBooksTelemetry
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** [Browser/EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary
-- **Value name:** EnableExtendedBooksTelemetry
-- **Value type:** REG_DWORD
-
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1803 or later*
+>*Default setting: Disabled or not configured (Gather and send only basic diagnostic data)*
+
+[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Gather and send only basic diagnostic data. |  |
+| Enabled | 1 | 1 | Gather all diagnostic data. For this policy to work correctly, you must set the diagnostic data in *Settings > Diagnostics & feedback* to **Full**. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow extended telemetry for the Books tab
+- **GP name:** EnableExtendedBooksTelemetry
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** [Browser/EnableExtendedBooksTelemetry](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnableExtendedBooksTelemetry
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary
+- **Value name:** EnableExtendedBooksTelemetry
+- **Value type:** REG_DWORD
+
+
+
diff --git a/browsers/edge/includes/allow-extensions-include.md b/browsers/edge/includes/allow-extensions-include.md
index bb9b65ea2c..977e027f08 100644
--- a/browsers/edge/includes/allow-extensions-include.md
+++ b/browsers/edge/includes/allow-extensions-include.md
@@ -1,46 +1,49 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-extensions-shortdesc](../shortdesc/allow-extensions-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled |0 |0 |Prevented |
-|Enabled or not configured **(default)** |1 |1 |Allowed |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Extensions
-- **GP name:** AllowExtensions
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowextensions)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions
-- **Value name:** ExtensionsEnabled
-- **Value type:** REG_DWORD
-
-### Related topics
-
-[!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-extensions-shortdesc](../shortdesc/allow-extensions-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|--------------------------------------------|:---:|:--------:|-------------|
+| Disabled | 0 | 0 | Prevented |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Extensions
+- **GP name:** AllowExtensions
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowextensions)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowExtensions
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Extensions
+- **Value name:** ExtensionsEnabled
+- **Value type:** REG_DWORD
+
+### Related topics
+
+[!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/allow-full-screen-include.md b/browsers/edge/includes/allow-full-screen-include.md
index 6cbfe544bd..34d3dc32be 100644
--- a/browsers/edge/includes/allow-full-screen-include.md
+++ b/browsers/edge/includes/allow-full-screen-include.md
@@ -1,44 +1,47 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled or not configured (Allowed)*
-
-
-[!INCLUDE [allow-fullscreen-mode-shortdesc](../shortdesc/allow-fullscreen-mode-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled **(default)** |1 |1 |Allowed | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow fullscreen mode
-- **GP name:** AllowFullScreenMode
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowFullscreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFullscreen
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** AllowFullScreenMode
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)*
+
+
+[!INCLUDE [allow-fullscreen-mode-shortdesc](../shortdesc/allow-fullscreen-mode-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled **(default)** | 1 | 1 | Allowed | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow fullscreen mode
+- **GP name:** AllowFullScreenMode
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowFullscreen](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowfullscreenmode)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFullscreen
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** AllowFullScreenMode
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-inprivate-browsing-include.md b/browsers/edge/includes/allow-inprivate-browsing-include.md
index 77339e72ef..0d66095576 100644
--- a/browsers/edge/includes/allow-inprivate-browsing-include.md
+++ b/browsers/edge/includes/allow-inprivate-browsing-include.md
@@ -1,44 +1,47 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
->*Default setting: Enabled or not configured (Allowed)*
-
-
-[!INCLUDE [allow-inprivate-browsing-shortdesc](../shortdesc/allow-inprivate-browsing-shortdesc.md)]
-
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled or not configured **(default)** |1 |1 |Allowed | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow InPrivate browsing
-- **GP name:** AllowInPrivate
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** AllowInPrivate
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Enabled or not configured (Allowed)*
+
+
+[!INCLUDE [allow-inprivate-browsing-shortdesc](../shortdesc/allow-inprivate-browsing-shortdesc.md)]
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow InPrivate browsing
+- **GP name:** AllowInPrivate
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowInPrivate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowinprivate)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowInPrivate
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AllowInPrivate
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
index bbc6aad2d2..580909fe1d 100644
--- a/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
+++ b/browsers/edge/includes/allow-microsoft-compatibility-list-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../shortdesc/allow-microsoft-compatibility-list-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled or not configured **(default)** |1 |1 |Allowed | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Microsoft Compatibility List
-- **GP name:** AllowCVList
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation
-- **Value name:** MSCompatibilityMode
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../shortdesc/allow-microsoft-compatibility-list-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Microsoft Compatibility List
+- **GP name:** AllowCVList
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowMicrosoftCompatibilityList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowMicrosoftCompatibilityList
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation
+- **Value name:** MSCompatibilityMode
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-prelaunch-include.md b/browsers/edge/includes/allow-prelaunch-include.md
index 7f1d10363c..1953faa630 100644
--- a/browsers/edge/includes/allow-prelaunch-include.md
+++ b/browsers/edge/includes/allow-prelaunch-include.md
@@ -1,44 +1,47 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled or not configured **(default)** |1 |1 |Allowed | |
----
-
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
-- **GP name:** AllowPreLaunch
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrelaunch
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\
-- **Value name:** AllowPrelaunch
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-prelaunch-shortdesc](../shortdesc/allow-prelaunch-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------|:-------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed | |
+
+---
+
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed
+- **GP name:** AllowPreLaunch
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPrelaunch](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrelaunch
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** AllowPrelaunch
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-printing-include.md b/browsers/edge/includes/allow-printing-include.md
index c489b9ebdd..47055ba966 100644
--- a/browsers/edge/includes/allow-printing-include.md
+++ b/browsers/edge/includes/allow-printing-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled or not configured **(default)** |1 |1 |Allowed | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow printing
-- **GP name:** AllowPrinting
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrinting
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** AllowPrinting
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-printing-shortdesc](../shortdesc/allow-printing-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------|:-------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow printing
+- **GP name:** AllowPrinting
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPrinting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowprinting)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPrinting
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AllowPrinting
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/allow-saving-history-include.md b/browsers/edge/includes/allow-saving-history-include.md
index cc495aac9e..874d301abb 100644
--- a/browsers/edge/includes/allow-saving-history-include.md
+++ b/browsers/edge/includes/allow-saving-history-include.md
@@ -1,44 +1,47 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled or not configured **(default)** |1 |1 |Allowed | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Saving History
-- **GP name:** AllowSavingHistory
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSavingHistory
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** AllowSavingHistory
-- **Value type:** REG_DWORD
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-saving-history-shortdesc](../shortdesc/allow-saving-history-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Saving History
+- **GP name:** AllowSavingHistory
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSavingHistory](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSavingHistory
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AllowSavingHistory
+- **Value type:** REG_DWORD
+
+
+
diff --git a/browsers/edge/includes/allow-search-engine-customization-include.md b/browsers/edge/includes/allow-search-engine-customization-include.md
index cc3137fa52..eb4891088f 100644
--- a/browsers/edge/includes/allow-search-engine-customization-include.md
+++ b/browsers/edge/includes/allow-search-engine-customization-include.md
@@ -1,56 +1,59 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented | |
-|Enabled or not configured **(default)** |1 |1 |Allowed | |
----
-
-### ADMX info and settings
-
-##### ADMX info
-- **GP English name:** Allow search engine customization
-- **GP name:** AllowSearchEngineCustomization
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
-- **Data type:** Integer
-
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Protected
-- **Value name:** AllowSearchEngineCustomization
-- **Value type:** REG_DWORD
-
-
-### Related policies
-
-- [Set default search engine](../available-policies.md#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
-
-- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
-
-### Related topics
-
-- [!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)]
-
-- [!INCLUDE [search-provider-discovery-shortdesc-include](search-provider-discovery-shortdesc-include.md)]
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed | |
+
+---
+
+### ADMX info and settings
+
+##### ADMX info
+- **GP English name:** Allow search engine customization
+- **GP name:** AllowSearchEngineCustomization
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSearchEngineCustomization](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchenginecustomization)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchEngineCustomization
+- **Data type:** Integer
+
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Protected
+- **Value name:** AllowSearchEngineCustomization
+- **Value type:** REG_DWORD
+
+
+### Related policies
+
+- [Set default search engine](../available-policies.md#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
+
+- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+### Related topics
+
+- [!INCLUDE [man-connections-win-comp-services-shortdesc-include](man-connections-win-comp-services-shortdesc-include.md)]
+
+- [!INCLUDE [search-provider-discovery-shortdesc-include](search-provider-discovery-shortdesc-include.md)]
+
+
diff --git a/browsers/edge/includes/allow-shared-folder-books-include.md b/browsers/edge/includes/allow-shared-folder-books-include.md
index d4b813968c..fadbac9ad5 100644
--- a/browsers/edge/includes/allow-shared-folder-books-include.md
+++ b/browsers/edge/includes/allow-shared-folder-books-include.md
@@ -1,49 +1,53 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1803*
->*Default setting: Disabled or not configured (Not allowed)*
-
-[!INCLUDE [allow-a-shared-books-folder-shortdesc](../shortdesc/allow-a-shared-books-folder-shortdesc.md)]
-
-
-
-### Supported values
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Prevented. Microsoft Edge downloads book files to a per-user folder for each user. | |
-|Enabled |1 |1 |Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy, which you can find:
Also, the users must be signed in with a school or work account.| |
----
-
-
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow a shared Books folder
-- **GP name:** UseSharedFolderForBooks
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary
-- **Value name:** UseSharedFolderForBooks
-- **Value type:** REG_DWORD
-
-### Related policies
-
-**Allow a Windows app to share application data between users:** [!INCLUDE [allow-windows-app-to-share-data-users-shortdesc](../shortdesc/allow-windows-app-to-share-data-users-shortdesc.md)]
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1803*
+>*Default setting: Disabled or not configured (Not allowed)*
+
+[!INCLUDE [allow-a-shared-books-folder-shortdesc](../shortdesc/allow-a-shared-books-folder-shortdesc.md)]
+
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Prevented. Microsoft Edge downloads book files to a per-user folder for each user. |  |
+| Enabled | 1 | 1 | Allowed. Microsoft Edge downloads book files to a shared folder. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy, which you can find:
Also, the users must be signed in with a school or work account. | |
+
+---
+
+
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow a shared Books folder
+- **GP name:** UseSharedFolderForBooks
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[UseSharedFolderForBooks](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UseSharedFolderForBooks
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\BooksLibrary
+- **Value name:** UseSharedFolderForBooks
+- **Value type:** REG_DWORD
+
+### Related policies
+
+**Allow a Windows app to share application data between users:** [!INCLUDE [allow-windows-app-to-share-data-users-shortdesc](../shortdesc/allow-windows-app-to-share-data-users-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/allow-sideloading-extensions-include.md b/browsers/edge/includes/allow-sideloading-extensions-include.md
index b0575c853b..987387dbe6 100644
--- a/browsers/edge/includes/allow-sideloading-extensions-include.md
+++ b/browsers/edge/includes/allow-sideloading-extensions-include.md
@@ -1,52 +1,55 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled (Allowed)*
-
-[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured |0 |0 |Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). | |
-|Enabled **(default)** |1 |1 |Allowed. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow sideloading of Extensions
-- **GP name:** AllowSideloadingOfExtensions
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowSideloadingExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
-- **Value name:** AllowSideloadingOfExtensions
-- **Value type:** REG_DWORD
-
-### Related policies
-
-- [Allows development of Windows Store apps and installing them from an integrated development environment (IDE)](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock): When you enable this policy and the **Allow all trusted apps to install** policy, you allow users to develop Windows Store apps and install them directly from an IDE.
-
-- [Allow all trusted apps to install](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowalltrustedapps): When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
-
-### Related topics
-
-[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled (Allowed)*
+
+[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|----------------------------|:---:|:--------:|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured | 0 | 0 | Prevented. Disabling does not prevent sideloading of extensions using Add-AppxPackage via PowerShell. To prevent this, you must enable the **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)** group policy, which you can find:
For the MDM setting, set the **ApplicationManagement/AllowDeveloperUnlock** policy to 1 (enabled). |  |
+| Enabled **(default)** | 1 | 1 | Allowed. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow sideloading of Extensions
+- **GP name:** AllowSideloadingOfExtensions
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSideloadingExtensions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSideloadingExtensions
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions
+- **Value name:** AllowSideloadingOfExtensions
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Allows development of Windows Store apps and installing them from an integrated development environment (IDE)](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowdeveloperunlock): When you enable this policy and the **Allow all trusted apps to install** policy, you allow users to develop Windows Store apps and install them directly from an IDE.
+
+- [Allow all trusted apps to install](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowalltrustedapps): When you enable this policy, you can manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
+
+### Related topics
+
+[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Access development features, along with other developer-focused settings to make it possible for you to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
+
+
diff --git a/browsers/edge/includes/allow-tab-preloading-include.md b/browsers/edge/includes/allow-tab-preloading-include.md
index c62d262521..2083558b86 100644
--- a/browsers/edge/includes/allow-tab-preloading-include.md
+++ b/browsers/edge/includes/allow-tab-preloading-include.md
@@ -1,42 +1,46 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1802*
->*Default setting: Enabled or not configured (Allowed)*
-
-[!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Prevented. | |
-|Enabled or not configured **(default)** |1 |1 |Allowed. Preload Start and New Tab pages. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow Microsoft Edge to load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
-- **GP name:** AllowTabPreloading
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowTabPreloading
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
-- **Value name:** AllowTabPreloading
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1802*
+>*Default setting: Enabled or not configured (Allowed)*
+
+[!INCLUDE [allow-tab-preloading-shortdesc](../shortdesc/allow-tab-preloading-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|-------------------------------------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Prevented. |  |
+| Enabled or not configured **(default)** | 1 | 1 | Allowed. Preload Start and New Tab pages. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow Microsoft Edge to load the Start and New Tab pages in the background at Windows startup and each time Microsoft Edge is closed
+- **GP name:** AllowTabPreloading
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowTabPreloading](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowTabPreloading
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKCU\SOFTWARE\Policies\Microsoft\MicrosoftEdge\TabPreloader
+- **Create Value name:** AllowTabPreloading
+- **Value type:** REG_DWORD
+- **DWORD Value:** 1
+
+
diff --git a/browsers/edge/includes/allow-web-content-new-tab-page-include.md b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
index cdd5bb2adc..88e91371ac 100644
--- a/browsers/edge/includes/allow-web-content-new-tab-page-include.md
+++ b/browsers/edge/includes/allow-web-content-new-tab-page-include.md
@@ -1,47 +1,50 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 11/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Enabled (the default New Tab page loads)*
-
-
-[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
-
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled |0 |0 |Load a blank page instead of the default New Tab page and prevent users from making changes. |
-|Enabled or not configured **(default)** |1 |1 |Load the default New Tab page and the users make changes. |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Allow web content on New Tab page
-- **GP name:** AllowWebContentOnNewTabPage
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowWebContentOnNewTabPage
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI
-- **Value name:** AllowWebContentOnNewTabPage
-- **Value type:** REG_DWORD
-
-### Related policies
-[Set New Tab page URL](../available-policies.md#set-new-tab-page-url): [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 11/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (the default New Tab page loads)*
+
+
+[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|-----------------------------------------|:---:|:--------:|----------------------------------------------------------------------------------------------|
+| Disabled | 0 | 0 | Load a blank page instead of the default New Tab page and prevent users from making changes. |
+| Enabled or not configured **(default)** | 1 | 1 | Load the default New Tab page and the users make changes. |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Allow web content on New Tab page
+- **GP name:** AllowWebContentOnNewTabPage
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowWebContentOnNewTabPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowWebContentOnNewTabPage
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\ServiceUI
+- **Value name:** AllowWebContentOnNewTabPage
+- **Value type:** REG_DWORD
+
+### Related policies
+[Set New Tab page URL](../available-policies.md#set-new-tab-page-url): [!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/always-enable-book-library-include.md b/browsers/edge/includes/always-enable-book-library-include.md
index 16ee156803..7cb4f04653 100644
--- a/browsers/edge/includes/always-enable-book-library-include.md
+++ b/browsers/edge/includes/always-enable-book-library-include.md
@@ -1,43 +1,46 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
->*Default setting: Disabled or not configured*
-
-
-[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Show the Books Library only in countries or regions where supported. | |
-|Enabled |1 |1 |Show the Books Library, regardless of the device’s country or region. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Always show the Books Library in Microsoft Edge
-- **GP name:** AlwaysEnableBooksLibrary
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** AlwaysEnableBooksLibrary
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
+>*Default setting: Disabled or not configured*
+
+
+[!INCLUDE [always-show-books-library-shortdesc](../shortdesc/always-show-books-library-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Show the Books Library only in countries or regions where supported. |  |
+| Enabled | 1 | 1 | Show the Books Library, regardless of the device’s country or region. | |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Always show the Books Library in Microsoft Edge
+- **GP name:** AlwaysEnableBooksLibrary
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AlwaysEnableBooksLibrary](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AlwaysEnableBooksLibrary
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AlwaysEnableBooksLibrary
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/configure-additional-search-engines-include.md b/browsers/edge/includes/configure-additional-search-engines-include.md
index cd5341cd46..e1ff2e9999 100644
--- a/browsers/edge/includes/configure-additional-search-engines-include.md
+++ b/browsers/edge/includes/configure-additional-search-engines-include.md
@@ -1,55 +1,58 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Prevented)*
-
-[!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Prevented. Use the search engine specified in App settings.
If you enabled this policy and now want to disable it, all previously configured search engines get removed. | |
-|Enabled |1 |1 |Allowed. Add up to five additional search engines and set any one of them as the default.
For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure additional search engines
-- **GP name:** ConfigureAdditionalSearchEngines
-- **GP element:** ConfigureAdditionalSearchEngines_Prompt
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch
-- **Value name:** ConfigureAdditionalSearchEngines
-- **Value type:** REG_SZ
-
-### Related policies
-
-- [Set default search engine](../available-policies.md\#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
-
-- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
-
-
-### Related topics
-
-- [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
-
-- [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Prevented)*
+
+[!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Prevented. Use the search engine specified in App settings.
If you enabled this policy and now want to disable it, all previously configured search engines get removed. |  |
+| Enabled | 1 | 1 | Allowed. Add up to five additional search engines and set any one of them as the default.
For each search engine added you must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). | |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure additional search engines
+- **GP name:** ConfigureAdditionalSearchEngines
+- **GP element:** ConfigureAdditionalSearchEngines_Prompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureAdditionalSearchEngines](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureadditionalsearchengines)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureAdditionalSearchEngines
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch
+- **Value name:** ConfigureAdditionalSearchEngines
+- **Value type:** REG_SZ
+
+### Related policies
+
+- [Set default search engine](../available-policies.md\#set-default-search-engine): [!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
+
+- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
+
+
+### Related topics
+
+- [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
+
+- [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Rich search integration is built into the Microsoft Edge address bar, including search suggestions, results from the web, your browsing history, and favorites.
+
+
diff --git a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
index 3011317313..852be617a5 100644
--- a/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
+++ b/browsers/edge/includes/configure-adobe-flash-click-to-run-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Enabled or not configured (Does not load content automatically)*
-
-[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled |0 |0 |Load and run Adobe Flash content automatically. | |
-|Enabled or not configured **(default)** |1 |1 |Do not load or run Adobe Flash content and require action from the user. | |
----
-
-### ADMX info and settings
-
-#### ADMX info
-- **GP English name:** Configure the Adobe Flash Click-to-Run setting
-- **GP name:** AllowFlashClickToRun
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Security
-- **Value name:** FlashClickToRunMode
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Enabled or not configured (Does not load content automatically)*
+
+[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled | 0 | 0 | Load and run Adobe Flash content automatically. | |
+| Enabled or not configured **(default)** | 1 | 1 | Do not load or run Adobe Flash content and require action from the user. |  |
+
+---
+
+### ADMX info and settings
+
+#### ADMX info
+- **GP English name:** Configure the Adobe Flash Click-to-Run setting
+- **GP name:** AllowFlashClickToRun
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowFlashClickToRun](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowflashclicktorun)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowFlashClickToRun
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Security
+- **Value name:** FlashClickToRunMode
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/configure-autofill-include.md b/browsers/edge/includes/configure-autofill-include.md
index bd717cc583..1ef991e263 100644
--- a/browsers/edge/includes/configure-autofill-include.md
+++ b/browsers/edge/includes/configure-autofill-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Not configured (Blank)*
-
-[!INCLUDE [configure-autofill-shortdesc](../shortdesc/configure-autofill-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured **(default)** | Blank |Blank |Users can choose to use Autofill. | |
-|Disabled | 0 | no | Prevented. | |
-|Enabled |1 |yes | Allowed. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Autofill
-- **GP name:** AllowAutofill
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowautofill)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** Use FormSuggest
-- **Value type:** REG_SZ
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Not configured (Blank)*
+
+[!INCLUDE [configure-autofill-shortdesc](../shortdesc/configure-autofill-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------|:-----:|:--------:|-----------------------------------|:------------------------------------------------:|
+| Not configured **(default)** | Blank | Blank | Users can choose to use Autofill. | |
+| Disabled | 0 | no | Prevented. |  |
+| Enabled | 1 | yes | Allowed. | |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Autofill
+- **GP name:** AllowAutofill
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowAutofill](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowautofill)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowAutofill
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** Use FormSuggest
+- **Value type:** REG_SZ
+
+
diff --git a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
index f4c4360129..1525399652 100644
--- a/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
+++ b/browsers/edge/includes/configure-browser-telemetry-for-m365-analytics-include.md
@@ -1,62 +1,65 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Disabled or not configured (No data collected or sent)*
-
-[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
-
-
->[!IMPORTANT]
->For this policy to work, enable the **Allow Telemetry** group policy with the _Enhanced_ option and enable the **Configure the Commercial ID** group policy by providing the Commercial ID.
->
->You can find these policies in the following location of the Group Policy Editor:
->
->**Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\**
->
Allow Telemetry = Enabled and set to _Enhanced_
Configure the Commercial ID = String of the Commercial ID
Configure collection of browsing data for Microsoft 365 Analytics = _Enabled_
-
-
-### Supported values
-
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |No data collected or sent | |
-|Enabled |1 |1 |Send intranet history only | |
-|Enabled |2 |2 |Send Internet history only | |
-|Enabled |3 |3 |Send both intranet and Internet history | |
----
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics
-- **GP name:** ConfigureTelemetryForMicrosoft365Analytics
-- **GP element:** ZonesListBox
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureTelemetryForMicrosoft365Analytics
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
-- **Value name:** MicrosoftEdgeDataOptIn
-- **Value type:** REG_DWORD
-
-### Related policies
-- Allow Telemetry: Allows Microsoft to run diagnostics on the device and troubleshoot. The default setting for Allow Telemetry is set to _Enhanced_ (2 for MDM).
-
-- Configure the Commercial ID: Define the Commercial ID used to associate the device's telemetry data as belonging to a given organization.
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (No data collected or sent)*
+
+[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
+
+
+> [!IMPORTANT]
+> For this policy to work, enable the **Allow Telemetry** group policy with the _Enhanced_ option and enable the **Configure the Commercial ID** group policy by providing the Commercial ID.
+>
+> You can find these policies in the following location of the Group Policy Editor:
+>
+> **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection and Preview Builds\\**
+>
Allow Telemetry = Enabled and set to Enhanced
Configure the Commercial ID = String of the Commercial ID
Configure collection of browsing data for Microsoft 365 Analytics = Enabled
+
+
+### Supported values
+
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | No data collected or sent |  |
+| Enabled | 1 | 1 | Send intranet history only | |
+| Enabled | 2 | 2 | Send Internet history only | |
+| Enabled | 3 | 3 | Send both intranet and Internet history | |
+
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure collection of browsing data for Microsoft 365 Analytics
+- **GP name:** ConfigureTelemetryForMicrosoft365Analytics
+- **GP element:** ZonesListBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureTelemetryForMicrosoft365Analytics](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureTelemetryForMicrosoft365Analytics
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection
+- **Value name:** MicrosoftEdgeDataOptIn
+- **Value type:** REG_DWORD
+
+### Related policies
+- Allow Telemetry: Allows Microsoft to run diagnostics on the device and troubleshoot. The default setting for Allow Telemetry is set to _Enhanced_ (2 for MDM).
+
+- Configure the Commercial ID: Define the Commercial ID used to associate the device's telemetry data as belonging to a given organization.
+
+
diff --git a/browsers/edge/includes/configure-cookies-include.md b/browsers/edge/includes/configure-cookies-include.md
index 5ef992f09e..36922a6177 100644
--- a/browsers/edge/includes/configure-cookies-include.md
+++ b/browsers/edge/includes/configure-cookies-include.md
@@ -1,43 +1,46 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Disabled or not configured (Allow all cookies from all sites)*
-
-[!INCLUDE [configure-cookies-shortdesc](../shortdesc/configure-cookies-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Enabled |0 |0 |Block all cookies from all sites. | |
-|Enabled |1 |1 |Block only coddies from third party websites. | |
-|Disabled or not configured **(default)** |2 |2 |Allow all cookies from all sites. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure cookies
-- **GP name:** Cookies
-- **GP element:** CookiesListBox
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowcookies)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** Cookies
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured (Allow all cookies from all sites)*
+
+[!INCLUDE [configure-cookies-shortdesc](../shortdesc/configure-cookies-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------------|:------------------------------------------------:|
+| Enabled | 0 | 0 | Block all cookies from all sites. |  |
+| Enabled | 1 | 1 | Block only cookies from third party websites. | |
+| Disabled or not configured **(default)** | 2 | 2 | Allow all cookies from all sites. | |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure cookies
+- **GP name:** Cookies
+- **GP element:** CookiesListBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowCookies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser\#browser-allowcookies)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowCookies
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** Cookies
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/configure-do-not-track-include.md b/browsers/edge/includes/configure-do-not-track-include.md
index 4e77fdadf8..f4868357b9 100644
--- a/browsers/edge/includes/configure-do-not-track-include.md
+++ b/browsers/edge/includes/configure-do-not-track-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Not configured (Do not send tracking information)*
-
-[!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured **(default)** |Blank |Blank |Do not send tracking information but let users choose to send tracking information to sites they visit. | |
-|Disabled |0 |0 |Never send tracking information. | |
-|Enabled |1 |1 |Send tracking information. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Do Not Track
-- **GP name:** AllowDoNotTrack
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** DoNotTrack
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Not configured (Do not send tracking information)*
+
+[!INCLUDE [configure-do-not-track-shortdesc](../shortdesc/configure-do-not-track-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Not configured **(default)** | Blank | Blank | Do not send tracking information but let users choose to send tracking information to sites they visit. | |
+| Disabled | 0 | 0 | Never send tracking information. | |
+| Enabled | 1 | 1 | Send tracking information. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Do Not Track
+- **GP name:** AllowDoNotTrack
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowDoNotTrack](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowDoNotTrack
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** DoNotTrack
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
index 2fa8b095e5..ccdd275e01 100644
--- a/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
+++ b/browsers/edge/includes/configure-edge-kiosk-reset-idle-timeout-include.md
@@ -1,54 +1,56 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: 5 minutes*
-
-[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
-
-You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/windows/configuration/kiosk-shared-pc).
-
-### Supported values
-
-- **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.
-
-- **0** – No idle timer.
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure kiosk reset after idle timeout
-- **GP name:** ConfigureKioskResetAfterIdleTimeout
-- **GP element:** ConfigureKioskResetAfterIdleTimeout_TextBox
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
-- **Value name:**ConfigureKioskResetAfterIdleTimeout
-- **Value type:** REG_DWORD
-
-
-
-### Related policies
-
-[Configure kiosk mode](../available-policies.md#configure-kiosk-mode): [!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
-
-
-
-### Related topics
-[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: 5 minutes*
+
+[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
+
+You must set the Configure kiosk mode policy to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://docs.microsoft.com/windows/configuration/kiosk-shared-pc).
+
+### Supported values
+
+- **Any integer from 1-1440 (5 minutes is the default)** – The time in minutes from the last user activity before Microsoft Edge kiosk mode resets to the default kiosk configuration. A confirmation dialog displays for the user to cancel or continue and automatically continues after 30 seconds.
+
+- **0** – No idle timer.
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure kiosk reset after idle timeout
+- **GP name:** ConfigureKioskResetAfterIdleTimeout
+- **GP element:** ConfigureKioskResetAfterIdleTimeout_TextBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureKioskResetAfterIdleTimeout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
+- Value name:ConfigureKioskResetAfterIdleTimeout
+- **Value type:** REG_DWORD
+
+
+
+### Related policies
+
+[Configure kiosk mode](../available-policies.md#configure-kiosk-mode): [!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
+
+
+
+### Related topics
+[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience.
+
+
diff --git a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
index aeb849adf4..0c02984f58 100644
--- a/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
+++ b/browsers/edge/includes/configure-enterprise-mode-site-list-include.md
@@ -9,10 +9,11 @@
### Supported values
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled or not configured **(default)** |0 |0 |Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. |
-|Enabled |1 |1 |Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 seconds, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.
For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). |
+| Group Policy | MDM | Registry | Description |
+|---------------------------------------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Disabled or not configured **(default)** | 0 | 0 | Turned off. Microsoft Edge does not check the Enterprise Mode Site List, and in this case, users might experience problems while using legacy apps. |
+| Enabled | 1 | 1 | Turned on. Microsoft Edge checks the Enterprise Mode Site List if configured. If an XML file exists in the cache container, IE11 waits 65 seconds and then checks the local cache for a new version from the server. If the server has a different version, Microsoft Edge uses the server file and stores it in the cache container. If you already use a site list, Enterprise Mode continues to work during the 65 seconds, but uses the existing file. To add the location to your site list, enter it in the **{URI}** box.
For details on how to configure the Enterprise Mode Site List, see [Interoperability and enterprise guidance](../group-policies/interoperability-enterprise-guidance-gp.md). |
+
---
### ADMX info and settings
@@ -29,7 +30,7 @@
- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/EnterpriseModeSiteList
- **Data type:** String
-
+
#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode
- **Value name:** SiteList
@@ -37,8 +38,9 @@
### Related Policies
-[Show message opening sites in IE](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE
-[show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+[Show message opening sites in IE](../available-policies.md#show-message-when-opening-sites-in-internet-explorer)
+
+[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
### Related topics
@@ -54,4 +56,4 @@
-
\ No newline at end of file
+
diff --git a/browsers/edge/includes/configure-favorites-bar-include.md b/browsers/edge/includes/configure-favorites-bar-include.md
index a5350ca9aa..e4e4ae2cb6 100644
--- a/browsers/edge/includes/configure-favorites-bar-include.md
+++ b/browsers/edge/includes/configure-favorites-bar-include.md
@@ -1,46 +1,48 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Not configured (Hidden but shown on the Start and New Tab pages)*
-
-
-[!INCLUDE [allow-favorites-bar-shortdesc](../shortdesc/configure-favorites-bar-shortdesc.md)]
-
-
-### Supported values
-
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Not configured **(default)** |Blank |Blank |Hidden but shown on the Start and New Tab pages.
Favorites Bar toggle (in Settings) = **Off** and enabled letting users make changes. |
-|Disabled |0 |0 |Hidden on all pages.
Favorites Bar toggle (in Settings) = **Off** and disabled preventing users from making changes
Show bar/Hide bar option (in the context menu) = hidden
|
-|Enabled |1 |1 |Shown on all pages.
Favorites Bar toggle (in Settings) = **On** and disabled preventing users from making changes
Show bar/Hide bar option (in the context menu) = hidden
|
-
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Favorites Bar
-- **GP name:** ConfigureFavoritesBar
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureFavoritesBar
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** ConfigureFavoritesBar
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Not configured (Hidden but shown on the Start and New Tab pages)*
+
+
+[!INCLUDE [allow-favorites-bar-shortdesc](../shortdesc/configure-favorites-bar-shortdesc.md)]
+
+
+### Supported values
+
+
+|Group Policy |MDM |Registry |Description |
+|---|:---:|:---:|---|
+|Not configured **(default)** |Blank |Blank |Hidden but shown on the Start and New Tab pages.
Favorites Bar toggle (in Settings) = **Off** and enabled letting users make changes. |
+|Disabled |0 |0 |Hidden on all pages.
Favorites Bar toggle (in Settings) = **Off** and disabled preventing users from making changes
Show bar/Hide bar option (in the context menu) = hidden
|
+|Enabled |1 |1 |Shown on all pages.
Favorites Bar toggle (in Settings) = **On** and disabled preventing users from making changes
Show bar/Hide bar option (in the context menu) = hidden
|
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Favorites Bar
+- **GP name:** ConfigureFavoritesBar
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureFavoritesBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureFavoritesBar
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** ConfigureFavoritesBar
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/configure-favorites-include.md b/browsers/edge/includes/configure-favorites-include.md
index 5287150eea..500c9acc12 100644
--- a/browsers/edge/includes/configure-favorites-include.md
+++ b/browsers/edge/includes/configure-favorites-include.md
@@ -1,12 +1,14 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->Discontinued in the Windows 10 October 2018 Update. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** group policy instead.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>Discontinued in the Windows 10 October 2018 Update. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** group policy instead.
+
+
diff --git a/browsers/edge/includes/configure-home-button-include.md b/browsers/edge/includes/configure-home-button-include.md
index eaaa4f7af4..3082d3014b 100644
--- a/browsers/edge/includes/configure-home-button-include.md
+++ b/browsers/edge/includes/configure-home-button-include.md
@@ -1,58 +1,61 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/28/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Disabled or not configured (Show home button and load the Start page)*
-
-
-[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled or not configured **(default)** |0 |0 |Load the Start page. |
-|Enabled |1 |1 |Load the New Tab page. |
-|Enabled |2 |2 |Load the custom URL defined in the Set Home Button URL policy. |
-|Enabled |3 |3 |Hide the home button. |
----
-
-
->[!TIP]
->If you want to make changes to this policy:
Enable the **Unlock Home Button** policy.
Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.
Disable the **Unlock Home Button** policy.
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Home Button
-- **GP name:** ConfigureHomeButton
-- **GP element:** ConfigureHomeButtonDropdown
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** ConfigureHomeButton
-- **Value type:** REG_DWORD
-
-### Related policies
-
-- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
-
-- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
-
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/28/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Show home button and load the Start page)*
+
+
+[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------|
+| Disabled or not configured **(default)** | 0 | 0 | Load the Start page. |
+| Enabled | 1 | 1 | Load the New Tab page. |
+| Enabled | 2 | 2 | Load the custom URL defined in the Set Home Button URL policy. |
+| Enabled | 3 | 3 | Hide the home button. |
+
+---
+
+
+>[!TIP]
+>If you want to make changes to this policy:
Enable the **Unlock Home Button** policy.
Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.
Disable the **Unlock Home Button** policy.
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Home Button
+- **GP name:** ConfigureHomeButton
+- **GP element:** ConfigureHomeButtonDropdown
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ConfigureHomeButton
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+
+- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
+
+
+
diff --git a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
index 98e3d163d0..bda51bb3e5 100644
--- a/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
+++ b/browsers/edge/includes/configure-kiosk-mode-supported-values-include.md
@@ -1,13 +1,16 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/27/2018
-ms.prod: edge
-ms:topic: include
----
-
-| | |
-|---|---|
-| **Single-app**
Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
**Digital signage** does not require user interaction.
_**Example.**_ Use digital signage for things like a rotating advertisement or menu.
**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.
_**Example.**_ Use interactive signage for things like a building business directory or restaurant order/pay station.
Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.
The single-app public browsing mode is the only kiosk mode that has an **End session** button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.
_**Example.**_ A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.
Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.
In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
_**Example.**_ A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
**Policy setting** = Enabled (1) |
----
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+| | |
+|----------|------|
+|**Single-app**
Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
**Digital signage** does not require user interaction.
***Example.*** Use digital signage for things like a rotating advertisement or menu.
**Interactive signage**, on the other hand, requires user interaction within the page but doesn’t allow for any other uses, such as browsing the internet.
***Example.*** Use interactive signage for things like a building business directory or restaurant order/pay station.
Runs a limited multi-tab version of Microsoft Edge, protecting user data. Microsoft Edge is the only app users can use on the device, preventing them from customizing Microsoft Edge. Users can only browse publically or end their browsing session.
The single-app public browsing mode is the only kiosk mode that has an End session button. Microsoft Edge also resets the session after a specified time of user inactivity. Both restart Microsoft Edge and clear the user’s session.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Runs a full-version of Microsoft Edge with all browsing features and preserves the user data and state between sessions.
Some features may not work depending on what other apps you have configured in assigned access. For example, installing extensions or books from the Microsoft store are not allowed if the store is not available. Also, if Internet Explorer 11 is set up in assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Runs a multi-tab version of Microsoft Edge InPrivate with a tailored experience for kiosks that runs in full-screen mode. Users can open and close Microsoft Edge and launch other apps if allowed by assigned access. Instead of an End session button to clear their browsing session, the user closes Microsoft Edge normally.
In this configuration, Microsoft Edge can interact with other applications. For example, if Internet Explorer 11 is set up in multi-app assigned access, you can enable [EnterpriseModeSiteList](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-enterprisemodesitelist) to automatically switch users to Internet Explorer 11 for sites that need backward compatibility support.
Example. A public library or hotel concierge desk are two examples of public browsing that provides access to Microsoft Edge and other apps.
Policy setting = Enabled (1) |
+
+---
diff --git a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
index 197b2c1f1a..1c08a3d745 100644
--- a/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
+++ b/browsers/edge/includes/configure-microsoft-edge-kiosk-mode-include.md
@@ -1,49 +1,51 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/27/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Not configured*
-
-[!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
-
-For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
-
-### Supported values
-
-[!INCLUDE [configure-kiosk-mode-supported-values-include](configure-kiosk-mode-supported-values-include.md)]
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure kiosk mode
-- **GP name:** ConfigureKioskMode
-- **GP element:** ConfigureKioskMode_TextBox
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
-- **Value name:** ConfigureKioskMode
-- **Value type:** REG_SZ
-
-### Related policies
-[Configure kiosk reset after idle timeout](../available-policies.md#configure-kiosk-reset-after-idle-timeout): [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
-
-
-### Related topics
-[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/27/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Not configured*
+
+[!INCLUDE [configure-kiosk-mode-shortdesc](../shortdesc/configure-kiosk-mode-shortdesc.md)]
+
+For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
+
+### Supported values
+
+[!INCLUDE [configure-kiosk-mode-supported-values-include](configure-kiosk-mode-supported-values-include.md)]
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure kiosk mode
+- **GP name:** ConfigureKioskMode
+- **GP element:** ConfigureKioskMode_TextBox
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\KioskMode
+- **Value name:** ConfigureKioskMode
+- **Value type:** REG_SZ
+
+### Related policies
+[Configure kiosk reset after idle timeout](../available-policies.md#configure-kiosk-reset-after-idle-timeout): [!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
+
+
+### Related topics
+[Deploy Microsoft Edge kiosk mode](../microsoft-edge-kiosk-mode-deploy.md): Microsoft Edge kiosk mode works with assigned access to allow IT administrators, to create a tailored browsing experience designed for kiosk devices. In this deployment guidance, you learn about the different Microsoft Edge kiosk mode types to help you determine what configuration is best suited for your kiosk device. You also learn about the other group policies to help you enhance the how to set up your Microsoft Edge kiosk mode experience.
+
+
diff --git a/browsers/edge/includes/configure-open-edge-with-include.md b/browsers/edge/includes/configure-open-edge-with-include.md
index 35c21d3076..a86cf568ce 100644
--- a/browsers/edge/includes/configure-open-edge-with-include.md
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@@ -1,65 +1,68 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled (A specific page or pages)*
-
-[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
-
-**Version 1703 or later:** If you don't want to send traffic to Microsoft, use the \ value, which honors both domain and non domain-joined devices when it's the only configured URL.
-
-**version 1809:** When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Not configured |Blank |Blank |If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
-|Enabled |0 |0 |Load the Start page. |
-|Enabled |1 |1 |Load the New Tab page. |
-|Enabled |2 |2 |Load the previous pages. |
-|Enabled **(default)** |3 |3 |Load a specific page or pages. |
----
-
-
->[!TIP]
->If you want to make changes to this policy:
Set the **Disabled Lockdown of Start Pages** policy to not configured.
Make changes to the **Configure Open Microsoft With** policy.
Enable the **Disabled Lockdown of Start Pages** policy.
-
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Open Microsoft Edge With
-- **GP name:** ConfigureOpenMicrosoftEdgeWith
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** ConfigureOpenEdgeWith
-- **Value type:** REG_DWORD
-
-### Related policies
-
-- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-
-- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-
-
-
-
-
----
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled (A specific page or pages)*
+
+[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+
+**Version 1703 or later:** If you don't want to send traffic to Microsoft, use the \ value, which honors both domain and non domain-joined devices when it's the only configured URL.
+
+**version 1809:** When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|--------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------|
+| Not configured | Blank | Blank | If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
+| Enabled | 0 | 0 | Load the Start page. |
+| Enabled | 1 | 1 | Load the New Tab page. |
+| Enabled | 2 | 2 | Load the previous pages. |
+| Enabled **(default)** | 3 | 3 | Load a specific page or pages. |
+
+---
+
+
+>[!TIP]
+>If you want to make changes to this policy:
Set the **Disabled Lockdown of Start Pages** policy to not configured.
Make changes to the **Configure Open Microsoft With** policy.
Enable the **Disabled Lockdown of Start Pages** policy.
+
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Open Microsoft Edge With
+- **GP name:** ConfigureOpenMicrosoftEdgeWith
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ConfigureOpenEdgeWith
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+
+- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+
+
+
+
+
+---
diff --git a/browsers/edge/includes/configure-password-manager-include.md b/browsers/edge/includes/configure-password-manager-include.md
index 463baf4185..5f075480ea 100644
--- a/browsers/edge/includes/configure-password-manager-include.md
+++ b/browsers/edge/includes/configure-password-manager-include.md
@@ -1,46 +1,49 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Enabled (Allowed/users can change the setting)*
-
-[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured |Blank |Blank |Users can choose to save and manage passwords locally. | |
-|Disabled |0 |no |Not allowed. | |
-|Enabled **(default)** |1 |yes |Allowed. | |
----
-
-Verify not allowed/disabled settings:
-1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2. Verify the settings **Save Password** is toggled off or on and is greyed out.
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Password Manager
-- **GP name:** AllowPasswordManager
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** FormSuggest Passwords
-- **Value type:** REG_SZ
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Allowed/users can change the setting)*
+
+[!INCLUDE [configure-password-manager-shortdesc](../shortdesc/configure-password-manager-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|--------------------------|:-----:|:--------:|--------------------------------------------------------|:------------------------------------------------:|
+| Not configured | Blank | Blank | Users can choose to save and manage passwords locally. | |
+| Disabled | 0 | no | Not allowed. |  |
+| Enabled **(default)** | 1 | yes | Allowed. | |
+
+---
+
+Verify not allowed/disabled settings:
+1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
+2. Verify the settings **Save Password** is toggled off or on and is greyed out.
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Password Manager
+- **GP name:** AllowPasswordManager
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPasswordManager](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** FormSuggest Passwords
+- **Value type:** REG_SZ
+
+
diff --git a/browsers/edge/includes/configure-pop-up-blocker-include.md b/browsers/edge/includes/configure-pop-up-blocker-include.md
index dffcc2ed7e..43374d7ccd 100644
--- a/browsers/edge/includes/configure-pop-up-blocker-include.md
+++ b/browsers/edge/includes/configure-pop-up-blocker-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Disabled (Turned off)*
-
-[!INCLUDE [configure-pop-up-blocker-shortdesc](../shortdesc/configure-pop-up-blocker-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured |Blank |Blank |Users can choose to use Pop-up Blocker. | |
-|Disabled **(default)** |0 |0 |Turned off. Allow pop-up windows to open. | |
-|Enabled |1 |1 |Turned on. Prevent pop-up windows from opening. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Pop-up Blocker
-- **GP name:** AllowPopups
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpopups)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups
-- **Data type:** Integer
-
-### Registry
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** AllowPopups
-- **Value type:** REG_SZ
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled (Turned off)*
+
+[!INCLUDE [configure-pop-up-blocker-shortdesc](../shortdesc/configure-pop-up-blocker-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------|:-----:|:--------:|-------------------------------------------------|:------------------------------------------------:|
+| Not configured | Blank | Blank | Users can choose to use Pop-up Blocker. | |
+| Disabled **(default)** | 0 | 0 | Turned off. Allow pop-up windows to open. | |
+| Enabled | 1 | 1 | Turned on. Prevent pop-up windows from opening. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Pop-up Blocker
+- **GP name:** AllowPopups
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowPopups](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowpopups)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowPopups
+- **Data type:** Integer
+
+### Registry
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** AllowPopups
+- **Value type:** REG_SZ
+
+
diff --git a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
index 4985091db3..5e74e11ac7 100644
--- a/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
+++ b/browsers/edge/includes/configure-search-suggestions-address-bar-include.md
@@ -1,42 +1,45 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Not configured (Blank)*
-
-[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured **(default)** |Blank |Blank |Users can choose to see search suggestions. | |
-|Disabled |0 |0 |Prevented. Hide the search suggestions. | |
-|Enabled |1 |1 |Allowed. Show the search suggestions. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure search suggestions in Address bar
-- **GP name:** AllowSearchSuggestionsinAddressBar
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes
-- **Value name:** ShowSearchSuggestionsGlobal
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Not configured (Blank)*
+
+[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------|:-----:|:--------:|---------------------------------------------|:------------------------------------------------:|
+| Not configured **(default)** | Blank | Blank | Users can choose to see search suggestions. | |
+| Disabled | 0 | 0 | Prevented. Hide the search suggestions. |  |
+| Enabled | 1 | 1 | Allowed. Show the search suggestions. | |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure search suggestions in Address bar
+- **GP name:** AllowSearchSuggestionsinAddressBar
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/AllowSearchSuggestionsinAddressBar
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\SearchScopes
+- **Value name:** ShowSearchSuggestionsGlobal
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/configure-start-pages-include.md b/browsers/edge/includes/configure-start-pages-include.md
index 3d007554e7..911d1b11c9 100644
--- a/browsers/edge/includes/configure-start-pages-include.md
+++ b/browsers/edge/includes/configure-start-pages-include.md
@@ -1,51 +1,54 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Blank or not configured (Load pages specified in App settings)*
-
-[!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Not configured |Blank |Blank |Load the pages specified in App settings as the default Start pages. |
-|Enabled |String |String |Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:
\\
**Version 1703 or later:** If you do not want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL.
**Version 1809:** When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Configure Start pages
-- **GP name:** HomePages
-- **GP element:** HomePagesPrompt
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
-- **Data type:** String
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** ProvisionedHomePages
-- **Value type:** REG_SZ
-
-
-### Related policies
-
-- [Disable Lockdown of Start Pages](#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-
-- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
-
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Blank or not configured (Load pages specified in App settings)*
+
+[!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|----------------|:------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Not configured | Blank | Blank | Load the pages specified in App settings as the default Start pages. |
+| Enabled | String | String | Enter the URLs of the pages you want to load as the Start pages, separating each page using angle brackets:
\\
**Version 1703 or later:** If you do not want to send traffic to Microsoft, use the \ value, which honors both domain and non-domain-joined devices when it's the only configured URL.
**Version 1809:** When you enable the Configure Open Microsoft Edge With policy with any option selected, and you enable the Configure Start Pages policy, the Configure Open Microsoft Edge With policy takes precedence, ignoring the Configure Start Pages policy. |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Configure Start pages
+- **GP name:** HomePages
+- **GP element:** HomePagesPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[HomePages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-homepages)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ProvisionedHomePages
+- **Value type:** REG_SZ
+
+
+### Related policies
+
+- [Disable Lockdown of Start Pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+
+- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+
+
+
+
diff --git a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
index 5e460d6a00..c17f639024 100644
--- a/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
+++ b/browsers/edge/includes/configure-windows-defender-smartscreen-include.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
+author: eavena
+ms.author: eravena
ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -14,16 +17,17 @@ ms:topic: include
### Supported values
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured |Blank |Blank |Users can choose to use Windows Defender SmartScreen. | |
-|Disabled |0 |0 |Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
-|Enabled |1 |1 |Turned on. Protect users from potential threats and prevent users from turning it off. | |
+| Group Policy | MDM | Registry | Description | Most restricted |
+|----------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Not configured | Blank | Blank | Users can choose to use Windows Defender SmartScreen. | |
+| Disabled | 0 | 0 | Turned off. Do not protect users from potential threats and prevent users from turning it on. | |
+| Enabled | 1 | 1 | Turned on. Protect users from potential threats and prevent users from turning it off. |  |
+
---
To verify Windows Defender SmartScreen is turned off (disabled):
1. Click or tap **More** (…) and select **Settings** > **View Advanced settings**.
-2. Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is disabled.
+2. Verify the setting **Help protect me from malicious sites and download with Windows Defender SmartScreen** is disabled.
### ADMX info and settings
@@ -44,4 +48,4 @@ To verify Windows Defender SmartScreen is turned off (disabled):
- **Value name:** EnabledV9
- **Value type:** REG_DWORD
-
\ No newline at end of file
+
diff --git a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
index 94af3ec1e5..d2ae261042 100644
--- a/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
+++ b/browsers/edge/includes/disable-lockdown-of-start-pages-include.md
@@ -1,55 +1,58 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Enabled (Start pages are not editable)*
-
-[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured |0 |0 |Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. | |
-|Enabled |1 |1 |Unlocked. Users can make changes to all configured start pages.
When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
----
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Disable lockdown of Start pages
-- **GP name:** DisableLockdownOfStartPages
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** DisableLockdownOfStartPages
-- **Value type:** REG_SZ
-
-
-
-
-
-### Related Policies
-- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
-
-- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
-
-### Related topics
-
-[!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Enabled (Start pages are not editable)*
+
+[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|----------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Not configured | 0 | 0 | Locked. Start pages configured in either the Configure Open Microsoft Edge With policy and Configure Start Pages policy are not editable. |  |
+| Enabled | 1 | 1 | Unlocked. Users can make changes to all configured start pages.
When you enable this policy and define a set of URLs in the Configure Start Pages policy, Microsoft Edge uses the URLs defined in the Configure Open Microsoft Edge With policy. | |
+
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Disable lockdown of Start pages
+- **GP name:** DisableLockdownOfStartPages
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[DisableLockdownOfStartPages](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-disablelockdownofstartpages)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/DisableLockdownOfStartPages
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** DisableLockdownOfStartPages
+- **Value type:** REG_SZ
+
+
+
+
+
+### Related Policies
+- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+
+- [Configure Open Microsoft Edge With](../available-policies.md#configure-open-microsoft-edge-with): [!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+
+### Related topics
+
+[!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/do-not-sync-browser-settings-include.md b/browsers/edge/includes/do-not-sync-browser-settings-include.md
index 143622193e..c20bdd6781 100644
--- a/browsers/edge/includes/do-not-sync-browser-settings-include.md
+++ b/browsers/edge/includes/do-not-sync-browser-settings-include.md
@@ -1,52 +1,55 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Disabled or not configured (Allowed/turned on)*
-
-[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled or not configured **(default)** |0 |0 |Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes. |
-|Enabled |2 |2 |Prevented/turned off. The “browser” group does not use the _Sync your Settings_ option. |
----
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Do not sync browser settings
-- **GP name:** DisableWebBrowserSettingSync
-- **GP path:** Windows Components/Sync your settings
-- **GP ADMX file name:** SettingSync.admx
-
-#### MDM settings
-- **MDM name:** [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSettings
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\Policies\Microsoft\Windows\SettingSync
-- **Value name:** DisableWebBrowserSettingSyncUserOverride
-- **Value
-
-### Related policies
-
-[Prevent users from turning on browser syncing](../available-policies.md#prevent-users-from-turning-on-browser-syncing): [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
-
-
-
-### Related topics
-
-[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices)
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured (Allowed/turned on)*
+
+[!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|---------------------------------------------|:---:|:--------:|-------------------------------------------------------------------------------------------------------------------|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed/turned on. The “browser” group syncs automatically between user’s devices and lets users to make changes. |
+| Enabled | 2 | 2 | Prevented/turned off. The “browser” group does not use the *Sync your Settings* option. |
+
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Do not sync browser settings
+- **GP name:** DisableWebBrowserSettingSync
+- **GP path:** Windows Components/Sync your settings
+- **GP ADMX file name:** SettingSync.admx
+
+#### MDM settings
+- **MDM name:** [Experience/DoNotSyncBrowserSettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-donotsyncbrowsersetting)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/DoNotSyncBrowserSettings
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\Policies\Microsoft\Windows\SettingSync
+- **Value name:** DisableWebBrowserSettingSyncUserOverride
+- **Value
+
+### Related policies
+
+[Prevent users from turning on browser syncing](../available-policies.md#prevent-users-from-turning-on-browser-syncing): [!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
+
+
+
+### Related topics
+
+[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices)
+
+
diff --git a/browsers/edge/includes/do-not-sync-include.md b/browsers/edge/includes/do-not-sync-include.md
index 4434b8e64c..e959162f90 100644
--- a/browsers/edge/includes/do-not-sync-include.md
+++ b/browsers/edge/includes/do-not-sync-include.md
@@ -1,45 +1,48 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Disabled or not configured (Allowed/turned on)*
-
-[!INCLUDE [do-not-sync-shortdesc](../shortdesc/do-not-sync-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed/turned on. Users can choose what to sync to their device. | |
-|Enabled |2 |2 |Prevented/turned off. Disables the _Sync your Settings_ toggle and prevents syncing. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Do not sync
-- **GP name:** AllowSyncMySettings
-- **GP path:** Windows Components/Sync your settings
-- **GP ADMX file name:** SettingSync.admx
-
-#### MDM settings
-- **MDM name:** Experience/[AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\Windows\SettingSync
-- **Value name:** DisableSettingSyn
-- **Value type:** REG_DWORD
-
-### Related topics
-[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices): Learn about what settings are synced.
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured (Allowed/turned on)*
+
+[!INCLUDE [do-not-sync-shortdesc](../shortdesc/do-not-sync-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed/turned on. Users can choose what to sync to their device. | |
+| Enabled | 2 | 2 | Prevented/turned off. Disables the *Sync your Settings* toggle and prevents syncing. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Do not sync
+- **GP name:** AllowSyncMySettings
+- **GP path:** Windows Components/Sync your settings
+- **GP ADMX file name:** SettingSync.admx
+
+#### MDM settings
+- **MDM name:** Experience/[AllowSyncMySettings](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\Windows\SettingSync
+- **Value name:** DisableSettingSyn
+- **Value type:** REG_DWORD
+
+### Related topics
+[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices): Learn about what settings are synced.
+
+
+
diff --git a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
index 7d722faf12..afb78c58e3 100644
--- a/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
+++ b/browsers/edge/includes/enable-device-for-dev-shortdesc-include.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+[Enable your device for development](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development): Developers can access special development features, along with other developer-focused settings, which makes it possible for them to develop, test, and debug apps. Learn how to configure your environment for development, the difference between Developer Mode and sideloading, and the security risks of Developer mode.
diff --git a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
index d3d116dc84..d64fe44479 100644
--- a/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
+++ b/browsers/edge/includes/ie11-send-all-sites-not-in-site-list-include.md
@@ -1,19 +1,21 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
->*Supported versions: Internet Explorer 11 on Windows 10, version 1607 or later*
->*Default setting: Disabled or not configured*
-
-By default, all sites open the currently active browser. With this policy, you can automatically open all sites not included in the Enterprise Mode Site List in Microsoft Edge. When you enable this policy, you must also turn on the Internet Explorer\Use the Enterprise Mode IE website list policy and include at least one site in the Enterprise Mode Site List.
-
->[!NOTE]
->If you’ve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11.
-
-You can find the group policy settings in the following location of the Group Policy Editor:
-
- **Computer Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\**
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+>*Supported versions: Internet Explorer 11 on Windows 10, version 1607 or later*
+>*Default setting: Disabled or not configured*
+
+By default, all sites open the currently active browser. With this policy, you can automatically open all sites not included in the Enterprise Mode Site List in Microsoft Edge. When you enable this policy, you must also turn on the Internet Explorer\Use the Enterprise Mode IE website list policy and include at least one site in the Enterprise Mode Site List.
+
+>[!NOTE]
+>If you’ve also enabled the Microsoft Edge [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11) policy, all intranet sites continue to open in Internet Explorer 11.
+
+You can find the group policy settings in the following location of the Group Policy Editor:
+
+ **Computer Configuration\\Administrative Templates\\Windows Components\\Internet Explorer\\**
diff --git a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
index c7fc49bc93..eb790351a1 100644
--- a/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
+++ b/browsers/edge/includes/keep-fav-sync-ie-edge-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Turned off/not syncing)*
-
-[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Turned off/not syncing | |
-|Enabled |1 |1 |Turned on/syncing | |
----
-
-### ADMX info and settings
-### ADMX info
-- **GP English name:** Keep favorites in sync between Internet Explorer and Microsoft Edge
-- **GP name:** SyncFavoritesBetweenIEAndMicrosoftEdge
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** SyncFavoritesBetweenIEAndMicrosoftEdge
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Turned off/not syncing)*
+
+[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Turned off/not syncing | |
+| Enabled | 1 | 1 | Turned on/syncing |  |
+
+---
+
+### ADMX info and settings
+### ADMX info
+- **GP English name:** Keep favorites in sync between Internet Explorer and Microsoft Edge
+- **GP name:** SyncFavoritesBetweenIEAndMicrosoftEdge
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SyncFavoritesBetweenIEAndMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-syncfavoritesbetweenieandmicrosoftedge)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SyncFavoritesBetweenIEAndMicrosoftEdge
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** SyncFavoritesBetweenIEAndMicrosoftEdge
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
index f7d692d864..211b16465b 100644
--- a/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
+++ b/browsers/edge/includes/man-connections-win-comp-services-shortdesc-include.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows and evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+[Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services): Learn about the network connections from Windows to Microsoft services. Also, learn about the privacy settings that affect the data shared with either Microsoft or apps and how to manage them in an enterprise. You can configure diagnostic data at the lowest level for your edition of Windows and evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment.
diff --git a/browsers/edge/includes/prevent-access-about-flag-include.md b/browsers/edge/includes/prevent-access-about-flag-include.md
index 1f55180874..144451edb0 100644
--- a/browsers/edge/includes/prevent-access-about-flag-include.md
+++ b/browsers/edge/includes/prevent-access-about-flag-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
->*Default setting: Disabled or not configured (Allowed)*
-
-[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../shortdesc/prevent-access-to-about-flags-page-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed | |
-|Enabled |1 |1 |Prevented | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent access to the about:flags page in Microsoft Edge
-- **GP name:** PreventAccessToAboutFlagsInMicrosoftEdge
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** PreventAccessToAboutFlagsInMicrosoftEdge
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 or later*
+>*Default setting: Disabled or not configured (Allowed)*
+
+[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../shortdesc/prevent-access-to-about-flags-page-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed | |
+| Enabled | 1 | 1 | Prevented |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent access to the about:flags page in Microsoft Edge
+- **GP name:** PreventAccessToAboutFlagsInMicrosoftEdge
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventAccessToAboutFlagsInMicrosoftEdge](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventaccesstoaboutflagsinmicrosoftedge)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventAccessToAboutFlagsInMicrosoftEdge
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** PreventAccessToAboutFlagsInMicrosoftEdge
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
index 7638ce642a..1c3c2ebf02 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-files-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
->*Default setting: Disabled or not configured (Allowed/turned off)*
-
-[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | |
-|Enabled |1 |1 |Prevented/turned on. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for files
-- **GP name:** PreventSmartScreenPromptOverrideForFiles
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
-- **Value name:** PreventOverrideAppRepUnknown
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Allowed/turned off)*
+
+[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to download the unverified file(s). | |
+| Enabled | 1 | 1 | Prevented/turned on. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for files
+- **GP name:** PreventSmartScreenPromptOverrideForFiles
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventSmartScreenPromptOverrideForFiles](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverrideforfiles)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
+- **Value name:** PreventOverrideAppRepUnknown
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
index 438290f181..a6b5e9dde9 100644
--- a/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
+++ b/browsers/edge/includes/prevent-bypassing-win-defender-sites-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
->*Default setting: Disabled or not configured (Allowed/turned off)*
-
-[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed/turned off. Users can ignore the warning and continue to the site.| |
-|Enabled |1 |1 |Prevented/turned on. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for sites
-- **GP name:** PreventSmartscreenPromptOverride
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventSmartscreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
-- **Value name:** PreventOverride
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Allowed/turned off)*
+
+[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed/turned off. Users can ignore the warning and continue to the site. | |
+| Enabled | 1 | 1 | Prevented/turned on. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent bypassing Windows Defender SmartScreen prompts for sites
+- **GP name:** PreventSmartscreenPromptOverride
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventSmartscreenPromptOverride](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventsmartscreenpromptoverride)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter
+- **Value name:** PreventOverride
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-certificate-error-overrides-include.md b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
index 404d0688e3..ab20b1ca5b 100644
--- a/browsers/edge/includes/prevent-certificate-error-overrides-include.md
+++ b/browsers/edge/includes/prevent-certificate-error-overrides-include.md
@@ -1,40 +1,43 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Disabled or not configured (Allowed/turned off)*
-
-[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed/turned on. Override the security warning to sites that have SSL errors. | |
-|Enabled |1 |1 |Prevented/turned on. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent certificate error overrides
-- **GP name:** PreventCertErrorOverrides
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventCertErrorOverrides
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Setting
-- **Value name:** PreventCertErrorOverrides
-- **Value type:** REG_DWORD
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Allowed/turned off)*
+
+[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|---------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed/turned on. Override the security warning to sites that have SSL errors. | |
+| Enabled | 1 | 1 | Prevented/turned on. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent certificate error overrides
+- **GP name:** PreventCertErrorOverrides
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventCertErrorOverrides](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventCertErrorOverrides
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Setting
+- **Value name:** PreventCertErrorOverrides
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-changes-to-favorites-include.md b/browsers/edge/includes/prevent-changes-to-favorites-include.md
index 75a386025f..0b6691b746 100644
--- a/browsers/edge/includes/prevent-changes-to-favorites-include.md
+++ b/browsers/edge/includes/prevent-changes-to-favorites-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
->*Default setting: Disabled or not configured (Allowed/not locked down)*
-
-[!INCLUDE [prevent-changes-to-favorites-shortdesc](../shortdesc/prevent-changes-to-favorites-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | |
-|Enabled |1 |1 |Prevented/locked down. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent changes to Favorites on Microsoft Edge
-- **GP name:** LockdownFavorites
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Favorites
-- **Value name:** LockdownFavorites
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1709 or later*
+>*Default setting: Disabled or not configured (Allowed/not locked down)*
+
+[!INCLUDE [prevent-changes-to-favorites-shortdesc](../shortdesc/prevent-changes-to-favorites-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed/unlocked. Users can add, import, and make changes to the Favorites list. | |
+| Enabled | 1 | 1 | Prevented/locked down. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent changes to Favorites on Microsoft Edge
+- **GP name:** LockdownFavorites
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[LockdownFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/LockdownFavorites
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Favorites
+- **Value name:** LockdownFavorites
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-first-run-webpage-open-include.md b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
index ec2966bba7..be8eec24b9 100644
--- a/browsers/edge/includes/prevent-first-run-webpage-open-include.md
+++ b/browsers/edge/includes/prevent-first-run-webpage-open-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Allowed)*
-
-[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed. Load the First Run webpage. | |
-|Enabled |1 |1 |Prevented. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent the First Run webpage from opening on Microsoft Edge
-- **GP name:** PreventFirstRunPage
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage
-- **Data type:** Integer
-
-####Registry
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** PreventFirstRunPage
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Allowed)*
+
+[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed. Load the First Run webpage. | |
+| Enabled | 1 | 1 | Prevented. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent the First Run webpage from opening on Microsoft Edge
+- **GP name:** PreventFirstRunPage
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventFirstRunPage](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventfirstrunpage)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventFirstRunPage
+- **Data type:** Integer
+
+#### Registry
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** PreventFirstRunPage
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
index e595e3fe28..ea8f458f04 100644
--- a/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
+++ b/browsers/edge/includes/prevent-live-tile-pinning-start-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Disabled or not configured (Collect and send)*
-
-[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Collect and send Live Tile metadata. | |
-|Enabled |1 |1 |Do not collect data. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
-- **GP name:** PreventLiveTileDataCollection
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** PreventLiveTileDataCollection
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Disabled or not configured (Collect and send)*
+
+[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|--------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Collect and send Live Tile metadata. | |
+| Enabled | 1 | 1 | Do not collect data. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
+- **GP name:** PreventLiveTileDataCollection
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventLiveTileDataCollection](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventlivetiledatacollection)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventLiveTileDataCollection
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** PreventLiveTileDataCollection
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
index 39187a492b..0bc6ba7764 100644
--- a/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
+++ b/browsers/edge/includes/prevent-localhost-address-for-webrtc-include.md
@@ -1,41 +1,44 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
->*Default setting: Disabled or not configured (Allowed/show localhost IP addresses)*
-
-[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |Allowed. Show localhost IP addresses. | |
-|Enabled |1 |1 |Prevented. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent using Localhost IP address for WebRTC
-- **GP name:** HideLocalHostIPAddress
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** HideLocalHostIPAddress
-- **Value type:** REG_DWORD
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Allowed/show localhost IP addresses)*
+
+[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|---------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | Allowed. Show localhost IP addresses. | |
+| Enabled | 1 | 1 | Prevented. |  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent using Localhost IP address for WebRTC
+- **GP name:** HideLocalHostIPAddress
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[PreventUsingLocalHostIPAddressForWebRTC](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-preventusinglocalhostipaddressforwebrtc)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/PreventUsingLocalHostIPAddressForWebRTC
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** HideLocalHostIPAddress
+- **Value type:** REG_DWORD
+
+
diff --git a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
index 4f168cc2ab..897dc4f9bb 100644
--- a/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
+++ b/browsers/edge/includes/prevent-turning-off-required-extensions-include.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
+author: eavena
+ms.author: eravena
ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
@@ -15,10 +18,11 @@ ms:topic: include
### Supported values
-|Group Policy |Description |
-|---|---|
-|Disabled or not configured **(default)** |Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
-|Enabled |Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office Online extension prevents users from turning it off:
After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.
Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
+| Group Policy | Description |
+|---------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Disabled or not configured **(default)** | Allowed. Users can uninstall extensions. If you previously enabled this policy and you decide to disable it, the list of extension PFNs defined in this policy get ignored. |
+| Enabled | Provide a semi-colon delimited list of extension PFNs. For example, adding the following OneNote Web Clipper and Office extension prevents users from turning it off:
After defining the list of extensions, you deploy them through any available enterprise deployment channel, such as Microsoft Intune.
Removing extensions from the list does not uninstall the extension from the user’s computer automatically. To uninstall the extension, use any available enterprise deployment channel. If you enable the [Allow Developer Tools](../group-policies/developer-settings-gp.md#allow-developer-tools) policy, then this policy does not prevent users from debugging and altering the logic on an extension. |
+
---
@@ -50,7 +54,7 @@ ms:topic: include
- [Find a package family name (PFN) for per-app VPN](https://docs.microsoft.com/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn): There are two ways to find a PFN so that you can configure a per-app VPN.
- [How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/windows-store-for-business): The Microsoft Store for Business gives you a place to find and purchase apps for your organization, individually, or in volume. By connecting the store to Microsoft Intune, you can manage volume-purchased apps from the Azure portal.
- [How to assign apps to groups with Microsoft Intune](https://docs.microsoft.com/intune/apps-deploy): Apps can be assigned to devices whether or not Intune manages them.
-- [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune.
+- [Manage apps from the Microsoft Store for Business with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business): Configuration Manager supports managing Microsoft Store for Business apps on both Windows 10 devices with the Configuration Manager client, and also Windows 10 devices enrolled with Microsoft Intune.
- [How to add Windows line-of-business (LOB) apps to Microsoft Intune](https://docs.microsoft.com/intune/lob-apps-windows): A line-of-business (LOB) app is one that you add from an app installation file. Typically, these types of apps are written in-house.
-
\ No newline at end of file
+
diff --git a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
index 5548ae3f74..d04f548fca 100644
--- a/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
+++ b/browsers/edge/includes/prevent-users-to-turn-on-browser-syncing-include.md
@@ -1,44 +1,48 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Enabled or not configured (Prevented/turned off)*
-
-[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
-
-### Supported values
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled |0 |0 |Allowed/turned on. Users can sync the browser settings. |
-|Enabled or not configured **(default)** |1 |1 |Prevented/turned off. |
----
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Prevent users from turning on browser syncing
-- **GP name:** PreventUsersFromTurningOnBrowserSyncing
-- **GP path:** Windows Components/Sync your settings
-- **GP ADMX file name:** SettingSync.admx
-
-#### MDM settings
-- **MDM name:** Experience/[PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/PreventUsersFromTurningOnBrowserSyncing
-- **Data type:** String
-
-
-### Related policies
-[Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings): [!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)].
-
-### Related topics
-[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices)
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Enabled or not configured (Prevented/turned off)*
+
+[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|--------------------------------------------|:---:|:--------:|---------------------------------------------------------|
+| Disabled | 0 | 0 | Allowed/turned on. Users can sync the browser settings. |
+| Enabled or not configured **(default)** | 1 | 1 | Prevented/turned off. |
+
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Prevent users from turning on browser syncing
+- **GP name:** PreventUsersFromTurningOnBrowserSyncing
+- **GP path:** Windows Components/Sync your settings
+- **GP ADMX file name:** SettingSync.admx
+
+#### MDM settings
+- **MDM name:** Experience/[PreventUsersFromTurningOnBrowserSyncing](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience#experience-preventusersfromturningonbrowsersyncing)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Experience/PreventUsersFromTurningOnBrowserSyncing
+- **Data type:** String
+
+
+### Related policies
+[Do not sync browser settings](../available-policies.md#do-not-sync-browser-settings): [!INCLUDE [do-not-sync-browser-settings-shortdesc](../shortdesc/do-not-sync-browser-settings-shortdesc.md)].
+
+### Related topics
+[About sync setting on Microsoft Edge on Windows 10 devices](https://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices)
+
+
+
diff --git a/browsers/edge/includes/provision-favorites-include.md b/browsers/edge/includes/provision-favorites-include.md
index a67f33444b..fdb0016715 100644
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@@ -1,49 +1,52 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
->*Default setting: Disabled or not configured (Customizable)*
-
-[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
-
-
->[!IMPORTANT]
->Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
-
-### Supported values
-
-|Group Policy |Description |Most restricted |
-|---|---|:---:|
-|Disabled or not configured **(default)** |Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
-|Enabled |Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.
To define a default list of favorites, do the following:
In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
Click **Import from another browser**, click **Export to file** and save the file.
In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
Local network: "SiteList"="\network\shares\URLs.html"
Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
| |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Provision Favorites
-- **GP name:** ConfiguredFavorites
-- **GP element:** ConfiguredFavoritesPrompt
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites
-- **Data type:** String
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
-- **Value name:** ConfiguredFavorites
-- **Value type:** REG_SZ
-
-### Related policies
-[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*
+>*Default setting: Disabled or not configured (Customizable)*
+
+[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
+
+
+>[!IMPORTANT]
+>Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
+
+### Supported values
+
+| Group Policy | Description | Most restricted |
+|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | Users can customize the favorites list, such as adding folders, or adding and removing favorites. | |
+| Enabled | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.
To define a default list of favorites, do the following:
In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.
Click **Import from another browser**, click **Export to file** and save the file.
In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision. Specify the URL as:
HTTP location: "SiteList"=
Local network: "SiteList"="\network\shares\URLs.html"
Local file: "SiteList"=file:///c:/Users/Documents/URLs.html
|  |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Provision Favorites
+- **GP name:** ConfiguredFavorites
+- **GP element:** ConfiguredFavoritesPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
+- **Value name:** ConfiguredFavorites
+- **Value type:** REG_SZ
+
+### Related policies
+[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
index 0189af0a67..ef83bc4778 100644
--- a/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
+++ b/browsers/edge/includes/search-provider-discovery-shortdesc-include.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-[Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+[Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/browsers/edge/includes/send-all-intranet-sites-ie-include.md b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
index 17ce737c8c..2d8195f03e 100644
--- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@@ -1,59 +1,62 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10*
->*Default setting: Disabled or not configured*
-
-[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
-
->[!TIP]
->Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.
-
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |All sites, including intranet sites, open in Microsoft Edge automatically. | |
-|Enabled |1 |1 |Only intranet sites open in Internet Explorer 11 automatically.
Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.
In Group Policy Editor, navigate to:
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.
A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
| |
----
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Send all intranet sites to Internet Explorer 11
-- **GP name:** SendIntranetTraffictoInternetExplorer
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
-- **Value name:** SendIntranetTraffictoInternetExplorer
-- **Value type:** REG_DWORD
-
-### Related Policies
-- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
-
-- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
-
-
-### Related topics
-- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge.
-
-- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
-
-- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10*
+>*Default setting: Disabled or not configured*
+
+[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
+
+>[!TIP]
+>Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | All sites, including intranet sites, open in Microsoft Edge automatically. |  |
+| Enabled | 1 | 1 | Only intranet sites open in Internet Explorer 11 automatically.
Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.
In Group Policy Editor, navigate to:
**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**
Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.
A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.
| |
+
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Send all intranet sites to Internet Explorer 11
+- **GP name:** SendIntranetTraffictoInternetExplorer
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+- **Value name:** SendIntranetTraffictoInternetExplorer
+- **Value type:** REG_DWORD
+
+### Related Policies
+- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
+
+- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
+
+### Related topics
+- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge.
+
+- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377). Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
+
+- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
+
+
diff --git a/browsers/edge/includes/set-default-search-engine-include.md b/browsers/edge/includes/set-default-search-engine-include.md
index f7156818de..104cb3ebdd 100644
--- a/browsers/edge/includes/set-default-search-engine-include.md
+++ b/browsers/edge/includes/set-default-search-engine-include.md
@@ -1,57 +1,60 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
->*Default setting: Not configured (Defined in App settings)*
-
-[!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Not configured **(default)** |Blank |Blank |Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | |
-|Disabled |0 |0 |Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | |
-|Enabled |1 |1 |Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.
If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. | |
----
-
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Set default search engine
-- **GP name:** SetDefaultSearchEngine
-- **GP element:** SetDefaultSearchEngine_Prompt
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch
-- **Value name:** SetDefaultSearchEngine
-- **Value type:** REG_SZ
-
-### Related policies
-
-- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
-
-- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
-
-### Related topics
-
-- [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
-
-- [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): The Microsoft Edge address bar uses rich search integration, including search suggestions, results from the web, your browsing history, and favorites.
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*
+>*Default setting: Not configured (Defined in App settings)*
+
+[!INCLUDE [set-default-search-engine-shortdesc](../shortdesc/set-default-search-engine-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------|:-----:|:--------:|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Not configured **(default)** | Blank | Blank | Use the search engine specified in App settings. If you don't configure this policy and disable the [Allow search engine customization](../group-policies/search-engine-customization-gp.md#allow-search-engine-customization) policy, users cannot make changes. | |
+| Disabled | 0 | 0 | Remove or don't use the policy-set search engine and use the search engine for the market, letting users make changes. | |
+| Enabled | 1 | 1 | Use the policy-set search engine specified in the OpenSearch XML file, preventing users from making changes.
Specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery). Use this format to specify the link you want to add.
If you want your users to use the default Microsoft Edge settings for each market, then set the string to **EDGEDEFAULT**.
If you would like your users to use Microsoft Bing as the default search engine, then set the string to **EDGEBING**. |  |
+
+---
+
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Set default search engine
+- **GP name:** SetDefaultSearchEngine
+- **GP element:** SetDefaultSearchEngine_Prompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** [SetDefaultSearchEngine](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setdefaultsearchengine)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetDefaultSearchEngine
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\OpenSearch
+- **Value name:** SetDefaultSearchEngine
+- **Value type:** REG_SZ
+
+### Related policies
+
+- [Configure additional search engines](../available-policies.md#configure-additional-search-engines): [!INCLUDE [configure-additional-search-engines-shortdesc](../shortdesc/configure-additional-search-engines-shortdesc.md)]
+
+- [Allow search engine customization](../available-policies.md#allow-search-engine-customization): [!INCLUDE [allow-search-engine-customization-shortdesc](../shortdesc/allow-search-engine-customization-shortdesc.md)]
+
+### Related topics
+
+- [!INCLUDE [microsoft-browser-extension-policy-shortdesc](../shortdesc/microsoft-browser-extension-policy-shortdesc.md)]
+
+- [Search provider discovery](https://docs.microsoft.com/microsoft-edge/dev-guide/browser/search-provider-discovery): The Microsoft Edge address bar uses rich search integration, including search suggestions, results from the web, your browsing history, and favorites.
+
+
diff --git a/browsers/edge/includes/set-home-button-url-include.md b/browsers/edge/includes/set-home-button-url-include.md
index 5e091f18ac..3cf0692dbb 100644
--- a/browsers/edge/includes/set-home-button-url-include.md
+++ b/browsers/edge/includes/set-home-button-url-include.md
@@ -1,49 +1,52 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Disabled or not configured (Blank)*
-
-[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled or not configured **(default)** |Blank |Blank |Show the home button, load the Start pages, and lock down the home button to prevent users from changing what page loads. |
-|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.
For this policy to work, you must also enable the [Configure Home Button](../available-policies.md#configure-home-button) policy and select the _Show home button & set a specific page_ option. |
----
-
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Set Home Button URL
-- **GP name:** SetHomeButtonURL
-- **GP element:** SetHomeButtonURLPrompt
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)
-- **Supported devices:** Desktop and Mobile
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
-- **Data type:** String
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** ConfigureHomeButtonURL
-- **Value type:** REG_SZ
-
-### Related policies
-
-- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-
-- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
-
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Blank)*
+
+[!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|---------------------------------------------|:------:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Disabled or not configured **(default)** | Blank | Blank | Show the home button, load the Start pages, and lock down the home button to prevent users from changing what page loads. |
+| Enabled - String | String | String | Enter a URL in string format, for example, https://www.msn.com.
For this policy to work, you must also enable the [Configure Home Button](../available-policies.md#configure-home-button) policy and select the *Show home button & set a specific page* option. |
+
+---
+
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Set Home Button URL
+- **GP name:** SetHomeButtonURL
+- **GP element:** SetHomeButtonURLPrompt
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)
+- **Supported devices:** Desktop and Mobile
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ConfigureHomeButtonURL
+- **Value type:** REG_SZ
+
+### Related policies
+
+- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+
+- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
+
+
diff --git a/browsers/edge/includes/set-new-tab-url-include.md b/browsers/edge/includes/set-new-tab-url-include.md
index 8b9ac1c728..58536ae480 100644
--- a/browsers/edge/includes/set-new-tab-url-include.md
+++ b/browsers/edge/includes/set-new-tab-url-include.md
@@ -1,48 +1,51 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Disabled or not configured (Blank)*
-
-[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled or not configured **(default)** |Blank |Blank |Load the default New Tab page. |
-|Enabled - String |String |String |Enter a URL in string format, for example, https://www.msn.com.
Enabling this policy prevents users from making changes.
|
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Set New Tab page URL
-- **GP name:** SetNewTabPageURL
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
-- **Data type:** String
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** NewTabPageUR
-- **Value type:** REG_SZ
-
-
-### Related policies
-
-[Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page): [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
-
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Blank)*
+
+[!INCLUDE [set-new-tab-url-shortdesc](../shortdesc/set-new-tab-url-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|---------------------------------------------|:------:|:--------:|----------------------------------------------------------------------------------------------------------------------------------|
+| Disabled or not configured **(default)** | Blank | Blank | Load the default New Tab page. |
+| Enabled - String | String | String | Enter a URL in string format, for example, https://www.msn.com.
Enabling this policy prevents users from making changes.
|
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Set New Tab page URL
+- **GP name:** SetNewTabPageURL
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
+- **Data type:** String
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** NewTabPageUR
+- **Value type:** REG_SZ
+
+
+### Related policies
+
+[Allow web content on New Tab page](../available-policies.md#allow-web-content-on-new-tab-page): [!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
+
+
+
+
diff --git a/browsers/edge/includes/show-message-opening-sites-ie-include.md b/browsers/edge/includes/show-message-opening-sites-ie-include.md
index c5e808c926..024279e776 100644
--- a/browsers/edge/includes/show-message-opening-sites-ie-include.md
+++ b/browsers/edge/includes/show-message-opening-sites-ie-include.md
@@ -1,52 +1,55 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*
->*Default setting: Disabled or not configured (No additional message)*
-
-
-[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
-
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |Most restricted |
-|---|:---:|:---:|---|:---:|
-|Disabled or not configured **(default)** |0 |0 |No additional message displays. | |
-|Enabled |1 |1 |Show an additional message stating that a site has opened in IE11. | |
-|Enabled |2 |2 |Show an additional message with a _Keep going in Microsoft Edge_ link to allow users to open the site in Microsoft Edge. | |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Show message when opening sites in Internet Explorer
-- **GP name:** ShowMessageWhenOpeningSitesInInternetExplorer
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
-- **Value name:** ShowMessageWhenOpeningSitesInInternetExplorer
-- **Value type:** REG_DWORD
-
-### Related policies
-
-- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
-
-- [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11): [!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1607 and later*
+>*Default setting: Disabled or not configured (No additional message)*
+
+
+[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description | Most restricted |
+|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+| Disabled or not configured **(default)** | 0 | 0 | No additional message displays. |  |
+| Enabled | 1 | 1 | Show an additional message stating that a site has opened in IE11. | |
+| Enabled | 2 | 2 | Show an additional message with a *Keep going in Microsoft Edge* link to allow users to open the site in Microsoft Edge. | |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Show message when opening sites in Internet Explorer
+- **GP name:** ShowMessageWhenOpeningSitesInInternetExplorer
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[ShowMessageWhenOpeningSitesInInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-showmessagewhenopeningsitesininternetexplorer)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ShowMessageWhenOpeningSitesInInternetExplorer
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main
+- **Value name:** ShowMessageWhenOpeningSitesInInternetExplorer
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
+
+- [Send all intranet sites to Internet Explorer 11](../available-policies.md#send-all-intranet-sites-to-internet-explorer-11): [!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
+
+
+
diff --git a/browsers/edge/includes/unlock-home-button-include.md b/browsers/edge/includes/unlock-home-button-include.md
index d2c2e44746..c7dae69002 100644
--- a/browsers/edge/includes/unlock-home-button-include.md
+++ b/browsers/edge/includes/unlock-home-button-include.md
@@ -1,48 +1,51 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
->*Supported versions: Microsoft Edge on Windows 10, version 1809*
->*Default setting: Disabled or not configured (Home button is locked)*
-
-[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
-
-### Supported values
-
-|Group Policy |MDM |Registry |Description |
-|---|:---:|:---:|---|
-|Disabled or not configured **(default)** |0 |0 |Locked, preventing users from making changes. |
-|Enabled |1 |1 |Unlocked, letting users make changes. |
----
-
-### ADMX info and settings
-#### ADMX info
-- **GP English name:** Unlock Home Button
-- **GP name:** UnlockHomeButton
-- **GP path:** Windows Components/Microsoft Edge
-- **GP ADMX file name:** MicrosoftEdge.admx
-
-#### MDM settings
-- **MDM name:** Browser/[UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)
-- **Supported devices:** Desktop
-- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UnlockHomeButton
-- **Data type:** Integer
-
-#### Registry settings
-- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
-- **Value name:** UnlockHomeButton
-- **Value type:** REG_DWORD
-
-### Related policies
-
-- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-
-- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
-
-
-
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+>*Supported versions: Microsoft Edge on Windows 10, version 1809*
+>*Default setting: Disabled or not configured (Home button is locked)*
+
+[!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
+
+### Supported values
+
+| Group Policy | MDM | Registry | Description |
+|---------------------------------------------|:---:|:--------:|-----------------------------------------------|
+| Disabled or not configured **(default)** | 0 | 0 | Locked, preventing users from making changes. |
+| Enabled | 1 | 1 | Unlocked, letting users make changes. |
+
+---
+
+### ADMX info and settings
+#### ADMX info
+- **GP English name:** Unlock Home Button
+- **GP name:** UnlockHomeButton
+- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
+
+#### MDM settings
+- **MDM name:** Browser/[UnlockHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton)
+- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/UnlockHomeButton
+- **Data type:** Integer
+
+#### Registry settings
+- **Path:** HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** UnlockHomeButton
+- **Value type:** REG_DWORD
+
+### Related policies
+
+- [Configure Home Button](../available-policies.md#configure-home-button): [!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+
+- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+
+
+
diff --git a/browsers/edge/index.yml b/browsers/edge/index.yml
index 9550d5d1d2..61b851adf2 100644
--- a/browsers/edge/index.yml
+++ b/browsers/edge/index.yml
@@ -2,19 +2,19 @@
documentType: LandingData
-title: Microsoft Edge Group Policy configuration options
+title: Microsoft Edge Legacy Group Policy configuration options
metadata:
document_id:
- title: Microsoft Edge Group Policy configuration options
+ title: Microsoft Edge Group Legacy Policy configuration options
description:
- text: Learn how to deploy and configure group policies in Microsoft Edge on Windows 10. Some of the features coming to Microsoft Edge gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
-
- keywords: Microsoft Edge, Windows 10
+ text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn how to deploy and configure group policies in Microsoft Edge Legacy on Windows 10. Some of the features coming to Microsoft Edge Legacy gives you the ability to set a custom URL for the New Tab page or Home button. Another new feature allows you to hide or show the Favorites bar, giving you more control over the favorites bar.
+
+ keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
@@ -36,7 +36,7 @@ sections:
- type: markdown
- text: Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
+ text: (Note - You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).) Learn about interoperability goals and enterprise guidance along with system requirements, language support and frequently asked questions.
- items:
@@ -92,7 +92,7 @@ sections:
- href: https://docs.microsoft.com/microsoft-edge/deploy/group-policies/interoperability-enterprise-guidance-gp
- html:
Learch how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.
+ html:
Learn how you can use the Enterprise Mode site list for websites and apps that have compatibility problems in Microsoft Edge.
image:
diff --git a/browsers/edge/managing-group-policy-admx-files.md b/browsers/edge/managing-group-policy-admx-files.md
index 2f76d6a665..8b93e0ebc2 100644
--- a/browsers/edge/managing-group-policy-admx-files.md
+++ b/browsers/edge/managing-group-policy-admx-files.md
@@ -2,12 +2,15 @@
title: Managing group policy ADMX files
description: Learn how to centrally administer and incorporate ADMX files when editing the administrative template policy settings inside a local or domain-based Group Policy object.
ms.assetid:
-author: shortpatti
-ms.author: pashort
+ms.reviewer:
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.prod: edge
ms.sitesec: library
ms.localizationpriority: medium
-ms.date: 10/19/2018
+ms.date: 10/19/2018
---
# Managing group policy ADMX files
diff --git a/browsers/edge/microsoft-edge-faq.md b/browsers/edge/microsoft-edge-faq.md
index f989f0e5c8..632905e3cb 100644
--- a/browsers/edge/microsoft-edge-faq.md
+++ b/browsers/edge/microsoft-edge-faq.md
@@ -1,96 +1,58 @@
---
-title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros
+title: Microsoft Edge - Frequently Asked Questions (FAQs) for IT Pros
+ms.reviewer:
+audience: itpro
+manager: dansimp
description: Answers to frequently asked questions about Microsoft Edge features, integration, support, and potential problems.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.prod: edge
-ms.topic: reference
+ms.topic: article
ms.mktglfcycl: general
ms.sitesec: library
ms.localizationpriority: medium
-ms.date: 11/05/2018
---
# Frequently Asked Questions (FAQs) for IT Pros
>Applies to: Microsoft Edge on Windows 10 and Windows 10 Mobile
-**Q: Why is the Sync settings option under Settings \> Accounts \> Sync your settings permanently disabled?
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
-**A:** In the Windows 10 Anniversary Update, domain-joined users who connected their Microsoft Account (MSA) could roam settings and data between Windows devices. A group policy to prevent users from connecting their MSAs exists, but this setting also prevents users from easily accessing their personal Microsoft services. Enterprises can still enable Enterprise State Roaming with Azure Active Directory.
+## How can I get the next major version of Microsoft Edge, based on Chromium?
+In December 2018, Microsoft [announced](https://blogs.windows.com/windowsexperience/2018/12/06/microsoft-edge-making-the-web-better-through-more-open-source-collaboration/#8jv53blDvL6TIKuS.97) our intention to adopt the Chromium open source project in the development of Microsoft Edge on the desktop, to create better web compatibility for our customers and less fragmentation of the web for all web developers. You can get more information at the [Microsoft Edge Insiders site](https://www.microsoftedgeinsider.com/).
->In a nutshell, any fresh install of Windows 10 Creators Update or higher does not support funtionality if it's under an Active Directory, but works for Azure Active Directory.
+## What’s the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?
+Microsoft Edge is the default browser for all Windows 10 devices. It’s built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](emie-to-improve-compatibility.md) to automatically send users to Internet Explorer 11.
-**Q: What is the size of the local storage for Microsoft Edge overall and per domain?**
+For more information on how Internet Explorer and Microsoft Edge work together to support your legacy web apps, while still defaulting to the higher security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97).
-**A:** The limits are 5MB per subdomain, 10MB per domain, and 50MB total.
+## Does Microsoft Edge work with Enterprise Mode?
+[Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) helps you run many legacy web applications with better backward compatibility. You can configure both Microsoft Edge and Internet Explorer to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps.
-**Q: What is the difference between Microsoft Edge and Internet Explorer 11? How do I know which one to use?**
+## How do I customize Microsoft Edge and related settings for my organization?
+You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/) for a list of policies currently available for Microsoft Edge and configuration information. Note that the preview release of Chromium-based Microsoft Edge might not include management policies or other enterprise functionality; our focus during the preview is modern browser fundamentals.
-**A:** Microsoft Edge is the default browser for all Windows 10 devices. It is built to be highly compatible with the modern web. For some enterprise web apps and a small set of sites on the web that were built to work with older technologies like ActiveX, [you can use Enterprise Mode](https://docs.microsoft.com/microsoft-edge/deploy/emie-to-improve-compatibility) to automatically send users to Internet Explorer 11 for those sites.
+## Is Adobe Flash supported in Microsoft Edge?
+Adobe Flash is currently supported as a built-in feature of Microsoft Edge on PCs running Windows 10. In July 2017, Adobe announced that Flash support will end after 2020. With this change to Adobe support, we’ve started to phase Flash out of Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting group policy](https://docs.microsoft.com/microsoft-edge/deploy/available-policies#configure-the-adobe-flash-click-to-run-setting) - this lets you control which websites can run Adobe Flash content.
-For more information on how Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge, see [Legacy apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#RAbtRvJSYFaKu2BI.97).
+To learn more about Microsoft’s plan for phasing Flash out of Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash](https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
-**Q: Does Microsoft Edge work with Enterprise Mode?**
+## Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?
+No. Microsoft Edge doesn’t support ActiveX controls and BHOs like Silverlight or Java. If you’re running web apps that use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and standards support.
-**A:** [Enterprise Mode](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11) offers better backward compatibility and enables customers to run many legacy web applications. Microsoft Edge and Internet Explorer can be configured to use the same Enterprise Mode Site List, switching seamlessly between browsers to support both modern and legacy web apps.
+## How often will Microsoft Edge be updated?
+In Windows 10, we’re delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, while bigger feature updates are included in the Windows 10 releases on a semi-annual cadence.
+## How can I provide feedback on Microsoft Edge?
+Microsoft Edge is an evergreen browser - we’ll continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar.
-**Q: I have Windows 10, but I don’t seem to have Microsoft Edge. Why?**
+## Will Internet Explorer 11 continue to receive updates?
+We’re committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it’s installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
-**A:** Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016 and Windows Server 2019, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality and can't be supported on systems running LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
-
-**Q: How do I get the latest Canary/Beta/Preview version of Microsoft Edge?**
-
-**A:** You can access the latest preview version of Microsoft Edge by updating to the latest Windows 10 preview via the [Windows Insider Program](https://insider.windows.com/). To run the preview version of Microsoft Edge on a stable version of Windows 10 (or any other OS), you can download a [Virtual Machine](https://developer.microsoft.com/microsoft-edge/tools/vms/windows/) that we provide or use the upcoming RemoteEdge service.
-
-**Q: How do I customize Microsoft Edge and related settings for my organization?**
-
-**A:** You can use Group Policy or Microsoft Intune to manage settings related to Microsoft Edge, such as security settings, folder redirection, and preferences. See [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/group-policies/index) for a list of available policies for Microsoft Edge and configuration combinations.
-
-**Q: Is Adobe Flash supported in Microsoft Edge?**
-
-**A:** Currently, Adobe Flash is supported as a built-in feature of Microsoft Edge on devices running the desktop version of Windows 10. In July 2017, Adobe announced that Flash will no longer be supported after 2020. With Adobe no longer supporting Flash after 2020, Microsoft has started to phase out Flash from Microsoft Edge by adding the [Configure the Adobe Flash Click-to-Run setting](available-policies.md#configure-the-adobe-flash-click-to-run-setting) group policy giving you a way to control the list of websites that have permission to run Adobe Flash content.
-
-
-
-To learn more about Microsoft’s plan for phasing out Flash from Microsoft Edge and Internet Explorer, see [The End of an Era — Next Steps for Adobe Flash]( https://blogs.windows.com/msedgedev/2017/07/25/flash-on-windows-timeline/#3Bcc3QjRw0l7XsZ4.97) (blog article).
-
-
-**Q: Does Microsoft Edge support ActiveX controls or BHOs like Silverlight or Java?**
-
-**A:** No. Microsoft Edge does not support ActiveX controls and BHOs such as Silverlight or Java. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
-
-
-**Q: How often will Microsoft Edge be updated?**
-
-**A:** In Windows 10, we are delivering Windows as a service, updated on a cadence driven by quality and the availability of new features. Microsoft Edge security updates are released every two to four weeks, and the bigger feature updates are currently pushed out with the Windows 10 releases on a semi-annual cadence.
-
-**Q: How can I provide feedback on Microsoft Edge?**
-
-**A:** Microsoft Edge is an evergreen browser and we will continue to evolve both the web platform and the user interface with regular updates. To send feedback on user experience, or on broken or malicious sites, you can use the **Send Feedback** option under the ellipses icon (**...**) in the Microsoft Edge toolbar. You can also provide feedback through the [Microsoft Edge Dev Twitter](https://twitter.com/MSEdgeDev) account.
-
-**Q: Will Internet Explorer 11 continue to receive updates?**
-
-**A:** We will continue to deliver security updates to Internet Explorer 11 through its supported lifespan. To ensure consistent behavior across Windows versions, we will evaluate Internet Explorer 11 bugs for servicing on a case by case basis. The latest features and platform updates will only be available in Microsoft Edge.
-
-**Q: I loaded a web page and Microsoft Edge sent me to Internet Explorer - what happened?**
-
-**A:** In some cases, Internet Explorer loads automatically for sites that still rely on legacy technologies such as ActiveX. For more information, read [Legacy web apps in the enterprise](https://blogs.windows.com/msedgedev/2017/04/07/legacy-web-apps-enterprise/#uHpbs94kAaVsU1qB.97).
-
-**Q: Why is Do Not Track (DNT) off by default in Microsoft Edge?**
-
-**A:** When Microsoft first set the Do Not Track setting to “On” by default in Internet Explorer 10, industry standards had not yet been established. We are now making this default change as the World Wide Web Consortium (W3C) formalizes industry standards to recommend that default settings allow customers to actively indicate whether they want to enable DNT. As a result, DNT will not be enabled by default in upcoming versions of Microsoft’s browsers, but we will provide customers with clear information on how to turn this feature on in the browser settings should you wish to do so.
-
-**Q: How do I find out what version of Microsoft Edge I have?**
-
-**A:** Open Microsoft Edge. In the upper right corner click the ellipses icon (**…**), and then click **Settings**. Look in the **About this app** section to find your version.
-
-**Q: What is Microsoft EdgeHTML?**
-
-**A:** Microsoft EdgeHTML is the new web rendering engine that powers the Microsoft Edge web browser and Windows 10 web app platform, and that helps web developers build and maintain a consistent site across all modern browsers. The Microsoft EdgeHTML engine also helps to defend against hacking through support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks, and support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant), which helps ensure that connections to important sites, such as to your bank, are always secured.
-
-**Q: Will Windows 7 or Windows 8.1 users get Microsoft Edge or the new Microsoft EdgeHTML rendering engine?**
-
-**A:** No. Microsoft Edge has been designed and built to showcase Windows 10 features like Cortana, and is built on top of the Universal Windows Platform.
+## How do I find out what version of Microsoft Edge I have?
+In the upper right corner of Microsoft Edge, click the ellipses icon (**...**), and then click **Settings**. Look in the **About Microsoft Edge** section to find your version.
+## What is Microsoft EdgeHTML?
+Microsoft EdgeHTML is the web rendering engine that powers the current Microsoft Edge web browser and Windows 10 web app platform. (As opposed to *Microsoft Edge, based on Chromium*.)
diff --git a/browsers/edge/microsoft-edge-forrester.md b/browsers/edge/microsoft-edge-forrester.md
index 46e097832b..23c3505440 100644
--- a/browsers/edge/microsoft-edge-forrester.md
+++ b/browsers/edge/microsoft-edge-forrester.md
@@ -1,10 +1,13 @@
---
title: Forrester Total Economic Impact - Microsoft Edge
+ms.reviewer:
+audience: itpro
+manager: dansimp
description: Review the results of the Microsoft Edge study carried out by Forrester Research
ms.prod: edge
ms.topic: article
-author: lizap
-ms.author: elizapo
+author: dansimp
+ms.author: dansimp
ms.localizationpriority: high
---
# Measuring the impact of Microsoft Edge - Total Economic Impact (TEI) of Microsoft Edge
@@ -14,7 +17,7 @@ Forrester Research measures the return on investment (ROI) of Microsoft Edge in
## Forrester report video summary
View a brief overview of the Forrester TEI case study that Microsoft commissioned to examine the value your organization can achieve by utilizing Microsoft Edge:
->![VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE26zQm]
+> ![VIDEO ]
## Forrester Study report
@@ -31,4 +34,4 @@ Get a graphical summary of the TEI of Microsoft Edge Forrester Study report and
Forrester surveyed 168 customers using Microsoft Edge form the US, Germany, UK, and Japan, ranging in size from 500 to over 100,000 employees. This document is an abridged version of this survey commissioned by Microsoft and delivery by Forrester consulting.
-[Download the survey infographic](https://www.microsoft.com/download/details.aspx?id=53892)
\ No newline at end of file
+[Download the survey infographic](https://www.microsoft.com/download/details.aspx?id=53892)
diff --git a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
index 81e06a0a9d..c4141688d8 100644
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@@ -1,24 +1,34 @@
---
-title: Deploy Microsoft Edge kiosk mode
-description: Microsoft Edge kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge kiosk mode, you must configure Microsoft Edge as an application in assigned access.
+title: Deploy Microsoft Edge Legacy kiosk mode
+description: Microsoft Edge Legacy kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge Legacy kiosk mode, you must configure Microsoft Edge Legacy as an application in assigned access.
ms.assetid:
-author: shortpatti
-ms.author: pashort
+ms.reviewer:
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.prod: edge
ms.sitesec: library
-ms.topic: get-started-article
+ms.topic: article
ms.localizationpriority: medium
-ms.date: 10/29/2018
+ms.date: 01/17/2020
---
-# Deploy Microsoft Edge kiosk mode
+# Deploy Microsoft Edge Legacy kiosk mode
->Applies to: Microsoft Edge on Windows 10, version 1809
->Professional, Enterprise, and Education
+>Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later
+>Professional, Enterprise, and Education
-In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge in kiosk mode.
+> [!NOTE]
+> You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-kiosk-mode).
-In this topic, you learn how to configure the behavior of Microsoft Edge when it's running in kiosk mode with assigned access. You also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or other MDM service.
+In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk. Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.
+
+In this topic, you'll learn:
+
+- How to configure the behavior of Microsoft Edge Legacy when it's running in kiosk mode with assigned access.
+- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.
+- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service.
At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app. You also find instructions on how to provide us feedback or get support.
@@ -27,7 +37,7 @@ At the end of this topic, you can find a list of [supported policies](#supported
>**Policy** = Configure kiosk mode (ConfigureKioskMode)
-Microsoft Edge kiosk mode supports four configurations types that depend on how Microsoft Edge is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
+Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
- Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image)
@@ -38,15 +48,17 @@ Microsoft Edge kiosk mode supports four configurations types that depend on how
- Learn about configuring a more secure kiosk experience: [Other settings to lock down](https://docs.microsoft.com/windows/configuration/setup-kiosk-digital-signage#other-settings-to-lock-down).
-### Important things to remember before getting started
+### Important things to note before getting started
-- The public browsing kiosk types run Microsoft Edge InPrivate mode to protect user data with a browsing experience designed for public kiosks.
+- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device.
-- Microsoft Edge kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
+- The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks.
+
+- Microsoft Edge Legacy kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge Legacy resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
- Optionally, you can define a single URL for the Home button, Start page, and New Tab page. See [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode) to learn more.
-- No matter which configuration type you choose, you must set up Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).
Learn more about assigned access:
+- No matter which configuration type you choose, you must set up Microsoft Edge Legacy in assigned access; otherwise, Microsoft Edge Legacy ignores the settings in this policy (Configure kiosk mode/ConfigureKioskMode).
Learn more about assigned access:
- [Configure kiosk and shared devices running Windows desktop editions](https://aka.ms/E489vw).
@@ -59,46 +71,58 @@ Microsoft Edge kiosk mode supports four configurations types that depend on how
[!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)]
-## Set up Microsoft Edge kiosk mode
+## Set up Microsoft Edge Legacy kiosk mode
-Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge kiosk mode:
+Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge Legacy kiosk mode:
- **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device. For a multi-app kiosk device, use Microsoft Intune or other MDM service.
-- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
+- **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
### Prerequisites
-- Microsoft Edge on Windows 10, version 1809 (Professional, Enterprise, and Education).
+- Microsoft Edge Legacy on Windows 10, version 1809 (Professional, Enterprise, and Education).
+
+- See [Setup required for Microsoft Edge Legacy kiosk mode](#setup-required-for-microsoft-edge-legacy-kiosk-mode).
- URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page.
-- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge:
+- _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge Legacy:
```
Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
```
+### Setup required for Microsoft Edge Legacy kiosk mode
+
+When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge.
+
+To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take one of the following actions:
+
+- If you plan to install Microsoft Edge Stable channel, want to allow it to be installed, or it is already installed on your kiosk device set the Microsoft Edge [Allow Microsoft Edge Side by Side browser experience](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#allowsxs) policy to **Enabled**.
+- To prevent Microsoft Edge Stable channel from being installed on your kiosk devices deploy the Microsoft Edge [Allow installation default](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#installdefault) policy for Stable channel or consider using the [Blocker toolkit](https://docs.microsoft.com/DeployEdge/microsoft-edge-blocker-toolkit) to disable automatic delivery of Microsoft Edge.
+
+> [!NOTE]
+> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).
### Use Windows Settings
Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.
-
1. On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**.
2. On the **Set up a kiosk** page, click **Get started**.
3. Type a name to create a new kiosk account, or choose an existing account from the populated list and click **Next**.
-4. On the **Choose a kiosk app** page, select **Microsoft Edge** and then click **Next**.
+4. On the **Choose a kiosk app** page, select **Microsoft Edge Legacy** and then click **Next**.
-5. Select how Microsoft Edge displays when running in kiosk mode:
+5. Select how Microsoft Edge Legacy displays when running in kiosk mode:
- - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge InPrivate protecting user data.
+ - **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.
- - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge, protecting user data.
+ - **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.
6. Select **Next**.
@@ -118,42 +142,42 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
- User your new kiosk device.
OR
-- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge**.
+- Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge Legacy**.
---
### Use Microsoft Intune or other MDM service
-With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
+With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge Legacy kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
>[!IMPORTANT]
>If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
-2. Configure the following MDM settings to setup Microsoft Edge kiosk mode on the kiosk device and then restart the device.
+2. Configure the following MDM settings to setup Microsoft Edge Legacy kiosk mode on the kiosk device and then restart the device.
| | |
|---|---|
- | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**
 | Configure the display mode for Microsoft Edge as a kiosk app.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
**Data type:** Integer
**Allowed values:**
**Single-app kiosk experience**
**0** - Digital signage and interactive display
**1** - InPrivate Public browsing
**Multi-app kiosk experience**
**0** - Normal Microsoft Edge running in assigned access
 | Change the time in minutes from the last user activity before Microsoft Edge kiosk mode resets the user's session.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
**Data type:** Integer
**Allowed values:**
**0** - No idle timer
**1-1440 (5 minutes is the default)** - Set reset on idle timer
 | Set one or more start pages, URLs, to load when Microsoft Edge launches.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
**Data type:** String
**Allowed values:**
Enter one or more URLs, for example, \\ |
+ | **[ConfigureKioskMode](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode)**
 | Configure the display mode for Microsoft Edge Legacy as a kiosk app.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskMode
**Data type:** Integer
**Allowed values:**
**Single-app kiosk experience**
**0** - Digital signage and interactive display
**1** - InPrivate Public browsing
**Multi-app kiosk experience**
**0** - Normal Microsoft Edge Legacy running in assigned access
 | Change the time in minutes from the last user activity before Microsoft Edge Legacy kiosk mode resets the user's session.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureKioskResetAfterIdleTimeout
**Data type:** Integer
**Allowed values:**
**0** - No idle timer
**1-1440 (5 minutes is the default)** - Set reset on idle timer
 | Set one or more start pages, URLs, to load when Microsoft Edge Legacy launches.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/HomePages
**Data type:** String
**Allowed values:**
Enter one or more URLs, for example, \\ |
| **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**
 | Configure how the Home Button behaves.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
**Data type:** Integer
**Allowed values:**
**0 (default)** - Not configured. Show home button, and load the default Start page.
**1** - Enabled. Show home button and load New Tab page
**2** - Enabled. Show home button & set a specific page.
 | If you set ConfigureHomeButton to 2, configure the home button URL.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL
**Data type:** String
**Allowed values:** Enter a URL, for example, https://www.bing.com |
| **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**
 | Set a custom URL for the New Tab page.
**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL
**Data type:** String
**Allowed values:** Enter a URL, for example, https://www.msn.com |
-**_Congratulations!_**
You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge kiosk mode using Microsoft Intune or other MDM service.
+**_Congratulations!_**
You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.
-**_What's next?_**
Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge kiosk mode.
+**_What's next?_**
Now it's time to use your new kiosk device. Sign into the device with the kiosk account selected to run Microsoft Edge Legacy kiosk mode.
---
## Supported policies for kiosk mode
-Use any of the Microsoft Edge policies listed below to enhance the kiosk experience depending on the Microsoft Edge kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
+Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
Make sure to check with your provider for instructions.
@@ -230,34 +254,32 @@ Make sure to check with your provider for instructions.
---
## Feature comparison of kiosk mode and kiosk browser app
-In the following table, we show you the features available in both Microsoft Edge kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
-| **Feature** | **Microsoft Edge kiosk mode** | **Microsoft Kiosk browser app** |
-|---------------|:----------------:|:---------------:|
-| Print support |  |  |
-| Multi-tab support |  |  |
-| Allow/Block URL support | 
*\*For Microsoft Edge kiosk mode use* Windows Defender Firewall*. Microsoft kiosk browser has custom policy support.* |  |
-| Configure Home Button |  |  |
-| Set Start page(s) URL |  | 
*Same as Home button URL* |
-| Set New Tab page URL |  |  |
-| Favorites management |  |  |
-| End session button |  | 
*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* |
-| Reset on inactivity |  |  |
-| Internet Explorer integration (Enterprise Mode site list) | 
*Multi-app mode only* |  |
-| Available in Microsoft Store |  |  |
-|SKU availability | Windows 10 October 2018 Update Professional, Enterprise, and Education | Windows 10 April 2018 Update Professional, Enterprise, and Education |
+In the following table, we show you the features available in both Microsoft Edge Legacy kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
+| **Feature** | **Microsoft Edge Legacy kiosk mode** | **Microsoft Kiosk browser app** |
+|-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
+| Print support |  |  |
+| Multi-tab support |  |  |
+| Allow/Block URL support |   |
+| Configure Home Button |  |  |
+| Set Start page(s) URL |  | 
*Same as Home button URL* |
+| Set New Tab page URL |  |  |
+| Favorites management |  |  |
+| End session button |  | 
*In Microsoft Intune, you must create a custom URI to enable. Dedicated UI configuration introduced in version 1808.* |
+| Reset on inactivity |  |  |
+| Internet Explorer integration (Enterprise Mode site list) | 
*Multi-app mode only* |  |
+| Available in Microsoft Store |  |  |
+| SKU availability | Windows 10 October 2018 Update Professional, Enterprise, and Education | Windows 10 April 2018 Update Professional, Enterprise, and Education |
+
**\*Windows Defender Firewall**
-To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both. For more details, see [Windows Defender Firewall with Advanced Security Deployment](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
+To prevent access to unwanted websites on your kiosk device, use Windows Defender Firewall to configure a list of allowed websites, blocked websites or both, using IP addresses. For more details, see [Windows Defender Firewall with Advanced Security Deployment Guide](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide).
---
## Provide feedback or get support
-To provide feedback on Microsoft Edge kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
+To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
**_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
-
-
-
diff --git a/browsers/edge/microsoft-edge.yml b/browsers/edge/microsoft-edge.yml
index 1d5723ae94..5c105dcdc2 100644
--- a/browsers/edge/microsoft-edge.yml
+++ b/browsers/edge/microsoft-edge.yml
@@ -33,14 +33,14 @@ sections:
- type: markdown
text: "
Even if you still have legacy apps in your organization, you can default to the secure, modern experience of Microsoft Edge and provide a consistent level of compatibility with existing legacy applications.
-
**Web Application Compatibility Lab Kit** The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. Find out more
**Web Application Compatibility Lab Kit** The Web Application Compatibility Lab Kit is a primer for the features and techniques used to provide web application compatibility during a typical enterprise migration to Microsoft Edge. Find out more
"
- title: Security
- items:
- type: markdown
text: "
- Microsoft Edge uses Windows Hello and SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
+ Microsoft Edge uses Windows Hello and Windows Defender SmartScreen to defend against phishing and malware. Take a look at some of the additional features behind the strong defense that Microsoft Edge provides against web-based attacks.
**NSS Labs web browser security reports** See the results of two global tests measuring how effective browsers are at protecting against socially engineered malware and phishing attacks. Download the reports
**Microsoft Edge sandbox** See how Microsoft Edge has significantly reduced the attack surface of the sandbox by configuring the app container to further reduce its privilege. Find out more
**Windows Defender SmartScreen** Manage your organization's computer settings with Group Policy and MDM settings to display a warning page to employees or block a site entirely. Read the docs
"
diff --git a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
index 7eb5da6bd4..ecfa4c5ca0 100644
--- a/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-a-shared-books-folder-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account.
\ No newline at end of file
+Microsoft Edge does not use a shared folder by default but downloads book files to a per-user folder for each user. With this policy, you can configure Microsoft Edge to store books from the Books Library to a default, shared folder in Windows, which decreases the amount of storage used by book files. When you enable this policy, Microsoft Edge downloads books to a shared folder after user action to download the book to their device, which allows them to remove downloaded books at any time. For this policy to work correctly, you must also enable the **Allow a Windows app to share application data between users** group policy. Also, the users must be signed in with a school or work account.
diff --git a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
index d970c98301..116864a49f 100644
--- a/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-address-bar-drop-down-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
\ No newline at end of file
+Microsoft Edge shows the Address bar drop-down list and makes it available by default, which takes precedence over the Configure search suggestions in Address bar policy. We recommend disabling this policy if you want to minimize network connections from Microsoft Edge to Microsoft service, which hides the functionality of the Address bar drop-down list. When you disable this policy, Microsoft Edge also disables the _Show search and site suggestions as I type_ toggle in Settings.
diff --git a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
index a06ece3f82..dca6cf6233 100644
--- a/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.
\ No newline at end of file
+Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.
diff --git a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
index 75e6fa71ed..af3d4fefef 100644
--- a/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.
\ No newline at end of file
+Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings. Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.
diff --git a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
index 69f981f0d4..40a927c882 100644
--- a/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.
\ No newline at end of file
+Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.
diff --git a/browsers/edge/shortdesc/allow-cortana-shortdesc.md b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
index cc694ab73b..fbfa0f13b0 100644
--- a/browsers/edge/shortdesc/allow-cortana-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-cortana-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.
\ No newline at end of file
+Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.
diff --git a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
index ef095e5733..9d134d4a38 100644
--- a/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-developer-tools-shortdesc.md
@@ -1,9 +1,12 @@
---
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: edge
-ms:topic: include
+ms.topic: include
---
-Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.
\ No newline at end of file
+Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.
diff --git a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
index 1bbf337754..9d39c7e091 100644
--- a/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.
diff --git a/browsers/edge/shortdesc/allow-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
index 41849af3ef..ca5e422178 100644
--- a/browsers/edge/shortdesc/allow-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-extensions-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.
diff --git a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
index 6f37d4a659..1aca979b7e 100644
--- a/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge.
diff --git a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
index 0171d9c8a5..4e15608ff7 100644
--- a/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device. With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.
diff --git a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
index 769d1ee379..46d2b5f57e 100644
--- a/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates. With this policy, you can configure Microsoft Edge to ignore the compatibility list. You can view the compatibility list at about:compat.
diff --git a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
index 3d939db8c0..fcaf11e3ef 100644
--- a/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-prelaunch-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user. Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.
diff --git a/browsers/edge/shortdesc/allow-printing-shortdesc.md b/browsers/edge/shortdesc/allow-printing-shortdesc.md
index b9e4cf691f..f03766176c 100644
--- a/browsers/edge/shortdesc/allow-printing-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-printing-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content.
diff --git a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
index e37a1e9bfc..9acffb1e18 100644
--- a/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-saving-history-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane. Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.
diff --git a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
index e94443a99b..4992a19eab 100644
--- a/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge.
diff --git a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
index e9e9fd0512..e16dbdc2db 100644
--- a/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions. Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell. You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).
diff --git a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
index b276822d74..783d8517ed 100644
--- a/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab. With this policy, you can configure Microsoft Edge to prevent preloading of tabs.
diff --git a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
index a056b0a737..eb2a40f269 100644
--- a/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 11/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 11/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it.
diff --git a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
index 86ac25c632..51e769d22c 100644
--- a/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
+++ b/browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.
diff --git a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
index a91b389923..264f64a898 100644
--- a/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
+++ b/browsers/edge/shortdesc/always-show-books-library-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.
diff --git a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
index 39961b4f01..f4a61c024c 100644
--- a/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.
diff --git a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
index d0be48cb2b..0f73c32d5f 100644
--- a/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button. Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.
diff --git a/browsers/edge/shortdesc/configure-autofill-shortdesc.md b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
index 1688989ef7..94441080d8 100644
--- a/browsers/edge/shortdesc/configure-autofill-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-autofill-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.
diff --git a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
index 32abbdf60a..75a3631a95 100644
--- a/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default. With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.
diff --git a/browsers/edge/shortdesc/configure-cookies-shortdesc.md b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
index ea5cb7e557..93152d2e3d 100644
--- a/browsers/edge/shortdesc/configure-cookies-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-cookies-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows all cookies from all websites by default. With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies.
diff --git a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
index f9de9cd2ec..dd27fad917 100644
--- a/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-do-not-track-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.
diff --git a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
index fd49f0e0c9..d13febee60 100644
--- a/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode.
diff --git a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
index 0303f69e10..8f16c20242 100644
--- a/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.
diff --git a/browsers/edge/shortdesc/configure-favorites-shortdesc.md b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
index ae90afc8af..9317df97f3 100644
--- a/browsers/edge/shortdesc/configure-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-favorites-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Discontinued in Windows 10, version 1809. Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead.
diff --git a/browsers/edge/shortdesc/configure-home-button-shortdesc.md b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
index 7a0260f8ea..c02a0dcee9 100644
--- a/browsers/edge/shortdesc/configure-home-button-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-home-button-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button.
diff --git a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
index ea135db692..0247b490e6 100644
--- a/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge.
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge.
diff --git a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
index 3bcba1b944..3a7657e544 100644
--- a/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.
diff --git a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
index 5bf099b3ca..8d1cc4f603 100644
--- a/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.
diff --git a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
index 0f77b004ba..0d3bd9b655 100644
--- a/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-password-manager-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager.
diff --git a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
index 18d5e9bf38..d15347179d 100644
--- a/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md
@@ -1,10 +1,12 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
-
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy.
+
diff --git a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
index f9e057b6a5..2bdf42c6d3 100644
--- a/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to see search suggestions in the Address bar of Microsoft Edge. Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.
diff --git a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
index f9b5185f3d..146511b737 100644
--- a/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-start-pages-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the pages specified in App settings as the default Start pages. With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes.
diff --git a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
index 58dfd6be9a..62547e8955 100644
--- a/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
+++ b/browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns off Windows Defender SmartScreen and prevent users from turning it on. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default. Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off. Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off.
diff --git a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
index e0c635c0c7..37ff4011ad 100644
--- a/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
+++ b/browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.
diff --git a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
index 93ecd60efe..f0cb07d514 100644
--- a/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
+++ b/browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes. The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.
diff --git a/browsers/edge/shortdesc/do-not-sync-shortdesc.md b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
index 5902fb6656..f61cc11548 100644
--- a/browsers/edge/shortdesc/do-not-sync-shortdesc.md
+++ b/browsers/edge/shortdesc/do-not-sync-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option.
diff --git a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
index 981ef9d876..3bd062d263 100644
--- a/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
+++ b/browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge. Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites.
diff --git a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
index efc6fc71a1..91065aa687 100644
--- a/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
+++ b/browsers/edge/shortdesc/microsoft-browser-extension-policy-shortdesc.md
@@ -1,10 +1,12 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-[Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy):
-This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+[Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy):
+This document describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer or the content displayed by these browsers. Any technique not explicitly listed in this document is considered **unsupported**.
diff --git a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
index 518f94bdea..5bf46ea949 100644
--- a/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
index 6330b51213..3676adbc89 100644
--- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).
diff --git a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
index d5eaea4a31..05bae5dac6 100644
--- a/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.
diff --git a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
index 156b1bb385..675180c666 100644
--- a/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.
diff --git a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
index 78c77baf42..33db87a522 100644
--- a/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
diff --git a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
index 87d3b927ed..30d9a48e8d 100644
--- a/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.
diff --git a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
index af24d3583b..9ed6170971 100644
--- a/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.
diff --git a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
index 7875990600..7264330137 100644
--- a/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.
diff --git a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
index daa02c5729..e624de62e6 100644
--- a/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.
diff --git a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
index 4ba3bff11a..5ef4bbdeca 100644
--- a/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
+++ b/browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses.
diff --git a/browsers/edge/shortdesc/provision-favorites-shortdesc.md b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
index e2ed5da50f..30b9677f92 100644
--- a/browsers/edge/shortdesc/provision-favorites-shortdesc.md
+++ b/browsers/edge/shortdesc/provision-favorites-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured.
diff --git a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
index 454549bffe..8f54c4b93a 100644
--- a/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
+++ b/browsers/edge/shortdesc/search-provider-discovery-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.
diff --git a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
index 79dfd220c1..787f96dd9b 100644
--- a/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
+++ b/browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, all websites, including intranet sites, open in Microsoft Edge automatically. Only enable this policy if there are known compatibility problems with Microsoft Edge. Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.
diff --git a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
index c9d57f2140..39b408d1b4 100644
--- a/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
+++ b/browsers/edge/shortdesc/set-default-search-engine-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.
diff --git a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
index 98fcc7aef2..863cfdf84a 100644
--- a/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
+++ b/browsers/edge/shortdesc/set-home-button-url-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.
diff --git a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
index 9f27db97ce..5062d322e4 100644
--- a/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
+++ b/browsers/edge/shortdesc/set-new-tab-url-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it. When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank.
diff --git a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
index a15e780afe..1dc59094fd 100644
--- a/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
+++ b/browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md
@@ -1,8 +1,10 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge. If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.
diff --git a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
index d412d67e72..0dd37009b6 100644
--- a/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
+++ b/browsers/edge/shortdesc/unlock-home-button-shortdesc.md
@@ -1,9 +1,11 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
\ No newline at end of file
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings. When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies.
diff --git a/browsers/edge/troubleshooting-microsoft-edge.md b/browsers/edge/troubleshooting-microsoft-edge.md
index 3f3707624b..3c50d4d50e 100644
--- a/browsers/edge/troubleshooting-microsoft-edge.md
+++ b/browsers/edge/troubleshooting-microsoft-edge.md
@@ -2,13 +2,16 @@
title: Troubleshoot Microsoft Edge
description:
ms.assetid:
-author: shortpatti
-ms.author: pashort
+ms.reviewer:
+audience: itpro
+manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.prod: edge
ms.sitesec: library
title: Deploy Microsoft Edge kiosk mode
ms.localizationpriority: medium
-ms.date: 10/15/2018
+ms.date: 10/15/2018
---
# Troubleshoot Microsoft Edge
@@ -32,4 +35,4 @@ If you want to deliver applications to users via Citrix through Microsoft Edge,
## Missing SettingSync.admx and SettingSync.adml files
-Make sure to [download](https://www.microsoft.com/en-us/download/windows.aspx) the latest templates to C:\windows\policydefinitions\.
\ No newline at end of file
+Make sure to [download](https://www.microsoft.com/download/windows.aspx) the latest templates to C:\windows\policydefinitions\.
diff --git a/browsers/edge/use-powershell-to manage-group-policy.md b/browsers/edge/use-powershell-to manage-group-policy.md
index b4a16608e7..58a6b06b27 100644
--- a/browsers/edge/use-powershell-to manage-group-policy.md
+++ b/browsers/edge/use-powershell-to manage-group-policy.md
@@ -8,8 +8,11 @@ ms.pagetype: security
title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
ms.localizationpriority: medium
ms.date: 10/02/2018
-ms.author: pashort
-author: shortpatti
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
---
# Use Windows PowerShell to manage group policy
diff --git a/browsers/edge/web-app-compat-toolkit.md b/browsers/edge/web-app-compat-toolkit.md
index f2742ca22d..8ec157e607 100644
--- a/browsers/edge/web-app-compat-toolkit.md
+++ b/browsers/edge/web-app-compat-toolkit.md
@@ -1,11 +1,14 @@
---
-title: Web Application Compatibility lab kit
+title: Web Application Compatibility lab kit
+ms.reviewer:
+audience: itpro
+manager: dansimp
description: Learn how to use the web application compatibility toolkit for Microsoft Edge.
ms.prod: edge
ms.topic: article
-ms.manager: elizapo
-author: lizap
-ms.author: elizapo
+ms.manager: dansimp
+author: dansimp
+ms.author: dansimp
ms.localizationpriority: high
---
@@ -52,4 +55,4 @@ The Web Application Compatibility Lab Kit is also available in the following lan
[DOWNLOAD THE LAB KIT](https://www.microsoft.com/evalcenter/evaluate-windows-10-web-application-compatibility-lab)
>[!TIP]
->Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space.
\ No newline at end of file
+>Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space.
diff --git a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
index 808a874dba..08d914e629 100644
--- a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to add employees to the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Add employees to the Enterprise Mode Site List Portal
@@ -62,4 +65,4 @@ The available roles are:
2. Save the EnterpriseModeUsersList.xlsx file.
- The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
\ No newline at end of file
+ The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 877885d8e6..39adf2816d 100644
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 4cdf9fe53e..b4da3f64f5 100644
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 10/24/2017
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 49b19fe506..55b2dcd28a 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 59729cbde1..c1a7aee9b8 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md
index 6adfc06b58..d92810ceb5 100644
--- a/browsers/enterprise-mode/administrative-templates-and-ie11.md
+++ b/browsers/enterprise-mode/administrative-templates-and-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Administrative templates and Internet Explorer 11
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
index d6f1772b59..fd58f63df5 100644
--- a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Approve a change request using the Enterprise Mode Site List Portal
@@ -56,4 +59,4 @@ The original Requester, the Approver(s) group, and the Administrator(s) group ca
## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
\ No newline at end of file
+After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
index 417dc77cad..7696eedaca 100644
--- a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -2,12 +2,14 @@
title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
+ms.reviewer:
+manager: dansimp
ms.prod: ie11
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
-author: jdeckerms
-ms.author: dougkim
+author: dansimp
+ms.author: dansimp
ms.date: 08/14/2017
ms.localizationpriority: low
---
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
index 5329325698..4fc4fb1ecc 100644
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -2,9 +2,12 @@
ms.localizationpriority: low
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Collect data using Enterprise Site Discovery
ms.sitesec: library
ms.date: 07/27/2017
@@ -45,7 +48,7 @@ Before you start, you need to make sure you have the following:
- IETelemetry.mof file
- - Sample System Center 2012 report templates
+ - Sample Configuration Manager report templates
You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
@@ -144,18 +147,18 @@ You need to set up your computers for data collection by running the provided Po
**To set up Enterprise Site Discovery**
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
**To set up your firewall**
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3. Restart your computer to start collecting your WMI data.
+3. Restart your computer to start collecting your WMI data.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
@@ -168,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
**To set up data collection using a domain allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important** Wildcards, like \*.microsoft.com, aren’t supported.
**To set up data collection using a zone allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important** Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
@@ -444,7 +447,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov
**To stop collecting data, using PowerShell**
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
+- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
>**Note** Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
index 290b39d09d..807cc8d2c8 100644
--- a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
@@ -91,4 +94,4 @@ This optional area lets you specify a period when your employees must stop addin
- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
\ No newline at end of file
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
index 771b794761..cbfc5f11b5 100644
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Create a change request using the Enterprise Mode Site List Portal
@@ -67,4 +70,4 @@ Employees assigned to the Requester role can create a change request. A change r
- **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
## Next steps
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
\ No newline at end of file
+After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 04ba74d178..ad225f2556 100644
--- a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
description: Delete a single site from your global Enterprise Mode site list.
ms.pagetype: appcompat
ms.mktglfcycl: deploy
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index f19c3e402a..403690d64f 100644
--- a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
index 30ded77dda..ae103d5802 100644
--- a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
+++ b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
index ef400d46d7..634fd7cd91 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -176,7 +179,7 @@ Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam
@@ -230,4 +233,4 @@ If you want to target specific sites in your organization.
|You can specify subdomains in the domain tag. |<docMode> <domain docMode="5">contoso.com</domain> <domain docMode="9">info.contoso.com</domain> <docMode> |
contoso.com uses document mode 5.
info.contoso.com uses document mode 9.
test.contoso.com also uses document mode 5.
|
|You can specify exact URLs by listing the full path. |<emie> <domain exclude="false">bing.com</domain> <domain exclude="false" forceCompatView="true">contoso.com</domain> <emie>|
contoso.com/about and everything underneath that node will load in Enterprise Mode, except contoso.com/about/business, which will load in the default version of IE.
|
-|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie> <domain exclude="true">contoso.com <path>/about <path exclude="true">/business</path> </path> </domain> </emie> |
contoso.com will use the default version of IE.
contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.
|
\ No newline at end of file
+|You can’t add a path underneath a path. The file will still be parsed, but the sub-path will be ignored. |<emie> <domain exclude="true">contoso.com <path>/about <path exclude="true">/business</path> </path> </domain> </emie> |
contoso.com will use the default version of IE.
contoso.com/about and everything underneath that node will load in Enterprise Mode, including contoso.com/about/business because the last rule is ignored.
|
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
index 2460a2a53d..70694a3df2 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 12/04/2017
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
index 663a632588..30d32a8d1a 100644
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ b/browsers/enterprise-mode/enterprise-mode.md
@@ -3,10 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use this section to learn about how to turn on Enterprise Mode.
-author: shortpatti
-ms.author: pashort
-ms.prod: edge, ie11
+author: dansimp
+ms.author: dansimp
+ms.prod: edge
ms.assetid:
+ms.reviewer:
+manager: dansimp
title: Enterprise Mode for Microsoft Edge
ms.sitesec: library
ms.date: ''
@@ -52,6 +54,6 @@ You can build and manage your Enterprise Mode Site List is by using any generic
### Add a single site to the site list
-### Add mulitple sites to the site list
+### Add multiple sites to the site list
diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 929957a727..4f4cbb32bb 100644
--- a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 7be8b574cc..a1d5a8a76b 100644
--- a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
index 37eb813af3..91ff0fab17 100644
--- a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local compatibility view list.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
index ca2d5c72aa..4e7e10efde 100644
--- a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index e41bd71f67..2cb578171f 100644
--- a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
index 17ab2b26ac..c946663dda 100644
--- a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Schedule approved change requests for production using the Enterprise Mode Site List Portal
@@ -47,4 +50,4 @@ After a change request is approved, the original Requester can schedule the chan
## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
\ No newline at end of file
+After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 17eed9cd2e..bf7e73664e 100644
--- a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
index 4dff80ce73..47322f0c03 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
index a3ec81f18b..21efc17c35 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Set up the Enterprise Mode Site List Portal
@@ -229,4 +232,4 @@ Register the EMIEScheduler tool and service for production site list changes.
- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
\ No newline at end of file
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md
index 31c3feec2f..d34ccca8ce 100644
--- a/browsers/enterprise-mode/turn-off-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md
@@ -2,10 +2,13 @@
ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
-description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
-author: jdeckerms
+description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
+author: dansimp
ms.prod: ie11
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
index 74225acded..b34f9be63f 100644
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Turn on local user control and logging for Enterprise Mode.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
index d57c5f411b..010448c58d 100644
--- a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
@@ -7,6 +7,10 @@ ms.prod: ie11
title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
+author: dansimp
---
# Use the Enterprise Mode Site List Portal
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
index b85478da24..f68c42ca3c 100644
--- a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 12/04/2017
diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md
index 244e102f38..c6f3e6048e 100644
--- a/browsers/enterprise-mode/using-enterprise-mode.md
+++ b/browsers/enterprise-mode/using-enterprise-mode.md
@@ -3,9 +3,12 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
index 9ceeafb141..a72f720a3f 100644
--- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Verify your changes using the Enterprise Mode Site List Portal
diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
index 5ec5b93f66..8387697841 100644
--- a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
index 8ed5e12491..6ae2c865ea 100644
--- a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
+++ b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
@@ -3,11 +3,14 @@ ms.localizationpriority: low
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: jdeckerms
+author: dansimp
ms.prod: ie11
title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
---
# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
diff --git a/browsers/includes/available-duel-browser-experiences-include.md b/browsers/includes/available-duel-browser-experiences-include.md
index 3ea0832564..e506d779b2 100644
--- a/browsers/includes/available-duel-browser-experiences-include.md
+++ b/browsers/includes/available-duel-browser-experiences-include.md
@@ -1,20 +1,22 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-## Available dual-browser experiences
-Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
-
-- Use Microsoft Edge as your primary browser.
-
-- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies.
-
-- Use Microsoft Edge as your primary browser and open all intranet sites in IE11.
-
-- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies.
-
-For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
\ No newline at end of file
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+## Available dual-browser experiences
+Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
+
+- Use Microsoft Edge as your primary browser.
+
+- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies.
+
+- Use Microsoft Edge as your primary browser and open all intranet sites in IE11.
+
+- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies.
+
+For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
diff --git a/browsers/includes/helpful-topics-include.md b/browsers/includes/helpful-topics-include.md
index 450c65b503..0a0f72e971 100644
--- a/browsers/includes/helpful-topics-include.md
+++ b/browsers/includes/helpful-topics-include.md
@@ -1,36 +1,38 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-
-## Helpful information and additional resources
-- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-
-- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie)
-
-- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501)
-
-- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974)
-
-- [Use the Enterprise Mode Site List Manager](../enterprise-mode/use-the-enterprise-mode-site-list-manager.md)
-
-- [Collect data using Enterprise Site Discovery](../enterprise-mode/collect-data-using-enterprise-site-discovery.md)
-
-- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
-
-- [Microsoft Services Support](https://www.microsoft.com/en-us/microsoftservices/support.aspx)
-
-- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
-
-
-
-
-
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
-- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
-- [Fix web compatibility issues using document modes and the Enterprise Mode site list](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+
+## Helpful information and additional resources
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie)
+
+- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501)
+
+- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974)
+
+- [Use the Enterprise Mode Site List Manager](../enterprise-mode/use-the-enterprise-mode-site-list-manager.md)
+
+- [Collect data using Enterprise Site Discovery](../enterprise-mode/collect-data-using-enterprise-site-discovery.md)
+
+- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
+
+- [Microsoft Services Support](https://www.microsoft.com/microsoftservices/support.aspx)
+
+- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
+
+
+
+
+
+- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/browser/mt612809.aspx)
+- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
+- [Fix web compatibility issues using document modes and the Enterprise Mode site list](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list)
diff --git a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
index 02ad5fe86d..22464cc569 100644
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
@@ -1,20 +1,22 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/02/2018
-ms.prod: edge
-ms:topic: include
----
-
-If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-
->[!IMPORTANT]
->Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
-
-1. In the Enterprise Mode Site List Manager, click **File \> Import**.
-
-2. Go to the exported .EMIE file.
For example, `C:\users\\documents\sites.emie`
-
-1. Click **Open**.
-
-2. Review the alert message about all of your entries being overwritten and click **Yes**.
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/02/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
+
+>[!IMPORTANT]
+>Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
+
+1. In the Enterprise Mode Site List Manager, click **File \> Import**.
+
+2. Go to the exported .EMIE file.
For example, `C:\users\\documents\sites.emie`
+
+1. Click **Open**.
+
+2. Review the alert message about all of your entries being overwritten and click **Yes**.
diff --git a/browsers/includes/interoperability-goals-enterprise-guidance.md b/browsers/includes/interoperability-goals-enterprise-guidance.md
index a18552366f..04470d33af 100644
--- a/browsers/includes/interoperability-goals-enterprise-guidance.md
+++ b/browsers/includes/interoperability-goals-enterprise-guidance.md
@@ -1,37 +1,41 @@
----
-author: shortpatti
-ms.author: pashort
-ms.date: 10/15/2018
-ms.prod: edge
-ms:topic: include
----
-
-## Interoperability goals and enterprise guidance
-
-Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
-
-You must continue using IE11 if web apps use any of the following:
-
-* ActiveX controls
-
-* x-ua-compatible headers
-
-* <meta> tags
-
-* Enterprise mode or compatibility view to addressing compatibility issues
-
-* legacy document modes
-
-If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
-
->[!TIP]
->If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
-
-
-|Technology |Why it existed |Why we don't need it anymore |
-|---------|---------|---------|
-|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | |
-|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | |
-|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. |
----
-
+---
+author: eavena
+ms.author: eravena
+ms.date: 10/15/2018
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+## Interoperability goals and enterprise guidance
+
+Our primary goal is that your websites work in Microsoft Edge. To that end, we've made Microsoft Edge the default browser.
+
+You must continue using IE11 if web apps use any of the following:
+
+* ActiveX controls
+
+* x-ua-compatible headers
+
+* <meta> tags with an http-equivalent value of X-UA-Compatible header
+
+* Enterprise mode or compatibility view to addressing compatibility issues
+
+* legacy document modes
+
+If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11.
+
+>[!TIP]
+>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).
+
+
+|Technology |Why it existed |Why we don't need it anymore |
+|---------|---------|---------|
+|ActiveX |ActiveX is a binary extension model introduced in 1996 which allowed developers to embed native Windows technologies (COM/OLE) in web pages. These controls can be downloaded and installed from a site and were subsequently loaded in-process and rendered in Internet Explorer. | |
+|Browser Helper Objects (BHO) |BHOs are a binary extension model introduced in 1997 which enabled developers to write COM objects that were loaded in-process with the browser and could perform actions on available windows and modules. A common use was to build toolbars that installed into Internet Explorer. | |
+|Document modes | Starting with IE8, Internet Explorer introduced a new “document mode” with every release. These document modes could be requested via the x-ua-compatible header to put the browser into a mode which emulates legacy versions. |Similar to other modern browsers, Microsoft Edge has a single “living” document mode. To minimize the compatibility burden, we test features behind switches in about:flags until stable and ready to be turned on by default. |
+
+
+---
+
diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md
index 229def58e0..28a0957588 100644
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@@ -1,188 +1,191 @@
-#[IE11 Deployment Guide for IT Pros](ie11-deploy-guide/index.md)
+# [IE11 Deployment Guide for IT Pros](ie11-deploy-guide/index.md)
-##[Change history for the Internet Explorer 11 (IE11) Deployment Guide](ie11-deploy-guide/change-history-for-internet-explorer-11.md)
+## [Change history for the Internet Explorer 11 (IE11) Deployment Guide](ie11-deploy-guide/change-history-for-internet-explorer-11.md)
-##[System requirements and language support for Internet Explorer 11](ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md)
+## [System requirements and language support for Internet Explorer 11](ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md)
-##[List of updated features and tools - Internet Explorer 11 (IE11)](ie11-deploy-guide/updated-features-and-tools-with-ie11.md)
+## [List of updated features and tools - Internet Explorer 11 (IE11)](ie11-deploy-guide/updated-features-and-tools-with-ie11.md)
-##[Install and Deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/install-and-deploy-ie11.md)
-###[Customize Internet Explorer 11 installation packages](ie11-deploy-guide/customize-ie11-install-packages.md)
-####[Using IEAK 11 to create packages](ie11-deploy-guide/using-ieak11-to-create-install-packages.md)
-####[Create packages for multiple operating systems or languages](ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md)
-####[Using .INF files to create packages](ie11-deploy-guide/using-inf-files-to-create-install-packages.md)
-###[Choose how to install Internet Explorer 11 (IE11)](ie11-deploy-guide/choose-how-to-install-ie11.md)
-####[Install Internet Explorer 11 (IE11) - System Center 2012 R2 Configuration Manager](ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md)
-####[Install Internet Explorer 11 (IE11) - Windows Server Update Services (WSUS)](ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md)
-####[Install Internet Explorer 11 (IE11) - Microsoft Intune](ie11-deploy-guide/install-ie11-using-microsoft-intune.md)
-####[Install Internet Explorer 11 (IE11) - Network](ie11-deploy-guide/install-ie11-using-the-network.md)
-####[Install Internet Explorer 11 (IE11) - Operating system deployment systems](ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md)
-####[Install Internet Explorer 11 (IE11) - Third-party tools](ie11-deploy-guide/install-ie11-using-third-party-tools.md)
-###[Choose how to deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/choose-how-to-deploy-ie11.md)
-####[Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)](ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md)
-####[Deploy Internet Explorer 11 using software distribution tools](ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md)
-###[Virtualization and compatibility with Internet Explorer 11](ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md)
+## [Install and Deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/install-and-deploy-ie11.md)
+### [Customize Internet Explorer 11 installation packages](ie11-deploy-guide/customize-ie11-install-packages.md)
+#### [Using IEAK 11 to create packages](ie11-deploy-guide/using-ieak11-to-create-install-packages.md)
+#### [Create packages for multiple operating systems or languages](ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md)
+#### [Using .INF files to create packages](ie11-deploy-guide/using-inf-files-to-create-install-packages.md)
+### [Choose how to install Internet Explorer 11 (IE11)](ie11-deploy-guide/choose-how-to-install-ie11.md)
+#### [Install Internet Explorer 11 (IE11) - System Center 2012 R2 Configuration Manager](ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md)
+#### [Install Internet Explorer 11 (IE11) - Windows Server Update Services (WSUS)](ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md)
+#### [Install Internet Explorer 11 (IE11) - Microsoft Intune](ie11-deploy-guide/install-ie11-using-microsoft-intune.md)
+#### [Install Internet Explorer 11 (IE11) - Network](ie11-deploy-guide/install-ie11-using-the-network.md)
+#### [Install Internet Explorer 11 (IE11) - Operating system deployment systems](ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md)
+#### [Install Internet Explorer 11 (IE11) - Third-party tools](ie11-deploy-guide/install-ie11-using-third-party-tools.md)
+### [Choose how to deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/choose-how-to-deploy-ie11.md)
+#### [Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)](ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md)
+#### [Deploy Internet Explorer 11 using software distribution tools](ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md)
+### [Virtualization and compatibility with Internet Explorer 11](ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md)
-##[Collect data using Enterprise Site Discovery](ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md)
+## [Collect data using Enterprise Site Discovery](ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md)
-##[Enterprise Mode for Internet Explorer 11 (IE11)](ie11-deploy-guide/enterprise-mode-overview-for-ie11.md)
-###[Tips and tricks to manage Internet Explorer compatibility](ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md)
-###[Enterprise Mode and the Enterprise Mode Site List](ie11-deploy-guide/what-is-enterprise-mode.md)
-###[Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md)
-###[Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md)
-###[Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
-###[Enterprise Mode schema v.1 guidance](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
-###[Check for a new Enterprise Mode site list xml file](ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md)
-###[Turn on local control and logging for Enterprise Mode](ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md)
-###[Use the Enterprise Mode Site List Manager](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
-####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
-####[Fix validation problems using the Enterprise Mode Site List Manager](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
-####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-####[Save your site list to XML in the Enterprise Mode Site List Manager](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
-####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
-####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
-####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-###[Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
-####[Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
-#####[Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)
-#####[Add employees to the Enterprise Mode Site List Portal](ie11-deploy-guide/add-employees-enterprise-mode-portal.md)
-####[Workflow-based processes for employees using the Enterprise Mode Site List Portal](ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md)
-#####[Create a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/create-change-request-enterprise-mode-portal.md)
-#####[Verify your changes using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md)
-#####[Approve a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md)
-#####[Schedule approved change requests for production using the Enterprise Mode Site List Portal](ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md)
-#####[Verify the change request update in the production environment using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md)
-#####[View the apps currently on the Enterprise Mode Site List](ie11-deploy-guide/view-apps-enterprise-mode-site-list.md)
-#####[View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md)
-###[Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md)
-###[Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md)
-###[Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md)
-###[Remove sites from a local compatibility view list](ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md)
-###[Turn off Enterprise Mode](ie11-deploy-guide/turn-off-enterprise-mode.md)
+## [Enterprise Mode for Internet Explorer 11 (IE11)](ie11-deploy-guide/enterprise-mode-overview-for-ie11.md)
+### [Tips and tricks to manage Internet Explorer compatibility](ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md)
+### [Enterprise Mode and the Enterprise Mode Site List](ie11-deploy-guide/what-is-enterprise-mode.md)
+### [Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md)
+### [Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md)
+### [Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
+### [Enterprise Mode schema v.1 guidance](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
+### [Check for a new Enterprise Mode site list xml file](ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md)
+### [Turn on local control and logging for Enterprise Mode](ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md)
+### [Use the Enterprise Mode Site List Manager](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
+#### [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
+#### [Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
+#### [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
+#### [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
+#### [Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
+#### [Fix validation problems using the Enterprise Mode Site List Manager](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
+#### [Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+#### [Save your site list to XML in the Enterprise Mode Site List Manager](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
+#### [Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
+#### [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
+#### [Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+#### [Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+### [Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
+#### [Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
+##### [Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)
+##### [Add employees to the Enterprise Mode Site List Portal](ie11-deploy-guide/add-employees-enterprise-mode-portal.md)
+#### [Workflow-based processes for employees using the Enterprise Mode Site List Portal](ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md)
+##### [Create a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/create-change-request-enterprise-mode-portal.md)
+##### [Verify your changes using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md)
+##### [Approve a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md)
+##### [Schedule approved change requests for production using the Enterprise Mode Site List Portal](ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md)
+##### [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md)
+##### [View the apps currently on the Enterprise Mode Site List](ie11-deploy-guide/view-apps-enterprise-mode-site-list.md)
+##### [View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md)
+### [Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md)
+### [Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md)
+### [Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md)
+### [Remove sites from a local compatibility view list](ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md)
+### [Turn off Enterprise Mode](ie11-deploy-guide/turn-off-enterprise-mode.md)
-##[Group Policy and Internet Explorer 11 (IE11)](ie11-deploy-guide/group-policy-and-ie11.md)
-###[Group Policy management tools](ie11-deploy-guide/group-policy-objects-and-ie11.md)
-####[Group Policy and the Group Policy Management Console (GPMC)](ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md)
-####[Group Policy and the Local Group Policy Editor](ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md)
-####[Group Policy and Advanced Group Policy Management (AGPM)](ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md)
-####[Group Policy and Windows Powershell](ie11-deploy-guide/group-policy-windows-powershell-ie11.md)
-####[Group Policy and Shortcut Extensions](ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md)
-###[New group policy settings for Internet Explorer 11](ie11-deploy-guide/new-group-policy-settings-for-ie11.md)
-###[Set the default browser using Group Policy](ie11-deploy-guide/set-the-default-browser-using-group-policy.md)
-###[ActiveX installation using group policy](ie11-deploy-guide/activex-installation-using-group-policy.md)
-###[Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatability-with-ie11.md)
-###[Group policy preferences and Internet Explorer 11](ie11-deploy-guide/group-policy-preferences-and-ie11.md)
-###[Administrative templates and Internet Explorer 11](ie11-deploy-guide/administrative-templates-and-ie11.md)
-###[Enable and disable add-ons using administrative templates and group policy](ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md)
+## [Group Policy and Internet Explorer 11 (IE11)](ie11-deploy-guide/group-policy-and-ie11.md)
+### [Group Policy management tools](ie11-deploy-guide/group-policy-objects-and-ie11.md)
+#### [Group Policy and the Group Policy Management Console (GPMC)](ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md)
+#### [Group Policy and the Local Group Policy Editor](ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md)
+#### [Group Policy and Advanced Group Policy Management (AGPM)](ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md)
+#### [Group Policy and Windows Powershell](ie11-deploy-guide/group-policy-windows-powershell-ie11.md)
+#### [Group Policy and Shortcut Extensions](ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md)
+### [New group policy settings for Internet Explorer 11](ie11-deploy-guide/new-group-policy-settings-for-ie11.md)
+### [Set the default browser using Group Policy](ie11-deploy-guide/set-the-default-browser-using-group-policy.md)
+### [ActiveX installation using group policy](ie11-deploy-guide/activex-installation-using-group-policy.md)
+### [Group Policy and compatibility with Internet Explorer 11](ie11-deploy-guide/group-policy-compatibility-with-ie11.md)
+### [Group policy preferences and Internet Explorer 11](ie11-deploy-guide/group-policy-preferences-and-ie11.md)
+### [Administrative templates and Internet Explorer 11](ie11-deploy-guide/administrative-templates-and-ie11.md)
+### [Enable and disable add-ons using administrative templates and group policy](ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md)
-##[Manage Internet Explorer 11](ie11-deploy-guide/manage-ie11-overview.md)
-###[Auto detect settings Internet Explorer 11](ie11-deploy-guide/auto-detect-settings-for-ie11.md)
-###[Auto configuration settings for Internet Explorer 11](ie11-deploy-guide/auto-configuration-settings-for-ie11.md)
-###[Auto proxy configuration settings for Internet Explorer 11](ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md)
+## [Manage Internet Explorer 11](ie11-deploy-guide/manage-ie11-overview.md)
+### [Auto detect settings Internet Explorer 11](ie11-deploy-guide/auto-detect-settings-for-ie11.md)
+### [Auto configuration settings for Internet Explorer 11](ie11-deploy-guide/auto-configuration-settings-for-ie11.md)
+### [Auto proxy configuration settings for Internet Explorer 11](ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md)
-##[Troubleshoot Internet Explorer 11 (IE11)](ie11-deploy-guide/troubleshoot-ie11.md)
-###[Setup problems with Internet Explorer 11](ie11-deploy-guide/setup-problems-with-ie11.md)
-###[Install problems with Internet Explorer 11](ie11-deploy-guide/install-problems-with-ie11.md)
-###[Problems after installing Internet Explorer 11](ie11-deploy-guide/problems-after-installing-ie11.md)
-###[Auto configuration and auto proxy problems with Internet Explorer 11](ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md)
-###[User interface problems with Internet Explorer 11](ie11-deploy-guide/user-interface-problems-with-ie11.md)
-###[Group Policy problems with Internet Explorer 11](ie11-deploy-guide/group-policy-problems-ie11.md)
-###[.NET Framework problems with Internet Explorer 11](ie11-deploy-guide/net-framework-problems-with-ie11.md)
-###[Enhanced Protected Mode problems with Internet Explorer](ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md)
-###[Fix font rendering problems by turning off natural metrics](ie11-deploy-guide/turn-off-natural-metrics.md)
-###[Intranet problems with Internet Explorer 11](ie11-deploy-guide/intranet-problems-and-ie11.md)
-###[Browser cache changes and roaming profiles](ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md)
+## [Troubleshoot Internet Explorer 11 (IE11)](ie11-deploy-guide/troubleshoot-ie11.md)
+### [Setup problems with Internet Explorer 11](ie11-deploy-guide/setup-problems-with-ie11.md)
+### [Install problems with Internet Explorer 11](ie11-deploy-guide/install-problems-with-ie11.md)
+### [Problems after installing Internet Explorer 11](ie11-deploy-guide/problems-after-installing-ie11.md)
+### [Auto configuration and auto proxy problems with Internet Explorer 11](ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md)
+### [User interface problems with Internet Explorer 11](ie11-deploy-guide/user-interface-problems-with-ie11.md)
+### [Group Policy problems with Internet Explorer 11](ie11-deploy-guide/group-policy-problems-ie11.md)
+### [.NET Framework problems with Internet Explorer 11](ie11-deploy-guide/net-framework-problems-with-ie11.md)
+### [Enhanced Protected Mode problems with Internet Explorer](ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md)
+### [Fix font rendering problems by turning off natural metrics](ie11-deploy-guide/turn-off-natural-metrics.md)
+### [Intranet problems with Internet Explorer 11](ie11-deploy-guide/intranet-problems-and-ie11.md)
+### [Browser cache changes and roaming profiles](ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md)
-##[Out-of-date ActiveX control blocking](ie11-deploy-guide/out-of-date-activex-control-blocking.md)
-###[Blocked out-of-date ActiveX controls](ie11-deploy-guide/blocked-out-of-date-activex-controls.md)
+## [Out-of-date ActiveX control blocking](ie11-deploy-guide/out-of-date-activex-control-blocking.md)
+### [Blocked out-of-date ActiveX controls](ie11-deploy-guide/blocked-out-of-date-activex-controls.md)
-##[Deprecated document modes and Internet Explorer 11](ie11-deploy-guide/deprecated-document-modes.md)
+## [Deprecated document modes and Internet Explorer 11](ie11-deploy-guide/deprecated-document-modes.md)
-##[What is the Internet Explorer 11 Blocker Toolkit?](ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md)
-###[Internet Explorer 11 delivery through automatic updates](ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
-###[Internet Explorer 11 Blocker Toolkit FAQ](ie11-faq/faq-ie11-blocker-toolkit.md)
+## [What is the Internet Explorer 11 Blocker Toolkit?](ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md)
+### [Internet Explorer 11 delivery through automatic updates](ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
+### [Internet Explorer 11 Blocker Toolkit FAQ](ie11-faq/faq-ie11-blocker-toolkit.md)
-##[Missing Internet Explorer Maintenance settings for Internet Explorer 11](ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md)
+## [Missing Internet Explorer Maintenance settings for Internet Explorer 11](ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md)
-##[Missing the Compatibility View Button](ie11-deploy-guide/missing-the-compatibility-view-button.md)
+## [Missing the Compatibility View Button](ie11-deploy-guide/missing-the-compatibility-view-button.md)
-##[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md)
+## [Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md)
-#[IE11 Frequently Asked Questions (FAQ) Guide for IT Pros](ie11-faq/faq-for-it-pros-ie11.md)
+# [IE11 Frequently Asked Questions (FAQ) Guide for IT Pros](ie11-faq/faq-for-it-pros-ie11.md)
-#[Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](ie11-ieak/index.md)
-##[What IEAK can do for you](ie11-ieak/what-ieak-can-do-for-you.md)
-##[Internet Explorer Administration Kit (IEAK) information and downloads](ie11-ieak/ieak-information-and-downloads.md)
-##[Before you start using IEAK 11](ie11-ieak/before-you-create-custom-pkgs-ieak11.md)
-###[Hardware and software requirements for IEAK 11](ie11-ieak/hardware-and-software-reqs-ieak11.md)
-###[Determine the licensing version and features to use in IEAK 11](ie11-ieak/licensing-version-and-features-ieak11.md)
-###[Security features and IEAK 11](ie11-ieak/security-and-ieak11.md)
-###[File types used or created by IEAK 11](ie11-ieak/file-types-ieak11.md)
-###[Tasks and references to consider before creating and deploying custom packages using IEAK 11](ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md)
-###[Create the build computer folder structure using IEAK 11](ie11-ieak/create-build-folder-structure-ieak11.md)
-###[Set up auto detection for DHCP or DNS servers using IEAK 11](ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md)
-###[Use proxy auto-configuration (.pac) files with IEAK 11](ie11-ieak/proxy-auto-config-examples.md)
-###[Customize the toolbar button and Favorites List icons using IEAK 11](ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md)
-###[Use the uninstallation .INF files to uninstall custom components](ie11-ieak/create-uninstall-inf-files-for-custom-components.md)
-###[Add and approve ActiveX controls using the IEAK 11](ie11-ieak/add-and-approve-activex-controls-ieak11.md)
-###[Register an uninstall app for custom components using IEAK 11](ie11-ieak/register-uninstall-app-ieak11.md)
-###[Customize Automatic Search for Internet Explorer using IEAK 11](ie11-ieak/customize-automatic-search-for-ie.md)
-###[Create multiple versions of your custom package using IEAK 11](ie11-ieak/create-multiple-browser-packages-ieak11.md)
-###[Before you install your package over your network using IEAK 11](ie11-ieak/prep-network-install-with-ieak11.md)
-###[Use the RSoP snap-in to review policy settings](ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md)
-###[IEAK 11 - Frequently Asked Questions](ie11-faq/faq-ieak11.md)
-###[Troubleshoot custom package and IEAK 11 problems](ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md)
+# [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](ie11-ieak/index.md)
+## [What IEAK can do for you](ie11-ieak/what-ieak-can-do-for-you.md)
+## [Internet Explorer Administration Kit (IEAK) information and downloads](ie11-ieak/ieak-information-and-downloads.md)
+## [Before you start using IEAK 11](ie11-ieak/before-you-create-custom-pkgs-ieak11.md)
+### [Hardware and software requirements for IEAK 11](ie11-ieak/hardware-and-software-reqs-ieak11.md)
+### [Determine the licensing version and features to use in IEAK 11](ie11-ieak/licensing-version-and-features-ieak11.md)
+### [Security features and IEAK 11](ie11-ieak/security-and-ieak11.md)
+### [File types used or created by IEAK 11](ie11-ieak/file-types-ieak11.md)
+### [Tasks and references to consider before creating and deploying custom packages using IEAK 11](ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md)
+### [Create the build computer folder structure using IEAK 11](ie11-ieak/create-build-folder-structure-ieak11.md)
+### [Set up auto detection for DHCP or DNS servers using IEAK 11](ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md)
+### [Use proxy auto-configuration (.pac) files with IEAK 11](ie11-ieak/proxy-auto-config-examples.md)
+### [Customize the toolbar button and Favorites List icons using IEAK 11](ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md)
+### [Use the uninstallation .INF files to uninstall custom components](ie11-ieak/create-uninstall-inf-files-for-custom-components.md)
+### [Add and approve ActiveX controls using the IEAK 11](ie11-ieak/add-and-approve-activex-controls-ieak11.md)
+### [Register an uninstall app for custom components using IEAK 11](ie11-ieak/register-uninstall-app-ieak11.md)
+### [Customize Automatic Search for Internet Explorer using IEAK 11](ie11-ieak/customize-automatic-search-for-ie.md)
+### [Create multiple versions of your custom package using IEAK 11](ie11-ieak/create-multiple-browser-packages-ieak11.md)
+### [Before you install your package over your network using IEAK 11](ie11-ieak/prep-network-install-with-ieak11.md)
+### [Use the RSoP snap-in to review policy settings](ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md)
+### [IEAK 11 - Frequently Asked Questions](ie11-faq/faq-ieak11.md)
+### [Troubleshoot custom package and IEAK 11 problems](ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md)
-##[Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](ie11-ieak/ieak11-wizard-custom-options.md)
-###[Use the File Locations page in the IEAK 11 Wizard](ie11-ieak/file-locations-ieak11-wizard.md)
-###[Use the Platform Selection page in the IEAK 11 Wizard](ie11-ieak/platform-selection-ieak11-wizard.md)
-###[Use the Language Selection page in the IEAK 11 Wizard](ie11-ieak/language-selection-ieak11-wizard.md)
-###[Use the Package Type Selection page in the IEAK 11 Wizard](ie11-ieak/pkg-type-selection-ieak11-wizard.md)
-###[Use the Feature Selection page in the IEAK 11 Wizard](ie11-ieak/feature-selection-ieak11-wizard.md)
-###[Use the Automatic Version Synchronization page in the IEAK 11 Wizard](ie11-ieak/auto-version-sync-ieak11-wizard.md)
-###[Use the Custom Components page in the IEAK 11 Wizard](ie11-ieak/custom-components-ieak11-wizard.md)
-###[Use the Internal Install page in the IEAK 11 Wizard](ie11-ieak/internal-install-ieak11-wizard.md)
-###[Use the User Experience page in the IEAK 11 Wizard](ie11-ieak/user-experience-ieak11-wizard.md)
-###[Use the Browser User Interface page in the IEAK 11 Wizard](ie11-ieak/browser-ui-ieak11-wizard.md)
-###[Use the Search Providers page in the IEAK 11 Wizard](ie11-ieak/search-providers-ieak11-wizard.md)
-###[Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md)
-###[Use the Accelerators page in the IEAK 11 Wizard](ie11-ieak/accelerators-ieak11-wizard.md)
-###[Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard](ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md)
-###[Use the Browsing Options page in the IEAK 11 Wizard](ie11-ieak/browsing-options-ieak11-wizard.md)
-###[Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard](ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md)
-###[Use the Compatibility View page in the IEAK 11 Wizard](ie11-ieak/compat-view-ieak11-wizard.md)
-###[Use the Connection Manager page in the IEAK 11 Wizard](ie11-ieak/connection-mgr-ieak11-wizard.md)
-###[Use the Connection Settings page in the IEAK 11 Wizard](ie11-ieak/connection-settings-ieak11-wizard.md)
-###[Use the Automatic Configuration page in the IEAK 11 Wizard](ie11-ieak/auto-config-ieak11-wizard.md)
-###[Use the Proxy Settings page in the IEAK 11 Wizard](ie11-ieak/proxy-settings-ieak11-wizard.md)
-###[Use the Security and Privacy Settings page in the IEAK 11 Wizard](ie11-ieak/security-and-privacy-settings-ieak11-wizard.md)
-###[Use the Add a Root Certificate page in the IEAK 11 Wizard](ie11-ieak/add-root-certificate-ieak11-wizard.md)
-###[Use the Programs page in the IEAK 11 Wizard](ie11-ieak/programs-ieak11-wizard.md)
-###[Use the Additional Settings page in the IEAK 11 Wizard](ie11-ieak/additional-settings-ieak11-wizard.md)
-###[Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard](ie11-ieak/wizard-complete-ieak11-wizard.md)
+## [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](ie11-ieak/ieak11-wizard-custom-options.md)
+### [Use the File Locations page in the IEAK 11 Wizard](ie11-ieak/file-locations-ieak11-wizard.md)
+### [Use the Platform Selection page in the IEAK 11 Wizard](ie11-ieak/platform-selection-ieak11-wizard.md)
+### [Use the Language Selection page in the IEAK 11 Wizard](ie11-ieak/language-selection-ieak11-wizard.md)
+### [Use the Package Type Selection page in the IEAK 11 Wizard](ie11-ieak/pkg-type-selection-ieak11-wizard.md)
+### [Use the Feature Selection page in the IEAK 11 Wizard](ie11-ieak/feature-selection-ieak11-wizard.md)
+### [Use the Automatic Version Synchronization page in the IEAK 11 Wizard](ie11-ieak/auto-version-sync-ieak11-wizard.md)
+### [Use the Custom Components page in the IEAK 11 Wizard](ie11-ieak/custom-components-ieak11-wizard.md)
+### [Use the Internal Install page in the IEAK 11 Wizard](ie11-ieak/internal-install-ieak11-wizard.md)
+### [Use the User Experience page in the IEAK 11 Wizard](ie11-ieak/user-experience-ieak11-wizard.md)
+### [Use the Browser User Interface page in the IEAK 11 Wizard](ie11-ieak/browser-ui-ieak11-wizard.md)
+### [Use the Search Providers page in the IEAK 11 Wizard](ie11-ieak/search-providers-ieak11-wizard.md)
+### [Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md)
+### [Use the Accelerators page in the IEAK 11 Wizard](ie11-ieak/accelerators-ieak11-wizard.md)
+### [Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard](ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md)
+### [Use the Browsing Options page in the IEAK 11 Wizard](ie11-ieak/browsing-options-ieak11-wizard.md)
+### [Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard](ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md)
+### [Use the Compatibility View page in the IEAK 11 Wizard](ie11-ieak/compat-view-ieak11-wizard.md)
+### [Use the Connection Manager page in the IEAK 11 Wizard](ie11-ieak/connection-mgr-ieak11-wizard.md)
+### [Use the Connection Settings page in the IEAK 11 Wizard](ie11-ieak/connection-settings-ieak11-wizard.md)
+### [Use the Automatic Configuration page in the IEAK 11 Wizard](ie11-ieak/auto-config-ieak11-wizard.md)
+### [Use the Proxy Settings page in the IEAK 11 Wizard](ie11-ieak/proxy-settings-ieak11-wizard.md)
+### [Use the Security and Privacy Settings page in the IEAK 11 Wizard](ie11-ieak/security-and-privacy-settings-ieak11-wizard.md)
+### [Use the Add a Root Certificate page in the IEAK 11 Wizard](ie11-ieak/add-root-certificate-ieak11-wizard.md)
+### [Use the Programs page in the IEAK 11 Wizard](ie11-ieak/programs-ieak11-wizard.md)
+### [Use the Additional Settings page in the IEAK 11 Wizard](ie11-ieak/additional-settings-ieak11-wizard.md)
+### [Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard](ie11-ieak/wizard-complete-ieak11-wizard.md)
-##[Using Internet Settings (.INS) files with IEAK 11](ie11-ieak/using-internet-settings-ins-files.md)
-###[Use the Branding .INS file to create custom branding and setup info](ie11-ieak/branding-ins-file-setting.md)
-###[Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar](ie11-ieak/browsertoolbars-ins-file-setting.md)
-###[Use the CabSigning .INS file to review the digital signatures for your apps](ie11-ieak/cabsigning-ins-file-setting.md)
-###[Use the ConnectionSettings .INS file to review the network connections for install](ie11-ieak/connectionsettings-ins-file-setting.md)
-###[Use the CustomBranding .INS file to specify the custom branding location](ie11-ieak/custombranding-ins-file-setting.md)
-###[Use the ExtRegInf .INS file to specify installation files and mode](ie11-ieak/extreginf-ins-file-setting.md)
-###[Use the FavoritesEx .INS file for your Favorites icon and URLs](ie11-ieak/favoritesex-ins-file-setting.md)
-###[Use the HideCustom .INS file to hide GUIDs](ie11-ieak/hidecustom-ins-file-setting.md)
-###[Use the ISP_Security .INS file to add your root certificate](ie11-ieak/isp-security-ins-file-setting.md)
-###[Use the Media .INS file to specify your install media](ie11-ieak/media-ins-file-setting.md)
-###[Use the Proxy .INS file to specify a proxy server](ie11-ieak/proxy-ins-file-setting.md)
-###[Use the Security Imports .INS file to import security info](ie11-ieak/security-imports-ins-file-setting.md)
-###[Use the URL .INS file to use an auto-configured proxy server](ie11-ieak/url-ins-file-setting.md)
+## [Using Internet Settings (.INS) files with IEAK 11](ie11-ieak/using-internet-settings-ins-files.md)
+### [Use the Branding .INS file to create custom branding and setup info](ie11-ieak/branding-ins-file-setting.md)
+### [Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar](ie11-ieak/browsertoolbars-ins-file-setting.md)
+### [Use the CabSigning .INS file to review the digital signatures for your apps](ie11-ieak/cabsigning-ins-file-setting.md)
+### [Use the ConnectionSettings .INS file to review the network connections for install](ie11-ieak/connectionsettings-ins-file-setting.md)
+### [Use the CustomBranding .INS file to specify the custom branding location](ie11-ieak/custombranding-ins-file-setting.md)
+### [Use the ExtRegInf .INS file to specify installation files and mode](ie11-ieak/extreginf-ins-file-setting.md)
+### [Use the FavoritesEx .INS file for your Favorites icon and URLs](ie11-ieak/favoritesex-ins-file-setting.md)
+### [Use the HideCustom .INS file to hide GUIDs](ie11-ieak/hidecustom-ins-file-setting.md)
+### [Use the ISP_Security .INS file to add your root certificate](ie11-ieak/isp-security-ins-file-setting.md)
+### [Use the Media .INS file to specify your install media](ie11-ieak/media-ins-file-setting.md)
+### [Use the Proxy .INS file to specify a proxy server](ie11-ieak/proxy-ins-file-setting.md)
+### [Use the Security Imports .INS file to import security info](ie11-ieak/security-imports-ins-file-setting.md)
+### [Use the URL .INS file to use an auto-configured proxy server](ie11-ieak/url-ins-file-setting.md)
-##[IExpress Wizard for Windows Server 2008 R2 with SP1](ie11-ieak/iexpress-wizard-for-win-server.md)
-###[IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md)
-###[Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
+## [IExpress Wizard for Windows Server 2008 R2 with SP1](ie11-ieak/iexpress-wizard-for-win-server.md)
+### [IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md)
+### [Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
+## KB Troubleshoot
+### [Clear the Internet Explorer cache from a command line](kb-support/clear-ie-cache-from-command-line.md)
+### [Internet Explorer and Microsoft Edge FAQ for IT Pros](kb-support/ie-edge-faqs.md)
diff --git a/browsers/internet-explorer/docfx.json b/browsers/internet-explorer/docfx.json
index 0c42ef4158..50208546bb 100644
--- a/browsers/internet-explorer/docfx.json
+++ b/browsers/internet-explorer/docfx.json
@@ -1,40 +1,48 @@
{
"build": {
- "content":
- [
- {
- "files": ["**/*.md","**/*.yml"],
- "exclude": ["**/obj/**"]
- }
- ],
+ "content": [
+ {
+ "files": [
+ "**/*.md",
+ "**/*.yml"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
+ ],
"resource": [
- {
- "files": ["**/images/**"],
- "exclude": ["**/obj/**"]
- }
+ {
+ "files": [
+ "**/images/**"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
- "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.author": "shortpatti",
- "author": "eross-msft",
- "ms.technology": "internet-explorer",
- "ms.topic": "article",
- "ms.date": "04/05/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.internet-explorer"
- }
- }
+ "breadcrumb_path": "/internet-explorer/breadcrumb/toc.json",
+ "ROBOTS": "INDEX, FOLLOW",
+ "audience": "ITPro",
+ "ms.technology": "internet-explorer",
+ "ms.prod": "ie11",
+ "ms.topic": "article",
+ "manager": "laurawi",
+ "ms.date": "04/05/2017",
+ "feedback_system": "None",
+ "hideEdit": true,
+ "_op_documentIdPathDepotMapping": {
+ "./": {
+ "depot_name": "Win.internet-explorer",
+ "folder_relative_path_in_docset": "./"
+ }
+ },
+ "titleSuffix": "Internet Explorer"
},
- "externalReference": [
- ],
+ "externalReference": [],
"template": "op.html",
"dest": "edges/internet-explorer",
- "markdownEngineName": "dfm"
+ "markdownEngineName": "markdig"
}
-}
\ No newline at end of file
+}
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index 8cab9278d3..8fe62f2f79 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -1,46 +1,49 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: How to use Group Policy to install ActiveX controls.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
-title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and ActiveX installation
-
-ActiveX controls are installed and invoked using the HTML object tag with the CODEBASE attribute. This attribute, through a URL, makes Internet Explorer:
-
-- Get the ActiveX control if it's not already installed.
-
-- Download the installation package.
-
-- Perform trust verification on the object.
-
-- Prompt for installation permission, using the IE Information Bar.
-
-During installation, the rendering page registers and invokes the control, so that after installation, any standard user can invoke the control.
-
-**Important** ActiveX control installation requires administrator-level permissions.
-
-## Group Policy for the ActiveX Installer Service
-
-You use the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. The AXIS-related settings can be changed using either the Group Policy Management Console (GPMC) or the Local Group Policy Editor, and include:
-
-- **Approved Installation Sites for ActiveX Controls.** A list of approved installation sites used by AXIS to determine whether it can install a particular ActiveX control.
-
-- **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
-
-For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=214503).
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: How to use Group Policy to install ActiveX controls.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Group Policy and ActiveX installation
+
+ActiveX controls are installed and invoked using the HTML object tag with the CODEBASE attribute. This attribute, through a URL, makes Internet Explorer:
+
+- Get the ActiveX control if it's not already installed.
+
+- Download the installation package.
+
+- Perform trust verification on the object.
+
+- Prompt for installation permission, using the IE Information Bar.
+
+During installation, the rendering page registers and invokes the control, so that after installation, any standard user can invoke the control.
+
+**Important** ActiveX control installation requires administrator-level permissions.
+
+## Group Policy for the ActiveX Installer Service
+
+You use the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. The AXIS-related settings can be changed using either the Group Policy Management Console (GPMC) or the Local Group Policy Editor, and include:
+
+- **Approved Installation Sites for ActiveX Controls.** A list of approved installation sites used by AXIS to determine whether it can install a particular ActiveX control.
+
+- **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
+
+For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=214503).
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
index bee3a36c25..664bc596e1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
@@ -1,65 +1,68 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how to add employees to the Enterprise Mode Site List Portal.
-author: shortpatti
-ms.prod: ie11
-title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Add employees to the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
-
-The available roles are:
-
-- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
-
-- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
-
-- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
-
-**To add an employee to the Enterprise Mode Site List Portal**
-1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
-
- The **Employee management** page appears.
-
-2. Click **Add a new employee**.
-
- The **Add a new employee** page appears.
-
-3. Fill out the fields for each employee, including:
-
- - **Email.** Add the employee's email address.
-
- - **Name.** This box autofills based on the email address.
-
- - **Role.** Pick a single role for the employee, based on the list above.
-
- - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
-
- - **Comments.** Add optional comments about the employee.
-
- - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
-
-4. Click **Save**.
-
-**To export all employees to an Excel spreadsheet**
-1. On the **Employee management** page, click **Export to Excel**.
-
-2. Save the EnterpriseModeUsersList.xlsx file.
-
- The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
\ No newline at end of file
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to add employees to the Enterprise Mode Site List Portal.
+author: dansimp
+ms.prod: ie11
+title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+---
+
+# Add employees to the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
+
+The available roles are:
+
+- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
+
+- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
+
+**To add an employee to the Enterprise Mode Site List Portal**
+1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
+
+ The **Employee management** page appears.
+
+2. Click **Add a new employee**.
+
+ The **Add a new employee** page appears.
+
+3. Fill out the fields for each employee, including:
+
+ - **Email.** Add the employee's email address.
+
+ - **Name.** This box autofills based on the email address.
+
+ - **Role.** Pick a single role for the employee, based on the list above.
+
+ - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
+
+ - **Comments.** Add optional comments about the employee.
+
+ - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
+
+4. Click **Save**.
+
+**To export all employees to an Excel spreadsheet**
+1. On the **Employee management** page, click **Export to Excel**.
+
+2. Save the EnterpriseModeUsersList.xlsx file.
+
+ The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index a399ecaa73..8ead60630e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -1,109 +1,112 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
-
-If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.
**Important** This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
-You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-Each XML file must include:
-
-- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important** After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
**Important** If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
-
-- **<docMode> tag.**This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-### Enterprise Mode v.1 XML schema example
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
-
-```
-
-
- www.cpandl.com
- www.woodgrovebank.com
- adatum.com
- contoso.com
- relecloud.com
- /about
-
- fabrikam.com
- /products
-
-
-
- contoso.com
- /travel
-
- fabrikam.com
- /products
-
-
-
-```
-
-To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY\CURRENT\USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.
**Important** If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
+
+**Applies to:**
+
+- Windows 8.1
+- Windows 7
+
+You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager. You can only add specific URLs, not Internet or Intranet Zones.
+
+If you want to add your websites one at a time, see Add sites to the [Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
+
+## Create an Enterprise Mode site list (TXT) file
+You can create and use a custom text file to add multiple sites to your Enterprise Mode site list at the same time.
**Important** This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
+
+You must separate each site using commas or carriage returns. For example:
+
+```
+microsoft.com, bing.com, bing.com/images
+```
+**-OR-**
+
+```
+microsoft.com
+bing.com
+bing.com/images
+```
+
+## Create an Enterprise Mode site list (XML) file using the v.1 version of the Enterprise Mode schema
+You can create and use a custom XML file with the Enterprise Mode Site List Manager to add multiple sites to your Enterprise Mode site list at the same time. For more info about the v.1 version of the Enterprise Mode schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+Each XML file must include:
+
+- **Version number.** This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important** After this check, IE11 won’t look for an updated list again until you restart the browser.
+
+- **<emie> tag.** This tag specifies the domains and domain paths that must be rendered using IE7 Enterprise Mode, IE8 Enterprise Mode, or the default IE11 browser environment.
**Important** If you decide a site requires IE7 Enterprise Mode, you must add `forceCompatView=”true”` to your XML file. That code tells Enterprise Mode to check for a `DOCTYPE` tag on the specified webpage. If there is, the site renders using Windows Internet Explorer 7. If there’s no tag, the site renders using Microsoft Internet Explorer 5.
+
+- <docMode> tag.This tag specifies the domains and domain paths that need either to appear using the specific doc mode you assigned to the site. Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+### Enterprise Mode v.1 XML schema example
+The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+```
+
+
+ www.cpandl.com
+ www.woodgrovebank.com
+ adatum.com
+ contoso.com
+ relecloud.com
+ /about
+
+ fabrikam.com
+ /products
+
+
+
+ contoso.com
+ /travel
+
+ fabrikam.com
+ /products
+
+
+
+```
+
+To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY\CURRENT\USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.
**Important** If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (.
+
+## Add multiple sites to the Enterprise Mode Site List Manager (schema v.1)
+After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.1).
+
+ **To add multiple sites**
+
+1. In the Enterprise Mode Site List Manager (schema v.1), click **Bulk add from file**.
+
+2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+3. Click **OK** to close the **Bulk add sites to the list** menu.
+
+4. On the **File** menu, click **Save to XML**, and save your file.
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 1f1d14991d..f351c57bb9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -1,119 +1,122 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-author: shortpatti
-ms.prod: ie11
-ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
-title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/24/2017
----
-
-
-# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
-
-To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
-## Create an Enterprise Mode site list (TXT) file
-
-You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
->**Important:** This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
-
-You must separate each site using commas or carriage returns. For example:
-
-```
-microsoft.com, bing.com, bing.com/images
-```
-**-OR-**
-
-```
-microsoft.com
-bing.com
-bing.com/images
-```
-
-## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
-
-You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
-
-Each XML file must include:
-
-- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important** After this check, IE11 won’t look for an updated list again until you restart the browser.
-
-- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains.
-
-- **<open-in> tag.** This tag specifies what browser opens for each sites or domain.
-
-### Enterprise Mode v.2 XML schema example
-
-The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
-
-```
-
-
-
- EnterpriseSitelistManager
- 10240
- 20150728.135021
-
-
-
- IE8Enterprise
- MSEdge
-
-
- IE7Enterprise
- IE11
-
-
- default
- IE11
-
-
-```
-In the above example, the following is true:
-
-- www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode.
-
-- contoso.com, and all of its domain paths, can use the default compatibility mode for the site.
-
-To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.
**Important** If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
-
-## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
-After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
-
- **To add multiple sites**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
-
-2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
-
-3. Click **OK** to close the **Bulk add sites to the list** menu.
-
-4. On the **File** menu, click **Save to XML**, and save your file.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
+author: dansimp
+ms.prod: ie11
+ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 10/24/2017
+---
+
+
+# Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+
+You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the **Bulk add from file** area of the Enterprise Mode Site List Manager (schema v.2). You can only add specific URLs, not Internet or Intranet Zones.
+
+To add your websites one at a time, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
+
+## Create an Enterprise Mode site list (TXT) file
+
+You can create and use a custom text file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
+
+>**Important:** This text file is only lets you add multiple sites at the same time. You can’t use this file to deploy Enterprise Mode into your company.
+
+You must separate each site using commas or carriage returns. For example:
+
+```
+microsoft.com, bing.com, bing.com/images
+```
+**-OR-**
+
+```
+microsoft.com
+bing.com
+bing.com/images
+```
+
+## Create an Enterprise Mode site list (XML) file using the v.2 version of the Enterprise Mode schema
+
+You can create and use a custom XML file with the Enterprise Mode Site List Manager (schema v.2) to add multiple sites to your Enterprise Mode site list at the same time.
+
+Each XML file must include:
+
+- **site-list version number**. This number must be incremented with each version of the Enterprise Mode site list, letting Internet Explorer know whether the list is new. Approximately 65 seconds after Internet Explorer 11 starts, it compares your site list version to the stored version number. If your file has a higher number, the newer version is loaded.
**Important** After this check, IE11 won’t look for an updated list again until you restart the browser.
+
+- **<compat-mode> tag.** This tag specifies what compatibility setting are used for specific sites or domains.
+
+- **<open-in> tag.** This tag specifies what browser opens for each sites or domain.
+
+### Enterprise Mode v.2 XML schema example
+
+The following is an example of what your XML file should look like when you’re done adding your sites. For more info about how to create your XML file, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
+
+```
+
+
+
+ EnterpriseSitelistManager
+ 10240
+ 20150728.135021
+
+
+
+ IE8Enterprise
+ MSEdge
+
+
+ IE7Enterprise
+ IE11
+
+
+ default
+ IE11
+
+
+```
+In the above example, the following is true:
+
+- www.cpandl.com, as the main domain, must use IE8 Enterprise Mode. However, www.cpandl.com/images must use IE7 Enterprise Mode.
+
+- contoso.com, and all of its domain paths, can use the default compatibility mode for the site.
+
+To make sure your site list is up-to-date; wait 65 seconds after opening IE and then check that the `CurrentVersion` value in the `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode\` registry key matches the version number in your file.
**Important** If `CurrentVersion` is not set or is wrong, it means that the XML parsing failed. This can mean that the XML file isn’t there, that there are access problems, or that the XML file format is wrong. Don’t manually change the `CurrentVersion` registry setting. You must make your changes to your site list and then update the list using the import function in the Enterprise Mode Site List Manager (schema v.2).
+
+## Add multiple sites to the Enterprise Mode Site List Manager (schema v.2)
+After you create your .xml or .txt file, you can bulk add the sites to the Enterprise Mode Site List Manager (schema v.2).
+
+ **To add multiple sites**
+
+1. In the Enterprise Mode Site List Manager (schema v.2), click **Bulk add from file**.
+
+2. Go to your site list (either .txt or .xml) to add the included sites to the tool, and then click **Open**.
+Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
+
+3. Click **OK** to close the **Bulk add sites to the list** menu.
+
+4. On the **File** menu, click **Save to XML**, and save your file.
+You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 2eab3c28fd..8b8435daff 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -1,63 +1,66 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
-
-**Applies to:**
-
-- Windows 8.1
-- Windows 7
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important** You can only add specific URLs, not Internet or Intranet Zones.
-
-
**Note** If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see [Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and 8.1 Enterprise Mode Site List Manager](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md).
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-
**Note** If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
-
-1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool.
-
-4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
-
-The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
-Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. Click **Save** to validate your website and to add it to the site list for your enterprise.
-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
+
+**Applies to:**
+
+- Windows 8.1
+- Windows 7
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important** You can only add specific URLs, not Internet or Intranet Zones.
+
+
Note If you're using the v.2 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2).
+
+ **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.1)**
+
+1. In the Enterprise Mode Site List Manager (schema v.1), click **Add**.
+
+2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
+Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
+
+3. Type any comments about the website into the **Notes about URL** box.
+Administrators can only see comments while they’re in this tool.
+
+4. Choose **IE7 Enterprise Mode**, **IE8 Enterprise Mode**, or the appropriate document mode for sites that must be rendered using the emulation of a previous version of IE, or pick **Default IE** if the site should use the latest version of IE.
+
+The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
+
+Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+5. Click **Save** to validate your website and to add it to the site list for your enterprise.
+ If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
+
+6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
+ You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index df209b5a60..46a8edef5e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -1,79 +1,82 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
-title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-
-Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important** You can only add specific URLs, not Internet or Intranet Zones.
-
-
**Note** If you need to include a lot of sites, instead of adding them one at a time, you can create a list of websites and add them all at the same time. For more information, see the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md) or the [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md) topic, based on your operating system.
-
-## Adding a site to your compatibility list
-You can add individual sites to your compatibility list by using the Enterprise Mode Site List Manager.
-**Note** If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
-
- **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
-
-1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
-
-2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
-Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
-
-3. Type any comments about the website into the **Notes about URL** box.
-Administrators can only see comments while they’re in this tool.
-
-4. In the **Compat Mode** box, choose one of the following:
-
- - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode.
-
- - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode.
-
- - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode.
-
- - **Default Mode**. Loads the site using the default compatibility mode for the page.
-
- The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
-
- Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
-
-5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
-
- - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee.
-
- - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
-
- - **None**. Opens in whatever browser the employee chooses.
-
-6. Click **Save** to validate your website and to add it to the site list for your enterprise.
-If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
-
-7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
-You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Next steps
-After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
-
-## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
**Important** You can only add specific URLs, not Internet or Intranet Zones.
+
+
+**Note** If you're using the v.1 version of the Enterprise Mode schema, you'll need to use the Enterprise Mode Site List Manager (schema v.1). For more info, see [Add sites to the Enterprise Mode site list using the WEnterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md).
+
+ **To add a site to your compatibility list using the Enterprise Mode Site List Manager (schema v.2)**
+
+1. In the Enterprise Mode Site List Manager (schema v.2), click **Add**.
+
+2. Type the URL for the website that’s experiencing compatibility problems, like *<domain>.com* or *<domain>.com*/*<path>* into the **URL** box.
+ Don't include the `https://` or `https://` designation. The tool automatically tries both versions during validation.
+
+3. Type any comments about the website into the **Notes about URL** box.
+ Administrators can only see comments while they’re in this tool.
+
+4. In the **Compat Mode** box, choose one of the following:
+
+ - **IE8Enterprise**. Loads the site in IE8 Enterprise Mode.
+
+ - **IE7Enterprise**. Loads the site in IE7 Enterprise Mode.
+
+ - **IE\[*x*\]**. Where \[x\] is the document mode number and the site loads in the specified document mode.
+
+ - **Default Mode**. Loads the site using the default compatibility mode for the page.
+
+ The path within a domain can require a different compatibility mode from the domain itself. For example, the domain might look fine in the default IE11 browser, but the path might have problems and require the use of Enterprise Mode. If you added the domain previously, your original compatibility choice is still selected. However, if the domain is new, **IE8 Enterprise Mode** is automatically selected.
+
+ Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual. For more specific info about using document modes, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
+
+5. In conjunction with the compatibility mode, you'll need to use the **Open in** box to pick which browser opens the site.
+
+ - **IE11**. Opens the site in IE11, regardless of which browser is opened by the employee.
+
+ - **MSEdge**. Opens the site in Microsoft Edge, regardless of which browser is opened by the employee.
+
+ - **None**. Opens in whatever browser the employee chooses.
+
+6. Click **Save** to validate your website and to add it to the site list for your enterprise.
+ If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
+
+7. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
+ You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Next steps
+After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
+
+## Related topics
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index 2fc51f57c7..f08c08fcdb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -1,79 +1,82 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Administrative templates and Internet Explorer 11
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
-title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Administrative templates and Internet Explorer 11
-
-Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
-
-- What registry locations correspond to each setting.
-
-- What value options or restrictions are associated with each setting.
-
-- The default value for many settings.
-
-- Text explanations about each setting and the supported version of Internet Explorer.
-
-For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
-
-## What are Administrative Templates?
-Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
-
-- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
-
-- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
-
-## How do I store Administrative Templates?
-As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
-
**Important** Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
-
-## Administrative Templates-related Group Policy settings
-When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
-
**Note** You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the **PolicyDefinitions** folder on this computer.
-
-IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
-
-- Computer Configuration\\Administrative Templates\\Windows Components\\
-
-- User Configuration\\Administrative Templates\\Windows Components\\
-
-
-|Catalog |Description |
-| ------------------------------------------------ | --------------------------------------------|
-|IE |Turns standard IE configuration on and off. |
-|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
-|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
-|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
-|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
-|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
-|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
-|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
-|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
-|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
-|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
-|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
-|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
-|RSS Feeds |Sets up and manages RSS feeds in the browser. |
-
-
-## Editing Group Policy settings
-Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
-
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
-
-## Related topics
-- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: Administrative templates and Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Administrative templates and Internet Explorer 11
+
+Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
+
+- What registry locations correspond to each setting.
+
+- What value options or restrictions are associated with each setting.
+
+- The default value for many settings.
+
+- Text explanations about each setting and the supported version of Internet Explorer.
+
+For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
+
+## What are Administrative Templates?
+Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
+
+- **ADMX.** A language-neutral setup file that states the number and type of policy setting, and the location by category, as it shows up in the Local Group Policy Editor.
+
+- **ADML.** A language-specific setup file that provides language-related information to the ADMX file. This file lets the policy setting show up in the right language in the Local Group Policy Editor. You can add new languages by adding new ADML files in the required language.
+
+## How do I store Administrative Templates?
+As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
+
Important Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see Scenario 1: Editing the Local GPO Using ADMX Files.
+
+## Administrative Templates-related Group Policy settings
+When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
+
Note You won't see the new policy settings if you try to view or edit your policy settings on a computer that isn't running IE11. To fix this, you can either install IE11, or you can copy the updated Inetres.admx and Inetres.adml files from another computer to the PolicyDefinitions folder on this computer.
+
+IE11 provides these new policy settings, which are editable in the Local Group Policy Editor, and appear in the following policy paths:
+
+- Computer Configuration\\Administrative Templates\\Windows Components\\
+
+- User Configuration\\Administrative Templates\\Windows Components\\
+
+
+|Catalog |Description |
+| ------------------------------------------------ | --------------------------------------------|
+|IE |Turns standard IE configuration on and off. |
+|Internet Explorer\Accelerators |Sets up and manages Accelerators. |
+|Internet Explorer\Administrator Approved Controls |Turns ActiveX controls on and off. |
+|Internet Explorer\Application Compatibility |Turns the **Cut**, **Copy**, or **Paste** operations on or off. This setting also requires that `URLACTION_SCRIPT_PASTE` is set to **Prompt**. |
+|Internet Explorer\Browser Menus |Shows or hides the IE menus and menu options.|
+|Internet Explorer\Corporate Settings |Turns off whether you specify the code download path for each computer. |
+|Internet Explorer\Delete Browsing History |Turns the **Delete Browsing History** settings on and off. |
+|Internet Explorer\Internet Control Panel |Turns pages on and off in the **Internet Options** dialog box. Also turns on and off the subcategories that manage settings on the **Content**, **General**, **Security** and **Advanced** pages. |
+|Internet Explorer\Internet Settings |Sets up and manages the **Advanced settings**, **AutoComplete**, **Display Settings**, and **URL Encoding** options. |
+|Internet Explorer\Persistence Behavior |Sets up and manages the file size limits for Internet security zones. |
+|Internet Explorer\Privacy |Turns various privacy-related features on and off. |
+|Internet Explorer\Security Features |Turns various security-related features on and off in the browser, Windows Explorer, and other applications. |
+|Internet Explorer\Toolbars |Turns on and off the ability for users to edit toolbars in the browser. You can also set the default toolbar buttons here. |
+|RSS Feeds |Sets up and manages RSS feeds in the browser. |
+
+
+## Editing Group Policy settings
+Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
+
+- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
+
+- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
+
+## Related topics
+- [Administrative templates (.admx) for Windows 10 April 2018 Update](https://www.microsoft.com/download/details.aspx?id=56880)
+- [Administrative templates (.admx) for Windows 10 October 2018 Update](https://www.microsoft.com/download/details.aspx?id=57576)
+- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
index 02bda50d22..977e17394e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
@@ -1,59 +1,62 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
-author: shortpatti
-ms.prod: ie11
-title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-# Approve a change request using the Enterprise Mode Site List Portal
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
-
-## Approve or reject a change request
-The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
-
-**To approve or reject a change request**
-1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
-
- The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
-
-2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
-
-3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
-
- An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
-
-
-## Send a reminder to the Approver(s) group
-If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
-
-- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
-
- An email is sent to the selected Approver(s).
-
-
-## View rejected change requests
-The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
-
-**To view the rejected change request**
-
-- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
-
- All rejected change requests appear, with role assignment determining which ones are visible.
-
-
-## Next steps
-After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
\ No newline at end of file
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
+author: dansimp
+ms.prod: ie11
+title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+---
+
+# Approve a change request using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
+
+## Approve or reject a change request
+The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
+
+**To approve or reject a change request**
+1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
+
+ The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
+
+2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
+
+3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
+
+ An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
+
+
+## Send a reminder to the Approver(s) group
+If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
+
+- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
+
+ An email is sent to the selected Approver(s).
+
+
+## View rejected change requests
+The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
+
+**To view the rejected change request**
+
+- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
+
+ All rejected change requests appear, with role assignment determining which ones are visible.
+
+
+## Next steps
+After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index d28ba9a2ab..d45374e404 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -1,59 +1,62 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration and auto proxy problems with Internet Explorer 11
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
-title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration and auto proxy problems with Internet Explorer 11
-You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
-
-## Branding changes aren't distributed using automatic configuration
-If you've turned on the **Disable external branding of Internet Explorer** Group Policy Object, you won't be able to use automatic configuration to distribute your branding changes to your users' computers. When this object is turned on, it prevents the branding of IE by a non-Microsoft company or entity, such as an Internet service provider or Internet content provider. For more information about automatic configuration, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) and [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). For more information about Group Policy settings, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
-
-## Proxy server setup issues
-If you experience issues while setting up your proxy server, you can try these troubleshooting steps:
-
-- Check to make sure the proxy server address is right.
-
-- Check that both **Automatically detect settings** and **Automatic configuration** are turned on in the browser.
-
-- Check that the browser is pointing to the right automatic configuration script location.
-
- **To check your proxy server address**
-
-1. On the **Tools** menu, click **Internet Options**, and then **Connections**.
-
-2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
-
-3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
**Note** If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
-
- **To check that you've turned on the correct settings**
-
-1. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-2. Click **Settings** or **LAN Settings**.
-
-3. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.
**Note** If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again.
-
- **To check that you're pointing to the correct automatic configuration script location**
-
-1. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
-
-2. Click **Settings** or **LAN Settings**.
-
-3. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL.
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto configuration and auto proxy problems with Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto configuration and auto proxy problems with Internet Explorer 11
+You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
+
+## Branding changes aren't distributed using automatic configuration
+If you've turned on the **Disable external branding of Internet Explorer** Group Policy Object, you won't be able to use automatic configuration to distribute your branding changes to your users' computers. When this object is turned on, it prevents the branding of IE by a non-Microsoft company or entity, such as an Internet service provider or Internet content provider. For more information about automatic configuration, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) and [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). For more information about Group Policy settings, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
+
+## Proxy server setup issues
+If you experience issues while setting up your proxy server, you can try these troubleshooting steps:
+
+- Check to make sure the proxy server address is right.
+
+- Check that both **Automatically detect settings** and **Automatic configuration** are turned on in the browser.
+
+- Check that the browser is pointing to the right automatic configuration script location.
+
+ **To check your proxy server address**
+
+1. On the **Tools** menu, click **Internet Options**, and then **Connections**.
+
+2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
+
+3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
**Note** If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
+
+ **To check that you've turned on the correct settings**
+
+4. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
+
+5. Click **Settings** or **LAN Settings**.
+
+6. In the **Automatic configuration** area, check that you've clicked the **Automatically detect settings** box. If you've turned on automatic configuration, check to make sure that you've also clicked the **Use automatic configuration script** box.
**Note** If at this point everything is set up correctly, but the proxy server still isn't behaving properly, click the **Detect my network settings** box in the **Error** dialog box to try to detect the proxy server, again.
+
+ **To check that you're pointing to the correct automatic configuration script location**
+
+7. On the **Tools** menu, click **Internet Options**, and then click **Connections**.
+
+8. Click **Settings** or **LAN Settings**.
+
+9. In the **Automatic configuration** area, check that you've chosen the **Use automatic configuration script** box, and that it has the correct location to your automatic configuration script or for your automatic proxy URL.
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 9e485e54d8..1b9a0ba9c8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -1,71 +1,74 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto configuration settings for Internet Explorer 11
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
-title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto configuration settings for Internet Explorer 11
-Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).
**Important** You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-## Adding the automatic configuration registry key
-For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry key to your IE installation package.
**Important** Follow these directions carefully because serious problems can occur if you update your registry incorrectly. For added protection, back up your registry so you can restore it if a problem occurs.
-
- **To add the registry key**
-
-1. On the **Start** screen, type **regedit**, and then click **Regedit.exe**.
-
-2. Right-click the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl` subkey, point to **New**, and then click **Key**.
-
-3. Enter the new key name, `FEATURE\AUTOCONFIG\BRANDING`, and then press Enter.
-
-4. Right-click `FEATURE\AUTOCONFIG\BRANDING`, point to **New**, and then click **DWORD (32-bit) Value**.
-
-5. Enter the new DWORD value name, **iexplore.exe**, and then press Enter.
-
-6. Right-click **iexplore.exe**, and then click **Modify**.
-
-7. In the **Value data** box, enter **1**, and then click **OK**.
-
-8. Exit the registry editor.
-
-## Updating your automatic configuration settings
-After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-
**Important** Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
-
- **To update your settings**
-
-1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** check box to allow automatic detection of browser settings.
-
-3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
-
- - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that automatic configuration only happens when the computer restarts.
-
- - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
-
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
**Important** Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
-
-## Locking your automatic configuration settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing Automatic Configuration settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object.
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto configuration settings for Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto configuration settings for Internet Explorer 11
+Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).
**Important** You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
+
+## Adding the automatic configuration registry key
+For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry key to your IE installation package.
**Important** Follow these directions carefully because serious problems can occur if you update your registry incorrectly. For added protection, back up your registry so you can restore it if a problem occurs.
+
+ **To add the registry key**
+
+1. On the **Start** screen, type **regedit**, and then click **Regedit.exe**.
+
+2. Right-click the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl` subkey, point to **New**, and then click **Key**.
+
+3. Enter the new key name, `FEATURE\AUTOCONFIG\BRANDING`, and then press Enter.
+
+4. Right-click `FEATURE\AUTOCONFIG\BRANDING`, point to **New**, and then click **DWORD (32-bit) Value**.
+
+5. Enter the new DWORD value name, **iexplore.exe**, and then press Enter.
+
+6. Right-click **iexplore.exe**, and then click **Modify**.
+
+7. In the **Value data** box, enter **1**, and then click **OK**.
+
+8. Exit the registry editor.
+
+## Updating your automatic configuration settings
+After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
+
Important Your branding changes won't be added or updated if you've previously chosen the Disable external branding of IE setting in the User Configuration\Administrative Templates\Windows Components\Internet Explorer Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the Group Policy TechCenter.
+
+ **To update your settings**
+
+1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+2. Choose the **Automatically detect configuration settings** check box to allow automatic detection of browser settings.
+
+3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
+
+ - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that automatic configuration only happens when the computer restarts.
+
+ - **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
+
+ - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.
**Important** Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
+
+If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
+
+## Locking your automatic configuration settings
+You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
+
+- **Using Microsoft Active Directory.** Choose **Disable changing Automatic Configuration settings** from the Administrative Templates setting.
+
+- **Not Using Active Directory.** Choose the **Disable changing Automatic Configuration settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object.
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index 8d6510713e..6d58aac85b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -1,52 +1,55 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto detect settings Internet Explorer 11
-author: shortpatti
-ms.prod: ie11
-ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
-title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto detect settings Internet Explorer 11
-After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
-
-Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
**Note** DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
-
-## Updating your automatic detection settings
-To use automatic detection, you have to set up your DHCP and DNS servers.
**Note** Your DHCP servers must support the `DHCPINFORM` message, to obtain the DHCP options.
-
- **To turn on automatic detection for DHCP servers**
-
-1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
-
-3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
-
- **To turn on automatic detection for DNS servers**
-
-1. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
-
-3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note** For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
-
-4. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
**Note** Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
-
-
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto detect settings Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto detect settings Internet Explorer 11
+After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
+
+Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
+
+- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
+
+- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses.
**Note** DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
+
+## Updating your automatic detection settings
+To use automatic detection, you have to set up your DHCP and DNS servers.
**Note** Your DHCP servers must support the `DHCPINFORM` message, to obtain the DHCP options.
+
+ **To turn on automatic detection for DHCP servers**
+
+1. Open the Internet Explorer Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
+
+3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
+
+ **To turn on automatic detection for DNS servers**
+
+4. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+5. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
+
+6. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note** For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
+
+7. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
**Note** Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index a0e95c8fac..bd7bd5c030 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -1,47 +1,50 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: networking
-description: Auto proxy configuration settings for Internet Explorer 11
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
-title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Auto proxy configuration settings for Internet Explorer 11
-Configure and maintain your proxy settings, like pointing your users' browsers to your automatic proxy script, through the Internet Explorer Customization Wizard 11 running on either Windows 8.1 or Windows Server 2012 R2.
-
-## Updating your auto-proxy settings
-You can use your Internet settings (.ins) files to set up your standard proxy settings. You can also specify script files (.js, .jvs, or .pac) to configure and maintain your advanced proxy settings. IE uses your auto-proxy script files to dynamically determine whether to connect to a host or use a proxy server. If a proxy server connection fails, Internet Explorer 11 automatically attempts to connect to another proxy server that you have specified.
-
- **To update your settings**
-
-1. Create a script file with your proxy information, copying it to a server location.
-
-2. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
-
-3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
-
- - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that updates only happen when the computer restarts.
-
- - **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md).
-
- - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.
**Important** IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
-
-## Locking your auto-proxy settings
-You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
-
-- **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
-
-- **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: networking
+description: Auto proxy configuration settings for Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Auto proxy configuration settings for Internet Explorer 11
+Configure and maintain your proxy settings, like pointing your users' browsers to your automatic proxy script, through the Internet Explorer Customization Wizard 11 running on either Windows 8.1 or Windows Server 2012 R2.
+
+## Updating your auto-proxy settings
+You can use your Internet settings (.ins) files to set up your standard proxy settings. You can also specify script files (.js, .jvs, or .pac) to configure and maintain your advanced proxy settings. IE uses your auto-proxy script files to dynamically determine whether to connect to a host or use a proxy server. If a proxy server connection fails, Internet Explorer 11 automatically attempts to connect to another proxy server that you have specified.
+
+ **To update your settings**
+
+1. Create a script file with your proxy information, copying it to a server location.
+
+2. Open the IE Customization Wizard 11, and go to the **Automatic Configuration** page.
+
+3. Choose the **Enable Automatic Configuration** box to let you change the rest of the configuration options, including:
+
+ - **Automatically configure every box:** Type how often IE should check for configuration updates. Typing **0** (zero), or not putting in any number, means that updates only happen when the computer restarts.
+
+ - **Automatic Configuration URL (.INS file) box:** Type the location of the .ins file you want to use for automatic configuration. For more information about setting up **Automatic Configuration**, see [Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md).
+
+ - **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script. This script runs whenever IE11 makes a network request and can include multiple proxy servers for each protocol type.
**Important** IE11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `https://share/test.ins`.
+
+## Locking your auto-proxy settings
+You have two options to restrict your users' ability to override the automatic configuration settings, based on your environment.
+
+- **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
+
+- **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
index ac73cc7854..12bd5502e3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
@@ -1,40 +1,43 @@
----
-title: Blocked out-of-date ActiveX controls
-description: This page is periodically updated with new ActiveX controls blocked by this feature.
-author: shortpatti
-ms.author: pashort
-manager: elizapo
-ms.date: 05/10/2018
-ms.topic: article
-ms.prod: ie11
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-ms.assetid: ''
-ms.sitesec: library
----
-
-# Blocked out-of-date ActiveX controls
-
-ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_.
-
-We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list.
-
-You will receive a notification if a webpage tries to load one of the following of ActiveX control versions:
-
-**Java**
-
-| Java 2 Platform, Standard Edition (J2SE) 1.4, everything below (but not including) update 43 |
-|----------------------------------------------------------------------------------------------|
-| J2SE 5.0, everything below (but not including) update 99 |
-| Java SE 6, everything below (but not including) update 181 |
-| Java SE 7, everything below (but not including) update 171 |
-| Java SE 8, everything below (but not including) update 161 |
-| Java SE 9, everything below (but not including) update 4 |
-
-**Silverlight**
-
-| Everything below (but not including) Silverlight 5.1.50907.0 |
-|--------------------------------------------------------------|
-
-For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864).
\ No newline at end of file
+---
+title: Blocked out-of-date ActiveX controls
+description: This page is periodically updated with new ActiveX controls blocked by this feature.
+author: dansimp
+ms.author: dansimp
+audience: itpro
manager: dansimp
+ms.date: 05/10/2018
+ms.topic: article
+ms.prod: ie11
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+ms.assetid: ''
+ms.reviewer:
+ms.sitesec: library
+---
+
+# Blocked out-of-date ActiveX controls
+
+ActiveX controls are small apps that let websites provide content, like videos and games, and let you interact with content, like toolbars. Unfortunately, because many ActiveX controls aren't automatically updated, they can become outdated as new versions are released. It's very important that you keep your ActiveX controls up to date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, Internet Explorer includes a security feature called _out-of-date ActiveX control blocking_.
+
+We'll periodically update this page with new ActiveX controls blocked by this feature. We'll typically provide one month's advance notice before adding new controls to the list.
+
+You will receive a notification if a webpage tries to load one of the following of ActiveX control versions:
+
+**Java**
+
+| Java 2 Platform, Standard Edition (J2SE) 1.4, everything below (but not including) update 43 |
+|----------------------------------------------------------------------------------------------|
+| J2SE 5.0, everything below (but not including) update 99 |
+| Java SE 6, everything below (but not including) update 181 |
+| Java SE 7, everything below (but not including) update 171 |
+| Java SE 8, everything below (but not including) update 161 |
+| Java SE 9, everything below (but not including) update 4 |
+
+**Silverlight**
+
+
+| Everything below (but not including) Silverlight 5.1.50907.0 |
+|--------------------------------------------------------------|
+| |
+
+For more information, see [Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) and [Internet Explorer begins blocking out-of-date ActiveX controls](https://blogs.msdn.com/b/ie/archive/2014/08/06/internet-explorer-begins-blocking-out-of-date-activex-controls.aspx). You can also view Microsoft's complete list of out-of-date ActiveX controls in the XML-based [version list](https://go.microsoft.com/fwlink/?LinkId=403864).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index dc4bf14619..fe61c67cf5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -1,35 +1,38 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: performance
-description: Browser cache changes and roaming profiles
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
-title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 10/16/2017
----
-
-
-# Browser cache changes and roaming profiles
-We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
-
-You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
**Note** Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Microsoft Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
-
-To get the best results while using roaming profiles, we strongly recommend the following:
-
-- Create a separate roaming repository for each domain account that uses roaming.
-
-- Restrict roaming user profiles so they work on only one computer at a time. Using a single roaming profile on multiple computers isn’t supported (via console or Remote Desktop) and can cause unpredictable results, including cookie loss.
-
-- Allow all computers that let users sign-on with a roaming profile have identical IE cookie policies and settings.
-
-- Make sure to delete the user’s local roaming profile at sign off for any computer using user profile roaming. You can do this by turning on the **Delete cached copies of roaming profiles** Group Policy Object.
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: performance
+description: Browser cache changes and roaming profiles
+author: dansimp
+ms.prod: ie11
+ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 10/16/2017
+---
+
+
+# Browser cache changes and roaming profiles
+We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
+
+You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
**Note** Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Microsoft Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
+
+To get the best results while using roaming profiles, we strongly recommend the following:
+
+- Create a separate roaming repository for each domain account that uses roaming.
+
+- Restrict roaming user profiles so they work on only one computer at a time. Using a single roaming profile on multiple computers isn’t supported (via console or Remote Desktop) and can cause unpredictable results, including cookie loss.
+
+- Allow all computers that let users sign-on with a roaming profile have identical IE cookie policies and settings.
+
+- Make sure to delete the user’s local roaming profile at sign off for any computer using user profile roaming. You can do this by turning on the **Delete cached copies of roaming profiles** Group Policy Object.
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index d53090e7ee..d3cae2a67a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -1,53 +1,56 @@
----
-ms.localizationpriority: medium
-title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
-description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile.
-ms.mktglfcycl: deploy
-ms.prod: ie11
-ms.sitesec: library
-author: shortpatti
-ms.date: 07/27/2017
----
-
-
-# Change history for Internet Explorer 11
-This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
-
-## April 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
-
-## March 2017
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to add the Allow VBScript to run in Internet Explorer and the Hide the button (next to the New Tab button) that opens Microsoft Edge settings. |
-
-## November 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Updated the DocMode reason section to correct Code 8 and to add Code 9.|
-
-## August 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
-|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
-
-## July 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
-
-## June 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
-
-
-## May 2016
-|New or changed topic | Description |
-|----------------------|-------------|
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using <emie> and <docMode> together. |
-
+---
+ms.localizationpriority: medium
+title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
+description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile.
+ms.mktglfcycl: deploy
+ms.prod: ie11
+ms.sitesec: library
+author: dansimp
+ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+---
+
+
+# Change history for Internet Explorer 11
+This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
+
+## April 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
+
+## March 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to add the Allow VBScript to run in Internet Explorer and the Hide the button (next to the New Tab button) that opens Microsoft Edge settings. |
+
+## November 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Updated the DocMode reason section to correct Code 8 and to add Code 9.|
+
+## August 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
+
+## July 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
+
+## June 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
+
+
+## May 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using <emie> and <docMode> together. |
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
index 9b2c6b0e6d..0b2d9ff141 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -1,49 +1,51 @@
----
-title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
-description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
-ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.pagetype: appcompat
-ms.sitesec: library
-author: shortpatti
-ms.author: pashort
-ms.date: 08/14/2017
-ms.localizationpriority: medium
----
-
-
-# Check for a new Enterprise Mode site list xml file
-
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
-
-You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
-
-The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
-
-**How Internet Explorer 11 looks for an updated site list**
-
-1. Internet Explorer starts up and looks for an updated site list in the following places:
-
- 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
-
- 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
-
- 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
-
-2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
**Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
-
-
-
-
-
-
-
-
-
+---
+title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
+description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
+ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.prod: ie11
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.date: 08/14/2017
+ms.localizationpriority: medium
+---
+
+
+# Check for a new Enterprise Mode site list xml file
+
+**Applies to:**
+
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode. You can add and remove sites from your XML list as frequently as you want, changing which sites should render in Enterprise Mode for your employees. For information about turning on Enterprise Mode and using site lists, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
+
+The information in this topic only covers HTTPS protocol. We strongly recommend that you use HTTPS protocol instead of file protocol due to increased performance.
+
+**How Internet Explorer 11 looks for an updated site list**
+
+1. Internet Explorer starts up and looks for an updated site list in the following places:
+
+ 1. **In the cache container.** IE first checks the cache container to see if it finds your XML site list.
+
+ 2. **In the local cache.** If there’s nothing in the cache container, IE checks your local cache for the site list.
+
+ 3. **On the server.** Based on standard IE caching rules, IE might look for a copy of your site list in the location you put specified in the **SiteList** value of the registry.
+
+2. If there’s an .xml file in the cache container, IE waits 65 seconds and then checks the local cache for a newer version of the file from the server, based on standard caching rules. If the server file has a different version number than the version in the cache container, the server file is used and stored in the cache container.
**Note** If you’re already using a site list, enterprise mode continues to work during the 65 second wait; it just uses your existing site list instead of your new one.
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
index c92cdac5b8..c35d115df7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
@@ -1,27 +1,31 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to deploy Internet Explorer 11 (IE11)
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
-title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to deploy Internet Explorer 11 (IE11)
-In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
-
-## In this section
-| Topic | Description |
-|------------------------------------------------------------- | ------------------------------------------------------ |
-|[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). |
-|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). |
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Choose how to deploy Internet Explorer 11 (IE11)
+author: dansimp
+ms.prod: ie11
+ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Choose how to deploy Internet Explorer 11 (IE11)
+In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
+
+## In this section
+
+| Topic | Description |
+|------------------------------------------------------------- | ------------------------------------------------------ |
+|[Deploy IE11 using Automatic Version Synchronization (AVS)](deploy-ie11-using-automatic-version-synchronization-avs.md) |Guidance about how to deploy your custom browser packages using Automatic Version Synchronization (AVS). |
+|[Deploy IE11 using software distribution tools](deploy-ie11-using-software-distribution-tools.md) |Guidance about how to deploy your custom browser packages using System Center 2012 R2, Windows Server Update Services (WSUS), Group Policy software installation, or Microsoft Deployment toolkit (MDT). |
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index 0ed79bd249..563f38160c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -1,34 +1,37 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Choose how to install Internet Explorer 11 (IE11)
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
-title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Choose how to install Internet Explorer 11 (IE11)
-Before you install Internet Explorer 11, you should:
-
-- **Migrate Group Policy Objects.** Decide if your Group Policy Objects should migrate to the new version.
-
-- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
-
-- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
-
-- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
-
- - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune).
-
- - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Choose how to install Internet Explorer 11 (IE11)
+author: dansimp
+ms.prod: ie11
+ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Choose how to install Internet Explorer 11 (IE11)
+Before you install Internet Explorer 11, you should:
+
+- **Migrate Group Policy Objects.** Decide if your Group Policy Objects should migrate to the new version.
+
+- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
+
+- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
+
+- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
+
+ - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://www.microsoft.com/cloud-platform/microsoft-intune).
+
+ - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index 424b01e58e..12049fdcb9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Collect data using Enterprise Site Discovery
ms.sitesec: library
ms.date: 07/27/2017
@@ -21,7 +25,7 @@ ms.date: 07/27/2017
Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
>**Upgrade Readiness and Windows upgrades**
->You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/en-us/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
+>You can use Upgrade Readiness to help manage your Windows 10 upgrades on devices running Windows 8.1 and Windows 7 (SP1). You can also use Upgrade Readiness to review several site discovery reports. For more information, see [Manage Windows upgrades with Upgrade Readiness](https://docs.microsoft.com/windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness).
## Before you begin
@@ -144,18 +148,18 @@ You need to set up your computers for data collection by running the provided Po
**To set up Enterprise Site Discovery**
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
**To set up your firewall**
-1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
+1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
-2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
+2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
-3. Restart your computer to start collecting your WMI data.
+3. Restart your computer to start collecting your WMI data.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
@@ -168,13 +172,13 @@ You can determine which zones or domains are used for data collection, using Pow
**To set up data collection using a domain allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
>**Important** Wildcards, like \*.microsoft.com, aren’t supported.
**To set up data collection using a zone allow list**
- - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
+- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
>**Important** Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
@@ -245,7 +249,7 @@ You can use both the WMI and XML settings individually or together:
-**To turn on both WMI and XML recording**
+To turn on both WMI and XML recording
Setting name
@@ -444,7 +448,7 @@ After you’ve collected your data, you’ll need to turn Enterprise Site Discov
**To stop collecting data, using PowerShell**
-- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
+- On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETelemetrySetUp.ps1 –IEFeatureOff`.
>**Note** Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
@@ -473,7 +477,7 @@ You can completely remove the data stored on your employee’s computers.
## Related topics
* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
index 52e126df5a..d01fccf729 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
@@ -91,4 +95,4 @@ This optional area lets you specify a period when your employees must stop addin
- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
\ No newline at end of file
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
index 145c439f02..d15192b9d3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to create a change request within the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# Create a change request using the Enterprise Mode Site List Portal
@@ -67,4 +71,4 @@ Employees assigned to the Requester role can create a change request. A change r
- **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
## Next steps
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
\ No newline at end of file
+After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
index a644d1d832..6c260e93aa 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Create packages for multiple operating systems or languages
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Create packages for multiple operating systems or languages (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -14,13 +18,13 @@ ms.date: 07/27/2017
# Create packages for multiple operating systems or languages
You'll create multiple versions of your custom browser package if:
-- You support more than 1 version of Windows®.
+- You support more than 1 version of Windows®.
-- You support more than 1 language.
+- You support more than 1 language.
-- You have custom installation packages with only minor differences. Like, having a different phone number.
+- You have custom installation packages with only minor differences. Like, having a different phone number.
- **To create a new package**
+ **To create a new package**
1. Create an installation package using the Internet Explorer Customization Wizard 11, as described in the [Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](../ie11-ieak/ieak11-wizard-custom-options.md) topic.
@@ -30,11 +34,11 @@ You'll create multiple versions of your custom browser package if:
**Important**
Except for the **Title bar** text, **Favorites**, **Links bar**, **Home page**, and **Search bar**, keep all of your wizard settings the same for all of your build computers.
-
+
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index 0bf4925ab6..fc43585ae7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Customize Internet Explorer 11 installation packages
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Customize Internet Explorer 11 installation packages (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 4549be210a..b2c4c0f80a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
description: Delete a single site from your global Enterprise Mode site list.
ms.pagetype: appcompat
ms.mktglfcycl: deploy
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
index 59bb64352d..b9089ee16a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -19,14 +23,14 @@ Automatic Version Synchronization (AVS) lets you use the Internet Explorer Admin
You must synchronize the setup files at least once on the local computer, for each language and operating system combination, before proceeding through the rest of the wizard. If your packages have more than one version of IE, you need to keep the versions in separate component download folders, which can be pointed to from the **File Locations** page of the IEAK 11. For more information about using the AVS feature, see [Use the Automatic Version Synchronization page in the IEAK 11 Wizard](../ie11-ieak/auto-version-sync-ieak11-wizard.md)
.
-##Related topics
+## Related topics
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
- [Customize Internet Explorer 11 installation packages](customize-ie11-install-packages.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 1441f5564f..dc31c3230e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Deploy Internet Explorer 11 using software distribution tools
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Deploy Internet Explorer 11 using software distribution tools (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index ef14f9f67f..567b8fbeb8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 57bc32ac4a..f0f44c2897 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Deprecated document modes and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 504bd09a21..8ad5f3e6ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index 0d7ebd65fa..2ab127eec5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -3,10 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Enable and disable add-ons using administrative templates and group policy
-ms.author: pashort
-author: shortpatti
+ms.author: dansimp
+author: dansimp
ms.prod: ie11
ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 4/12/2018
@@ -105,4 +108,4 @@ Open the Local Group Policy Editor and go to: User Configuration\Administrative
7. Click **OK** twice to close the Group Policy editor.
-
\ No newline at end of file
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index 5c5693833e..d0998607dc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Enhanced Protected Mode problems with Internet Explorer
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Enhanced Protected Mode problems with Internet Explorer (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
index 6a0402921f..71104a8786 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -16,15 +20,16 @@ ms.date: 07/27/2017
**Applies to:**
-- Windows 10
-- Windows 8.1
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows 10
+- Windows 8.1
+- Windows 7
+- Windows Server 2012 R2
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
## In this section
+
|Topic |Description |
|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
|[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode. |
@@ -41,11 +46,11 @@ Use the topics in this section to learn how to set up and use Enterprise Mode an
|[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. |
|[Remove sites from a local compatibility view list](remove-sites-from-a-local-compatibililty-view-list.md) |Guidance about how to remove websites from a device's local compatibility view list. |
|[Turn off Enterprise Mode](turn-off-enterprise-mode.md) |Guidance about how to stop using your site list and how to turn off local control, using Group Policy or the registry. |
-
-
-
-
-
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 307614576b..81e964a54b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -27,10 +31,10 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
## Enterprise Mode schema v.1 example
The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
-**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both https://contoso.com and https://contoso.com.
+> [!IMPORTANT]
+> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `contoso.com` automatically applies to both http://contoso.com and https://contoso.com.
-``` xml
+```xml
www.cpandl.com
@@ -72,7 +76,7 @@ This table includes the elements used by the Enterprise Mode schema.
Root node for the schema.
Example
-<rules version="205">
+<rules version="205">
<emie>
<domain>contoso.com</domain>
</emie>
@@ -84,19 +88,19 @@ This table includes the elements used by the Enterprise Mode schema.
The parent node for the Enterprise Mode section of the schema. All <domain> entries will have either IE8 Enterprise Mode or IE7 Enterprise Mode applied.
<rules version="205">
<emie>
<domain>10.122.34.99:8080</domain>
</emie>
@@ -105,12 +109,12 @@ This table includes the elements used by the Enterprise Mode schema.
<docMode>
-
The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.
+
The parent node for the document mode section of the section. All <domain> entries will get IE5 - IE11 document modes applied. If there's a <domain> element in the <docMode> section that uses the same value as a <domain> element in the <emie> section, the <emie> element is applied.
-Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
+Where https://fabrikam.com doesn't use IE8 Enterprise Mode, but https://fabrikam.com/products does.
Internet Explorer 11 and Microsoft Edge
@@ -153,31 +157,31 @@ This table includes the attributes used by the Enterprise Mode schema.
-
<version>
+
version
Specifies the version of the Enterprise Mode Site List. This attribute is supported for the <rules> element.
Internet Explorer 11 and Microsoft Edge
-
<exclude>
-
Specifies the domain or path excluded from applying the behavior and is supported on the <domain> and <path> elements.
+
exclude
+
Specifies the domain or path is excluded from applying Enterprise Mode. This attribute is only supported on the <domain> and <path> elements in the <emie> section.
@@ -203,7 +207,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-- Don’t use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing.
+- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Don’t use wildcards.
- Don’t use query strings, ampersands break parsing.
@@ -214,7 +218,7 @@ You can use trailing slashes at the path-level, but not at the domain-level:
**Example**
-``` xml
+```xml
contoso.com
/about/
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index d9689c000a..a321e5a744 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 12/04/2017
@@ -22,8 +26,8 @@ ms.date: 12/04/2017
Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
-**Important**
-If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+> [!IMPORTANT]
+> If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
## Enterprise Mode schema v.2 updates
Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
@@ -37,24 +41,24 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
### Enterprise Mode v.2 schema example
The following is an example of the v.2 version of the Enterprise Mode schema.
-**Important**
-Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both https://contoso.com and https://contoso.com.
-
-``` xml
+> [!IMPORTANT]
+> Make sure that you don't specify a protocol when adding your URLs. Using a URL like ``, automatically applies to both http://contoso.com and https://contoso.com.
+
+```xml
-
+
EnterpriseSitelistManager1024020150728.135021
-
+
IE8EnterpriseMSEdge
- default
+ DefaultIE11
@@ -62,14 +66,15 @@ Make sure that you don't specify a protocol when adding your URLs. Using a URL l
IE11
- default
+ DefaultIE11
- default
- none
+ Default
+ NoneIE8Enterprise"
+ NoneIE7
@@ -103,8 +108,8 @@ This table includes the elements used by the v.2 version of the Enterprise Mode
A new root node with this text is using the updated v.2 version of the schema. It replaces <rules>.
Example
-<site-list version="205">
- <site url="contoso.com">
+<site-list version="205">
+ <site url="contoso.com">
<compat-mode>IE8Enterprise</compat-mode>
<open-in>IE11</open-in>
</site>
@@ -116,19 +121,19 @@ This table includes the elements used by the v.2 version of the Enterprise Mode
A unique entry added for each site you want to put on the Enterprise Mode site list. The first <site> element will overrule any additional <site> elements that use the same value for the <url> element.
-You can also use the self-closing version, <url="contoso.com" />, which also sets:
+You can also use the self-closing version, <url="contoso.com" />, which also sets:
<compat-mode>default</compat-mode>
<open-in>none</open-in>
@@ -140,21 +145,21 @@ You can also use the self-closing version, <url="contoso.com" />, which al
A child element that controls what compatibility setting is used for specific sites or domains. This element is only supported in IE11.
IE8Enterprise. Loads the site in IE8 Enterprise Mode. This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE8 Enterprise Mode.
-
IE7Enterprise. Loads the site in IE7 Enterprise Mode. This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
Important This tag replaces the combination of the `"forceCompatView"="true"` attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
+
IE7Enterprise. Loads the site in IE7 Enterprise Mode. This element is required for sites included in the EmIE section of the v.1 schema and is needed to load in IE7 Enterprise Mode.
Important This tag replaces the combination of the "forceCompatView"="true" attribute and the list of sites specified in the EmIE section of the v.1 version of the schema.
IE[x]. Where [x] is the document mode number into which the site loads.
Default or not specified. Loads the site using the default compatibility mode for the page. In this situation, X-UA-compatible meta tags or HTTP headers are honored.
@@ -165,7 +170,7 @@ Where:
A child element that controls what browser is used for sites. This element supports the Open in IE11 or Open in Microsoft Edge experiences, for devices running Windows 10.
Where:
@@ -192,13 +197,13 @@ The <url> attribute, as part of the <site> element in the v.2 versio
allow-redirect
-
A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
+
A boolean attribute of the <open-in> element that controls the behavior for redirected sites. Setting this attribute to "true" indicates that the site will open in IE11 or Microsoft Edge even if the site is navigated to as part of a HTTP or meta refresh redirection chain. Omitting the attribute is equivalent to "false" (sites in redirect chain will not open in another browser).
-In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
+In this example, if https://contoso.com/travel is encountered in a redirect chain in Microsoft Edge, it will be opened in Internet Explorer.
Internet Explorer 11 and Microsoft Edge
@@ -210,14 +215,14 @@ In this example, if https://contoso.com/travel is encountered in a redirect chai
url
Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
Note
-Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both https://contoso.com and https://contoso.com.
+Make sure that you don't specify a protocol. Using <site url="contoso.com"> applies to both http://contoso.com and https://contoso.com.
While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We don’t recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
-**Important**
-Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
+> [!IMPORTANT]
+> Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
-- Don’t use protocols. For example, https://, https://, or custom protocols. They break parsing.
+- Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Don’t use wildcards.
- Don’t use query strings, ampersands break parsing.
## Related topics
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 88fe3e4d99..cf235b25aa 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 99b28d4482..f1d72eb1a1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Fix web compatibility issues using document modes and the Enterprise Mode site list (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index d3209fc547..c3c7ead8ff 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Fix validation problems using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index 213c9481d9..d2fadc609c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -30,7 +34,7 @@ From AGPM you can:
- **Manage your GPO lifecycle with change control features.** You can use the available version-control, history, and auditing features to help you manage your GPOs while moving through your archive, to your editing process, and finally to your GPO deployment.
**Note**
-For more information about AGPM, and to get the license, see [Advanced Group Policy Management 4.0 Documents](https://www.microsoft.com/en-us/download/details.aspx?id=13975).
+For more information about AGPM, and to get the license, see [Advanced Group Policy Management 4.0 Documents](https://www.microsoft.com/download/details.aspx?id=13975).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index 35697cb576..df5754f0b6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index df2143a7a8..d80c5af350 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy and Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -31,15 +35,15 @@ Use the topics in this section to learn about Group Policy and how to use it to
|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Info about many of the new group policy settings added for Internet Explorer 11. |
|[Group Policy management tools](group-policy-objects-and-ie11.md) |Guidance about how to use Microsoft Active Directory Domain Services (AD DS) to manage your Group Policy settings. |
|[ActiveX installation using group policy](activex-installation-using-group-policy.md) |Info about using the ActiveX Installer Service (AXIS) and Group Policy to manage your ActiveX control deployment. |
-|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatability-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. |
+|[Group Policy and compatibility with Internet Explorer 11](group-policy-compatibility-with-ie11.md) |Our Group Policy recommendations for security, performance, and compatibility with previous versions of IE, regardless of which Zone the website is in. |
|[Group policy preferences and Internet Explorer 11](group-policy-preferences-and-ie11.md) |Info about Group Policy preferences, as compared to Group Policy settings. |
|[Administrative templates and Internet Explorer 11](administrative-templates-and-ie11.md) |Info about Administrative Templates, including where to store them and the related Group Policy settings. |
|[Enable and disable add\-ons using administrative templates and group policy](enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md) |Guidance about how to use your local Group Policy editor or the CLSID and Administrative Templates to manage your Group Policy objects.
-
+
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index b615824d04..4ca3868ed5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
deleted file mode 100644
index e8069dbf48..0000000000
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-ms.pagetype: security
-description: Group Policy suggestions for compatibility with Internet Explorer 11
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
-title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Group Policy and compatibility with Internet Explorer 11
-Internet Explorer 11 has many Group Policy entries that can be configured for keeping your environment managed and safe. This table includes all of our recommendations around security, performance, and compatibility with the previous versions of Internet Explorer, regardless of which Zone the website is in.
-
-|Activity |Location |Setting the policy object |
-|---------------------------------|----------------------------------------------|-------------------------------------------------------------------------|
-|Turn on Compatibility View for all intranet zones |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Turn on IE Standards Mode for local intranet** , and then click **Disabled**. |
-|Turn on Compatibility View for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Windows Internet Explorer 7 sites** , and then click **Enabled**.Users will be able to add or remove sites manually to their local Compatibility View list, but they won’t be able to remove the sites you specifically added. |
-|Turn on Quirks mode for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Quirks Mode sites**, and then click **Enabled**. |
-|Ensure your users are using the most up-to-date version of Microsoft’s compatibility list. |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Include updated Web site lists from Microsoft**, and then click **Enabled**. |
-|Restrict users from making security zone configuration changes. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel` |Double-click **Disable the Security Page**, and then click **Enabled**. |
-|Control which security zone settings are applied to specific websites. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel\Security Page` |Double-click **Site to Zone Assignment List**, click **Enabled**, and then enter your list of websites and their applicable security zones. |
-|Turn off Data Execution Prevention (DEP). |`Administrative Templates\ Windows Components\Internet Explorer\Security Features` |Double-click **Turn off Data Execution Prevention**, and then click **Enabled**. |
-
-
-
-
-
-
-
-
-
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
new file mode 100644
index 0000000000..8a5b6d7859
--- /dev/null
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
@@ -0,0 +1,39 @@
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+ms.pagetype: security
+description: Group Policy suggestions for compatibility with Internet Explorer 11
+author: dansimp
+ms.prod: ie11
+ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Group Policy and compatibility with Internet Explorer 11
+Internet Explorer 11 has many Group Policy entries that can be configured for keeping your environment managed and safe. This table includes all of our recommendations around security, performance, and compatibility with the previous versions of Internet Explorer, regardless of which Zone the website is in.
+
+|Activity |Location |Setting the policy object |
+|---------------------------------|----------------------------------------------|-------------------------------------------------------------------------|
+|Turn on Compatibility View for all intranet zones |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Turn on IE Standards Mode for local intranet** , and then click **Disabled**. |
+|Turn on Compatibility View for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Windows Internet Explorer 7 sites** , and then click **Enabled**.Users will be able to add or remove sites manually to their local Compatibility View list, but they won’t be able to remove the sites you specifically added. |
+|Turn on Quirks mode for selected websites, using Group Policy |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Use Policy List of Quirks Mode sites**, and then click **Enabled**. |
+|Ensure your users are using the most up-to-date version of Microsoft’s compatibility list. |`Administrative Templates\Windows Components\Internet Explorer\Compatibility View` |Double-click **Include updated Web site lists from Microsoft**, and then click **Enabled**. |
+|Restrict users from making security zone configuration changes. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel` |Double-click **Disable the Security Page**, and then click **Enabled**. |
+|Control which security zone settings are applied to specific websites. |`Administrative Templates\ Windows Components\Internet Explorer\Internet Control Panel\Security Page` |Double-click **Site to Zone Assignment List**, click **Enabled**, and then enter your list of websites and their applicable security zones. |
+|Turn off Data Execution Prevention (DEP). |`Administrative Templates\ Windows Components\Internet Explorer\Security Features` |Double-click **Turn off Data Execution Prevention**, and then click **Enabled**. |
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index 810c6ec4c0..403471f4c7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview of the available Group Policy management tools
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy management tools (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -30,7 +34,7 @@ After deploying IE11 to your organization, you can continue to manage the browse
**Note**
Whenever possible, we recommend that you manage IE11 using Administrative Templates, because these settings are always written to secure policy branches in the registry. In addition, we recommend that you deploy using standard user accounts instead of letting your users log on to their computers as administrators. This helps to prevent your users from making unwanted changes to their systems or overriding Group Policy settings.
-
+
Users won't be able to use the IE11 user interface or the registry to change any managed settings on their computers. However, they will be able to change many of the preferences associated with the settings you set up using the Internet Explorer Administration Kit 11 (IEAK 11).
## Which GPO tool should I use?
@@ -44,9 +48,9 @@ You can use any of these tools to create, manage, view, and troubleshoot Group P
- [Group Policy, Windows Powershell, and Internet Explorer 11](group-policy-windows-powershell-ie11.md). A command-line shell and scripting language that helps automate Windows and application administration on a single computer locally, or across many computers remotely.
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index b676409da7..ae5c5f783e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Info about Group Policy preferences versus Group Policy settings
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group policy preferences and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index 96f776d73e..008e2624c0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 42a69458a5..1f0caf9bc3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy, Shortcut Extensions, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index 355eac531d..2de349942d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Group Policy, Windows Powershell, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
index 7391d19ecf..0b1edff4cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
@@ -2,12 +2,15 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
ms.pagetype: security
-description:
-author: shortpatti
-ms.author: pashort
-ms.manager: elizapo
+description:
+author: dansimp
+ms.author: dansimp
+ms.manager: dansimp
ms.prod: ie11
-ms.assetid:
+ms.assetid:
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Internet Explorer 11 delivery through automatic updates
ms.sitesec: library
ms.date: 05/22/2018
@@ -53,7 +56,7 @@ If you use Automatic Updates in your company, but want to stop your users from a
>The toolkit won't stop users with local administrator accounts from manually installing Internet Explorer 11. Using this toolkit also prevents your users from receiving automatic upgrades from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11. For more information, see the [Internet Explorer 11 Blocker Toolkit frequently asked questions](../ie11-faq/faq-ie11-blocker-toolkit.md).
- **Use an update management solution to control update deployment.**
- If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit.
+ If you already use an update management solution, like [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus) or the more advanced [Microsoft Endpoint Configuration Manager](https://go.microsoft.com/fwlink/?LinkID=276664), you should use that instead of the Internet Explorer Blocker Toolkit.
>[!Note]
>If you use WSUS to manage updates, and Update Rollups are configured for automatic installation, Internet Explorer will automatically install throughout your company. This scenario is discussed in detail in the Knowledge Base article [here](https://support.microsoft.com/kb/946202).
@@ -62,45 +65,45 @@ Additional information on Internet Explorer 11, including a Readiness Toolkit, t
## Availability of Internet Explorer 11
-Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the System Center Configuration Manager, Microsoft Systems Management Server, and WSUS.
+Automatic Updates will start to distribute Internet Explorer 11 shortly after the final release of the product and will distribute it through the Microsoft Endpoint Configuration Manager and WSUS.
## Prevent automatic installation of Internet Explorer 11 with WSUS
Internet Explorer 11 will be released to WSUS as an Update Rollup package. Therefore, if you’ve configured WSUS to “auto-approve” Update Rollup packages, it’ll be automatically approved and installed. To stop Internet Explorer 11 from being automatically approved for installation, you need to:
-1. Click **Start**, click **Administrative Tools**, and then click **Microsoft
- Windows Server Update Services 3.0**.
+1. Click **Start**, click **Administrative Tools**, and then click **Microsoft
+ Windows Server Update Services 3.0**.
-2. Expand *ComputerName*, and then click **Options**.
+2. Expand *ComputerName*, and then click **Options**.
-3. Click **Automatic Approvals**.
+3. Click **Automatic Approvals**.
-4. Click the rule that automatically approves an update that is classified as
- Update Rollup, and then click **Edit.**
+4. Click the rule that automatically approves an update that is classified as
+ Update Rollup, and then click **Edit.**
- >[!Note]
- >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
+ >[!Note]
+ >If you don’t see a rule like this, you most likely haven’t configured WSUS to automatically approve Update Rollups for installation. In this situation, you don’t have to do anything else.
-5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
+5. Click the **Update Rollups** property under the **Step 2: Edit the properties (click an underlined value)** section.
- >[!Note]
- >The properties for this rule will resemble the following:
When an update is in Update Rollups
Approve the update for all computers
+ >[!Note]
+ >The properties for this rule will resemble the following:
When an update is in Update Rollups
Approve the update for all computers
-6. Clear the **Update Rollup** check box, and then click **OK**.
+6. Clear the **Update Rollup** check box, and then click **OK**.
-7. Click **OK** to close the **Automatic Approvals** dialog box.
After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
+7. Click **OK** to close the **Automatic Approvals** dialog box.
After the new Internet Explorer 11 package is available for download, you should manually synchronize the new package to your WSUS server, so that when you re-enable auto-approval it won’t be automatically installed.
-8. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
+8. Click **Start**, click **Administrative Tools**, and then click **Microsoft Windows Server Update Services 3.0**.
-9. Expand *ComputerName*, and then click **Synchronizations**.
+9. Expand *ComputerName*, and then click **Synchronizations**.
-10. Click **Synchronize Now**.
+10. Click **Synchronize Now**.
-11. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
+11. Expand *ComputerName*, expand **Updates**, and then click **All Updates**.
-12. Choose **Unapproved** in the **Approval**drop down box.
+12. Choose **Unapproved** in the **Approval**drop down box.
-13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
+13. Check to make sure that Microsoft Internet Explorer 11 is listed as an unapproved update.
>[!Note]
>There may be multiple updates, depending on the imported language and operating system updates.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index ba9aba7115..5097f83564 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -1,8 +1,12 @@
---
description: A full-sized view of how document modes are chosen in IE11.
title: Full-sized flowchart detailing how document modes are chosen in IE11
-author: shortpatti
+author: dansimp
ms.date: 04/19/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index 8c224e01b5..5ab9dd5e58 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -39,9 +43,9 @@ Importing your file overwrites everything that’s currently in the tool, so mak
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 6d5935a29b..74f09e116d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -1,13 +1,14 @@
---
ms.mktglfcycl: deploy
description: Use this guide to learn about the several options and processes you'll need to consider while you're planning for, deploying, and customizing Internet Explorer 11 for your employee's devices.
-author: shortpatti
+author: dansimp
+ms.author: dansimp
ms.prod: ie11
ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.localizationpriority: medium
-ms.date: 07/27/2017
+manager: dansimp
---
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index 94788e4dfc..e9fcf44f0e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install and Deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -31,11 +35,11 @@ Use the topics in this section to learn how to customize your Internet Explorer
|[Choose how to install Internet Explorer 11 (IE11)](choose-how-to-install-ie11.md) |Guidance for the different ways you can install IE, including using System Center 2012 R2 Configuration Manager, Windows Server Update Services (WSUS), Microsoft Intune, your network, the operating system deployment system, or third-party tools. |
|[Choose how to deploy Internet Explorer 11 (IE11)](choose-how-to-deploy-ie11.md) |Guidance about how to deploy your custom version of IE using Automatic Version Synchronization (AVS) or using your software distribution tools. |
|[Virtualization and compatibility with Internet Explorer 11](virtualization-and-compatibility-with-ie11.md) |Info about the Microsoft-supported options for virtualizing web apps. |
-
+
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index c72e03d477..7dd92ecc08 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -2,16 +2,19 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
---
-# Install Internet Explorer 11 (IE11) using Microsoft Intune
+# Install Internet Explorer 11 (IE11) using Microsoft Intune
Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805).
## Adding and deploying the IE11 package
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 7d3b1213f8..5dade69199 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index ce93f99c12..2b40174159 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index 8d8382d64f..9da3cd91fa 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using your network
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install Internet Explorer 11 (IE11) using your network (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -18,22 +22,22 @@ You can install Internet Explorer 11 (IE11) over your network by putting your c
**To manually create the folder structure**
-- Copy your custom IE11 installation file into a folder on your network, making sure it's available to your employees.
+- Copy your custom IE11 installation file into a folder on your network, making sure it's available to your employees.
- **To create the folder structure using IEAK 11**
+ **To create the folder structure using IEAK 11**
-- Run the Internet Explorer Customization Wizard 11 in IEAK 11, using the **Full Installation Package** option.
-The wizard automatically puts your custom installation files in your `\\Flat` folder. Where the `` is the location of your other build files.
+- Run the Internet Explorer Customization Wizard 11 in IEAK 11, using the **Full Installation Package** option.
+ The wizard automatically puts your custom installation files in your `\\Flat` folder. Where the `` is the location of your other build files.
**Note** Use the localized versions of the IE Customization Wizard 11 to create localized IE11 installation packages.
## Related topics
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-
+
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index bd5133b8b9..5d230773e3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install Internet Explorer 11 (IE11) using third-party tools (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 37916eff52..62bfab42b9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -16,34 +20,34 @@ Windows Server Update Services (WSUS) lets you download a single copy of the Mic
**To import from Windows Update to WSUS**
-1. Open your WSUS admin site. For example, `https:///WSUSAdmin/`.
-Where `` is the name of your WSUS server.
+1. Open your WSUS admin site. For example, `https:///WSUSAdmin/`.
+ Where `` is the name of your WSUS server.
-2. Choose the top server node or the **Updates** node, and then click **Import Updates**.
+2. Choose the top server node or the **Updates** node, and then click **Import Updates**.
-3. To get the updates, install the Microsoft Update Catalog ActiveX control.
+3. To get the updates, install the Microsoft Update Catalog ActiveX control.
-4. Search for Internet Explorer 11 and add its contents to your basket.
+4. Search for Internet Explorer 11 and add its contents to your basket.
-5. After you're done browsing, go to your basket and click **Import**.
+5. After you're done browsing, go to your basket and click **Import**.
- You can also download the updates without importing them by unchecking the **Import directly into Windows Server Update Services** box.
+ You can also download the updates without importing them by unchecking the **Import directly into Windows Server Update Services** box.
- **To approve Internet Explorer in WSUS for installation**
+ **To approve Internet Explorer in WSUS for installation**
-1. Open your WSUS admin site and check the **Review synchronization settings** box from the **To Do** list.
+6. Open your WSUS admin site and check the **Review synchronization settings** box from the **To Do** list.
-2. Click **Synchronize now** to sync your WSUS server with Windows Update, and then click **Updates** from the navigation bar.
+7. Click **Synchronize now** to sync your WSUS server with Windows Update, and then click **Updates** from the navigation bar.
-3. Enter **Internet Explorer 11** into the **Search Contains** box, and then click **Apply**.
+8. Enter **Internet Explorer 11** into the **Search Contains** box, and then click **Apply**.
-4. Choose the right version of IE11 for your operating system, and click **Approve for installation**.
+9. Choose the right version of IE11 for your operating system, and click **Approve for installation**.
-5. Click each computer group you want to set up for the WSUS server, picking the right approval level, and then click **OK**.
+10. Click each computer group you want to set up for the WSUS server, picking the right approval level, and then click **OK**.
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index f1136e386c..3ebe727aeb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to fix potential installation problems with Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 3ae77745-86ac-40a9-a37d-eebbf37661a3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Install problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index 1dcf781581..16331ab49c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to fix intranet search problems with Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Fix intranet search problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -21,7 +25,7 @@ IE11 works differently with search, based on whether your organization is domain
- **Non-domain-joined computers.** A single word entry is treated as an intranet site. However, if the term doesn't resolve to a site, IE11 then treats the entry as a search term and opens your default search provider.
-To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like ` contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
+To explicitly go to an intranet site, regardless of the environment, users can type either a trailing slash like `contoso/` or the `https://` prefix. Either of these will cause IE11 to treat the entry as an intranet search. You can also change the default behavior so that IE11 treats your single word entry in the address bar as an intranet site, regardless of your environment.
**To enable single-word intranet search**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 16311a42a8..2270749c81 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Manage Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -31,9 +35,9 @@ Use the topics in this section to learn about how to auto detect your settings,
|[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 563b6dee54..c0087953b7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Missing Internet Explorer Maintenance settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -61,7 +65,7 @@ The IEM settings have replacements you can use in either Group Policy Preference
|Automatic browser configuration |Lets you update your employee's computer after you've deployed IE11, by specifying a URL to an .ins file, an auto-proxy URL, or both. You can decide when the update occurs, in minutes. Typing zero, or not putting in any number, means that automatic configuration only happens after the browser is started and used to go to a page. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Automatic Configuration** tab, and then add your URL.
On the **Automatic Configuration** page of IEAK 11, modify the configuration settings, including providing the URL to an .ins file or an auto-proxy site. |
|Proxy settings |Lets you specify your proxy servers. |In the **Internet Settings Group Policy Preferences** dialog box, click the **Connections** tab, click **LAN Settings**, and then choose whether to turn on automatic detection of your configuration settings and if you want to use proxy servers.
-OR-
On the **Proxy Settings** page of IEAK 11, turn on your proxy settings, adding your proxy server addresses and exceptions. |
|User Agent string |Lets the browser provide identification to visited servers. This string is often used to keep Internet traffic statistics. |This setting isn't available anymore. |
-
+
### URLs replacements
|IEM setting |Description |Replacement tool |
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
index c5e09b4cfb..fbc40cbf73 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Missing the Compatibility View Button (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index bed077a506..3e564954a6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: How to turn managed browser hosting controls back on in Internet Explorer 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: .NET Framework problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -16,9 +20,9 @@ If you’re having problems launching your legacy apps while running Internet Ex
**To turn managed browser hosting controls back on**
-1. **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+1. **For x86 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
+2. **For 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 0b64ef876d..65e099eb37 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: New group policy settings for Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: New group policy settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -13,42 +17,43 @@ ms.date: 07/27/2017
# New group policy settings for Internet Explorer 11
-Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
+Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
-|Policy |Category Path |Supported on |Explanation |
-|-------|--------------|-------------|------------|
-|Allow IE to use the HTTP2 network protocol |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.
If you enable this policy setting, IE uses the HTTP2 network protocol.
If you disable this policy setting, IE won't use the HTTP2 network protocol.
If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on. |
-|Allow IE to use the SPDY/3 network protocol |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization.
If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.
If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.
If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced* tab of the **Internet Options** dialog box. The default is on.
**Note** We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting. |
-|Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.
If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
-|Allow only approved domains to use the TDC ActiveX control |
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
|IE11 in Windows 10 |This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.
If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.
If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
-|Allow SSL3 Fallback |Administrative Templates\Windows Components\Internet Explorer\Security Features |Internet Explorer 11 on Windows 10 |This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled.
If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols.
If you disable or don’t configure this setting, Internet Explorer uses the default system protocols.
**Important:** By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
-|Allow VBScript to run in Internet Explorer|
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Internet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Intranet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Local Machine Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Internet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Intranet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Local Machine Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Restricted Sites Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Trusted Sites Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Restricted Sites Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Trusted Sites Zone
|Internet Explorer 11|This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.
If you enable this policy setting (default), you must also pick one of the following options from the Options box:
Enable. VBScript runs on pages in specific zones, without any interaction.
Prompt. Employees are prompted whether to allow VBScript to run in the zone.
Disable. VBScript is prevented from running in the zone.
If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone.|
-|Always send Do Not Track header |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 |This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.
If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.
**In Internet Explorer 9 and 10:** If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
**In at least IE11:** If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced* tab of the **Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
-|Don't run antimalware programs against ActiveX controls (Internet, Restricted Zones) |
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
|IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
-|Don't run antimalware programs against ActiveX controls (Intranet, Trusted, Local Machine Zones) |
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
|IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
-|Hide the button (next to the New Tab button) that opens Microsoft Edge |User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ |IE11 on Windows 10, version 1703|This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.
If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.
If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
-|Let users turn on and use Enterprise Mode from the **Tools** menu |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.
If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.
If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
-|Limit Site Discovery output by Domain |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.
**Note:** You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-|Limit Site Discovery output by Zone |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones.
To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone
**Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone
**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:
1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone
**Note:** You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
-|Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data |Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History |At least Windows Internet Explorer 9 |**In Internet Explorer 9 and Internet Explorer 10:** This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.
**In IE11:** This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.
If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.
If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.
If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
-|Send all sites not included in the Enterprise Mode Site List to Microsoft Edge |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge.
If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list.
If you disable or don't configure this policy setting, all sites will open based on the currently active browser.
**Note:** If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. |
-|Show message when opening sites in Microsoft Edge using Enterprise Mode |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. |
-|Turn off automatic download of the ActiveX VersionList |Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management |At least Windows Internet Explorer 8 |This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.
If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.
If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.
**Important:** Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) topic. |
-|Turn off loading websites and content in the background to optimize performance |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.
If you enable this policy setting, IE doesn't load any websites or content in the background.
If you disable this policy setting, IE preemptively loads websites and content in the background.
If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
-|Turn off phone number detection |Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing |IE11 on Windows 10 |This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.
If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.
If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.
If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
-|Turn off sending URL path as UTF-8 |User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding |At least Windows Internet Explorer 7 |This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.
If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.
If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.
If you don't configure this policy setting, users can turn this behavior on or off. |
-|Turn off sending UTF-8 query strings for URLs |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.
If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:
**0.** Never encode query strings.
**1.** Only encode query strings for URLs that aren't in the Intranet zone.
**2.** Only encode query strings for URLs that are in the Intranet zone.
**3.** Always encode query strings.
If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
-|Turn off the ability to launch report site problems using a menu option |Administrative Templates\Windows Components\Internet Explorer\Browser menus |Internet Explorer 11 |This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.
If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu.
If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
-|Turn off the flip ahead with page prediction feature |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 on Windows 8 |This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.
If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.
If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.
If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm.
**Note** Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. |
-|Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default.
**Important** When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
-|Turn on Site Discovery WMI output |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as System Center Configuration Manager.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class.
**Note:** Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-|Turn on Site Discovery XML output |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file.
**Note:** Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
-|Use the Enterprise Mode IE website list |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1511 |This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.
If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering.
If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |
+
+| Policy | Category Path | Supported on | Explanation |
+|-----------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Allow IE to use the HTTP2 network protocol | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.
If you enable this policy setting, IE uses the HTTP2 network protocol.
If you disable this policy setting, IE won't use the HTTP2 network protocol.
If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on. |
+| Allow IE to use the SPDY/3 network protocol | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization.
If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.
If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.
If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced\* tab of the \*\*Internet Options** dialog box. The default is on.
**Note** We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting. |
+| Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.
If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.
If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
+| Allow only approved domains to use the TDC ActiveX control |
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
| IE11 in Windows 10 | This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.
If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.
If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
+| Allow SSL3 Fallback | Administrative Templates\Windows Components\Internet Explorer\Security Features | Internet Explorer 11 on Windows 10 | This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled.
If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols.
If you disable or don’t configure this setting, Internet Explorer uses the default system protocols.
**Important:** By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
+| Allow VBScript to run in Internet Explorer |
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Internet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Intranet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Local Machine Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Internet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Intranet Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Local Machine Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Restricted Sites Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Locked-Down Trusted Sites Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Restricted Sites Zone
Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone/Trusted Sites Zone
| Internet Explorer 11 | This policy setting lets you decide whether VBScript can run on pages in specific Internet Explorer zones.
If you enable this policy setting (default), you must also pick one of the following options from the Options box:
Enable. VBScript runs on pages in specific zones, without any interaction.
Prompt. Employees are prompted whether to allow VBScript to run in the zone.
Disable. VBScript is prevented from running in the zone.
If you disable or don’t configure this policy setting, VBScript runs without any interaction in the specified zone. |
+| Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.
If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.
**In Internet Explorer 9 and 10:** If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.
**In at least IE11:** If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.
If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
+| Don't run antimalware programs against ActiveX controls (Internet, Restricted Zones) |
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
+| Don't run antimalware programs against ActiveX controls (Intranet, Trusted, Local Machine Zones) |
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
| IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.
If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.
If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
+| Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.
If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.
If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.
If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
+| Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.
If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.
If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
+| Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.
**Note:** You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
+| Limit Site Discovery output by Zone | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones.
To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
0 – Local Intranet zone
0 – Local Machine zone
**Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:
0 – Restricted Sites zone
0 – Internet zone
0 – Trusted Sites zone
1 – Local Intranet zone
0 – Local Machine zone
**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:
1 – Restricted Sites zone
0 – Internet zone
1 – Trusted Sites zone
1 – Local Intranet zone
1 – Local Machine zone
**Note:** You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
+| Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data | Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History | At least Windows Internet Explorer 9 | **In Internet Explorer 9 and Internet Explorer 10:** This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.
**In IE11:** This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.
If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.
If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.
If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
+| Send all sites not included in the Enterprise Mode Site List to Microsoft Edge | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1607 | This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge.
If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list.
If you disable or don't configure this policy setting, all sites will open based on the currently active browser.
**Note:** If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. |
+| Show message when opening sites in Microsoft Edge using Enterprise Mode | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1607 | This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.
If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. |
+| Turn off automatic download of the ActiveX VersionList | Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management | At least Windows Internet Explorer 8 | This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.
If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.
If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.
**Important:** Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking () topic. |
+| Turn off loading websites and content in the background to optimize performance | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.
If you enable this policy setting, IE doesn't load any websites or content in the background.
If you disable this policy setting, IE preemptively loads websites and content in the background.
If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
+| Turn off phone number detection | Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing | IE11 on Windows 10 | This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.
If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.
If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.
If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
+| Turn off sending URL path as UTF-8 | User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding | At least Windows Internet Explorer 7 | This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.
If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.
If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.
If you don't configure this policy setting, users can turn this behavior on or off. |
+| Turn off sending UTF-8 query strings for URLs | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.
If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:
**0.** Never encode query strings.
**1.** Only encode query strings for URLs that aren't in the Intranet zone.
**2.** Only encode query strings for URLs that are in the Intranet zone.
**3.** Always encode query strings.
If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
+| Turn off the ability to launch report site problems using a menu option | Administrative Templates\Windows Components\Internet Explorer\Browser menus | Internet Explorer 11 | This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.
If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu.
If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
+| Turn off the flip ahead with page prediction feature | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 on Windows 8 | This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.
If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.
If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.
If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm.
**Note** Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. |
+| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | IE11 on Windows 10 | This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.
If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default.
**Important** When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
+| Turn on Site Discovery WMI output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as Microsoft Endpoint Configuration Manager.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class.
**Note:** Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
+| Turn on Site Discovery XML output | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.
If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location.
If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file.
**Note:** Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
+| Use the Enterprise Mode IE website list | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10, version 1511 | This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.
If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering.
If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |
## Removed Group Policy settings
IE11 no longer supports these Group Policy settings:
-- Turn on Internet Explorer 7 Standards Mode
+- Turn on Internet Explorer 7 Standards Mode
- Turn off Compatibility View button
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index a834636814..5591606f32 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -3,10 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.prod: ie11
ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Out-of-date ActiveX control blocking (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 05/10/2018
@@ -189,15 +192,15 @@ Before running the PowerShell script, you must copy both the .ps1 and .mof file
**To configure IE to use WMI logging**
-1. Open your Group Policy editor and turn on the `Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX control logging in IE` setting.
+1. Open your Group Policy editor and turn on the `Administrative Templates\Windows Components\Internet Explorer\Turn on ActiveX control logging in IE` setting.
-2. On the client device, start PowerShell in elevated mode (using admin privileges) and run `ConfigureWMILogging.ps1` by by-passing the PowerShell execution policy, using this command:
-```
-powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
-```
-For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
+2. On the client device, start PowerShell in elevated mode (using admin privileges) and run `ConfigureWMILogging.ps1` by by-passing the PowerShell execution policy, using this command:
+ ```
+ powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
+ ```
+ For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
-3. **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
+3. **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
The inventory info appears in the WMI class, `IEAXControlBlockingAuditInfo`, located in the WMI namespace, *root\\cimv2\\IETelemetry*. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index 9e8959e2a9..80a59c9305 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Problems after installing Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 10/16/2017
@@ -42,29 +46,29 @@ If you notice that CPU usage is running higher than normal, or that IE is freque
**To check your browser add-ons**
-1. Start IE11 in **No Add-ons mode** by running the **Run** command from the **Start** menu, and then typing `iexplore.exe -extoff` into the box.
+1. Start IE11 in **No Add-ons mode** by running the **Run** command from the **Start** menu, and then typing `iexplore.exe -extoff` into the box.
-2. Check if IE still crashes.
-If the browser doesn't crash, open Internet Explorer for the desktop, click the **Tools** menu, and click **Manage Add-ons**.
+2. Check if IE still crashes.
+ If the browser doesn't crash, open Internet Explorer for the desktop, click the **Tools** menu, and click **Manage Add-ons**.
-3. Click **Toolbars and Extensions**, click each toolbar or extension, clicking **Disable** to turn off all of the browser extensions and toolbars.
+3. Click **Toolbars and Extensions**, click each toolbar or extension, clicking **Disable** to turn off all of the browser extensions and toolbars.
-4. Restart IE11. Go back to the **Manage Add-Ons** window and turn on each item, one-by-one.
-After you turn each item back on, see if IE crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to crash. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.
+4. Restart IE11. Go back to the **Manage Add-Ons** window and turn on each item, one-by-one.
+ After you turn each item back on, see if IE crashes or slows down. Doing it this way will help you identify the add-on that's causing IE to crash. After you've figured out which add-on was causing the problem, turn it off until you have an update from the manufacturer.
- **To check for Software Rendering mode**
+ **To check for Software Rendering mode**
-1. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
+5. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
-2. On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
-If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
+6. On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
+ If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Microsoft Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index e63c2475a6..df8a2b1707 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -37,9 +41,9 @@ This is a permanent removal and erases everything. However, if you determine it
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
index 5037f6fe3c..4995a12e9a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local compatibility view list.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index 05a2e285bb..c9b859509b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Instructions about how to remove sites from a local Enterprise Mode site list.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index d6bba6d3d8..28b18117e1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
index 06af735490..4565b9f0c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itprom
+manager: dansimp
+ms.author: dansimp
---
# Schedule approved change requests for production using the Enterprise Mode Site List Portal
@@ -47,4 +51,4 @@ After a change request is approved, the original Requester can schedule the chan
## Next steps
-After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
\ No newline at end of file
+After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index d4ac172352..bc468576ed 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -26,16 +30,16 @@ You can search to see if a specific site already appears in your global Enterpri
**To search your compatibility list**
-- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
-The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
+- From the Enterprise Mode Site List Manager, type part of the URL into the **Search** box.
+ The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
## Related topics
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 896d0512a7..b6c1af8258 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Set the default browser using Group Policy (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index a72a457d0a..fd55a40ebd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -37,33 +41,33 @@ When you turn logging on, you need a valid URL that points to a server that can
**To set up an endpoint server**
-1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
+1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
-2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
-This lets you create an ASP form that accepts the incoming POST messages.
+2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
+ This lets you create an ASP form that accepts the incoming POST messages.
-3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
+3. Open the Internet Information Services (IIS) Manager, click **Bindings**, highlight **Port 81**, click **Edit**, and then change the website information to point to Port 81 so it matches your custom-created port.
- 
+ 
-4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
+4. Open the **Logging** feature, pick **W3C** for the format, and click **Select Fields** to open the **W3C Logging Fields** box.
- 
+ 
-5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
-Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
+5. Change the WC3 logging fields to include only the **Date**, **Client IP**, **User Name**, and **URI Query** standard fields, and then click **OK**.
+ Using only these fields keeps the log file simple, giving you the date, client IP address, and the website URI information for any site changed by your users.
-6. Apply these changes to your default website and close the IIS Manager.
+6. Apply these changes to your default website and close the IIS Manager.
-7. Put your EmIE.asp file into the root of the web server, using this command:
+7. Put your EmIE.asp file into the root of the web server, using this command:
```
- <% @ LANGUAGE=javascript %>
- <%
- Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
- %>
- ```
-This code logs your POST fields to your IIS log file, where you can review all of the collected data.
+ <% @ LANGUAGE=javascript %>
+ <%
+ Response.AppendToLog(" ;" + Request.Form("URL") + " ;" + Request.Form("EnterpriseMode"));
+ %>
+ ```
+ This code logs your POST fields to your IIS log file, where you can review all of the collected data.
### IIS log file information
@@ -83,47 +87,47 @@ For logging, you’re going to need a valid URL that points to a server that can
**To set up the sample**
-1. Set up a server to collect your Enterprise Mode information from your users.
+1. Set up a server to collect your Enterprise Mode information from your users.
-2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
+2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
-3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
+3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
-4. On the **Build** menu, tap or click **Build Solution**.
-The required packages are automatically downloaded and included in the solution.
+4. On the **Build** menu, tap or click **Build Solution**.
+ The required packages are automatically downloaded and included in the solution.
- **To set up your endpoint server**
+ **To set up your endpoint server**
-1. Right-click on the name, PhoneHomeSample, and click **Publish**.
+5. Right-click on the name, PhoneHomeSample, and click **Publish**.
- 
+ 
-2. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
+6. In the **Publish Web** wizard, pick the publishing target and options that work for your organization.
**Important**
Make sure you have a database associated with your publishing target. Otherwise, your reports won’t be collected and you’ll have problems deploying the website.
- 
+ 
After you finish the publishing process, you need to test to make sure the app deployed successfully.
- **To test, deploy, and use the app**
+ **To test, deploy, and use the app**
-1. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
+7. Open a registry editor on the computer where you deployed the app, go to the `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode` key, and change the **Enable** string to:
- ``` "Enable"="https:///api/records/"
- ```
- Where `` points to your deployment URL.
+ ``` "Enable"="https:///api/records/"
+ ```
+ Where `` points to your deployment URL.
-2. After you’re sure your deployment works, you can deploy it to your users using one of the following:
+8. After you’re sure your deployment works, you can deploy it to your users using one of the following:
- - Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `` information into the **Options** box.
+ - Turn on the **Let users turn on and use Enterprise Mode from the Tools menu** Group Policy setting, putting your `` information into the **Options** box.
- - Deploy the registry key in Step 3 using System Center or other management software.
+ - Deploy the registry key in Step 3 using System Center or other management software.
-3. Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary.
+9. Get your users to visit websites, turning Enterprise Mode on or off locally, as necessary.
- **To view the report results**
+ **To view the report results**
- Go to `https:///List` to see the report results.
If you’re already on the webpage, you’ll need to refresh the page to see the results.
@@ -149,9 +153,9 @@ You may need to do some additional package cleanup to remove older package versi
- [What is Enterprise Mode?](what-is-enterprise-mode.md)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index 47c4caf92b..e63d79527c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# Set up the Enterprise Mode Site List Portal
@@ -43,7 +47,10 @@ You must download the deployment folder (**EMIEWebPortal/**), which includes all
Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
-6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
+6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, open **Web.config** from **EMIEWebPortal/** folder, and replace MSIT-LOB-COMPAT with your server name hosting your database, replace LOBMerged with your database name, and build the entire solution.
+
+ >[!Note]
+ >Step 3 of this topic provides the steps to create your database.
7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
@@ -105,17 +112,6 @@ Create a new Application Pool and the website, by using the IIS Manager.
>[!Note]
>You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
-10. Return to the **<website_name> Home** pane, and double-click the **Connection Strings** icon.
-
-11. Open the **LOBMergedEntities Connection String** to edit:
-
- - **Data source.** Type the name of your local computer.
-
- - **Initial catalog.** The name of your database.
-
- >[!Note]
- >Step 3 of this topic provides the steps to create your database.
-
## Step 3 - Create and prep your database
Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
@@ -229,4 +225,4 @@ Register the EMIEScheduler tool and service for production site list changes.
- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
-- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
\ No newline at end of file
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index 55f9bcfe0a..7dd3e837c0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
ms.pagetype: appcompat
description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Setup problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 212f8f717a..a8953ad3f4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Lists the minimum system requirements and supported languages for Internet Explorer 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: System requirements and language support for Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -31,16 +35,16 @@ IE11 isn't supported on Windows 8 or Windows Server 2012.
Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
-|Item |Minimum requirements |
-|----------------------------|--------------------------------------------------------|
-|Computer/processor |1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64) |
-|Operating system |
Windows 10 (32-bit or 64-bit)
Windows 8.1 Update (32-bit or 64-bit)
Windows 7 with SP1 (32-bit or 64-bit)
Windows Server 2012 R2
Windows Server 2008 R2 with SP1 (64-bit only)
|
-|Memory |
Windows 10 (32-bit)-1 GB
Windows 10 (64-bit)-2 GB
Windows 8.1 Update (32-bit)-1 GB
Windows 8.1 Update (64-bit)-2 GB
Windows 7 with SP1 (32-bit or 64-bit)-512 MB
Windows Server 2012 R2-512 MB
Windows Server 2008 R2 with SP1 (64-bit only)-512 MB
|
-|Hard drive space |
Windows 10 (32-bit)-16 GB
Windows 10 (64-bit)-20 GB
Windows 8.1 Update (32-bit)-16 GB
Windows 8.1 Update (64-bit)-20 GB
Windows 7 with SP1 (32-bit)-70 MB
Windows 7 with SP1 (64-bit)-120 MB
Windows Server 2012 R2-32 GB
Windows Server 2008 R2 with SP1 (64-bit only)-200 MB
|
-|Drive |CD-ROM drive (if installing from a CD-ROM) |
-|Display |Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
-|Peripherals |Internet connection and a compatible pointing device |
+| Item | Minimum requirements |
+|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Computer/processor | 1 gigahertz (GHz) 32-bit (x86) or 64-bit (x64) |
+| Operating system |
Windows 10 (32-bit or 64-bit)
Windows 8.1 Update (32-bit or 64-bit)
Windows 7 with SP1 (32-bit or 64-bit)
Windows Server 2012 R2
Windows Server 2008 R2 with SP1 (64-bit only)
|
+| Memory |
Windows 10 (32-bit)-1 GB
Windows 10 (64-bit)-2 GB
Windows 8.1 Update (32-bit)-1 GB
Windows 8.1 Update (64-bit)-2 GB
Windows 7 with SP1 (32-bit or 64-bit)-512 MB
Windows Server 2012 R2-512 MB
Windows Server 2008 R2 with SP1 (64-bit only)-512 MB
|
+| Hard drive space |
Windows 10 (32-bit)-16 GB
Windows 10 (64-bit)-20 GB
Windows 8.1 Update (32-bit)-16 GB
Windows 8.1 Update (64-bit)-20 GB
Windows 7 with SP1 (32-bit)-70 MB
Windows 7 with SP1 (64-bit)-120 MB
Windows Server 2012 R2-32 GB
Windows Server 2008 R2 with SP1 (64-bit only)-200 MB
|
+| Drive | CD-ROM drive (if installing from a CD-ROM) |
+| Display | Super VGA (800 x 600) or higher-resolution monitor with 256 colors |
+| Peripherals | Internet connection and a compatible pointing device |
## Support for .NET Framework
You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
@@ -50,9 +54,9 @@ IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 lan
Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
index de391cfd69..c5a68132d8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
@@ -3,10 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.prod: ie11
ms.assetid:
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Tips and tricks to manage Internet Explorer compatibility
ms.sitesec: library
ms.date: 05/10/2018
@@ -125,9 +128,9 @@ We recommend that enterprise customers focus their new development on establishe
- [Document modes](https://msdn.microsoft.com/library/dn384051(v=vs.85).aspx)
- [What is Enterprise Mode?](what-is-enterprise-mode.md)
- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
-- [Enterprise Site Discovery Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=44570)
+- [Enterprise Site Discovery Toolkit](https://www.microsoft.com/download/details.aspx?id=44570)
- [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)
- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
\ No newline at end of file
+- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index 7e28e38f9f..39d999c947 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Troubleshoot Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
index 53ac1a4017..1df0d6b95e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
@@ -2,10 +2,14 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
-description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
-author: shortpatti
+description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
+author: dansimp
ms.prod: ie11
ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -29,49 +33,49 @@ In addition, if you no longer want your users to be able to turn Enterprise Mode
**Important**
Turning off both of these features turns off Enterprise Mode for your company. Turning off Enterprise Mode also causes any websites included in your employee’s manual site lists to not appear in Enterprise Mode.
- **To turn off the site list using Group Policy**
+ **To turn off the site list using Group Policy**
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
+1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.
-Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
+2. Go to the **Use the Enterprise Mode IE website list** setting, and then click **Disabled**.
+ Enterprise Mode will no longer look for the site list, effectively turning off Enterprise Mode. However, if you previously turned on local control for your employees, Enterprise Mode will still be available from the **Tools** menu. You need to turn that part of the functionality off separately.
- **To turn off local control using Group Policy**
+ **To turn off local control using Group Policy**
-1. Open your Group Policy editor, like Group Policy Management Console (GPMC).
+3. Open your Group Policy editor, like Group Policy Management Console (GPMC).
-2. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
+4. Go to the **Let users turn on and use Enterprise Mode from the Tools menu** setting, and then click **Disable**.
-3. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
+5. Enterprise Mode no longer shows up on the **Tools** menu for your employees. However, if you are still using an Enterprise Mode site list, all of the globally listed sites will still appear in Enterprise Mode. If you want to turn off all of Enterprise Mode, you will need to also turn off the site list functionality.
- **To turn off the site list using the registry**
+ **To turn off the site list using the registry**
-1. Open a registry editor, such as regedit.exe.
+6. Open a registry editor, such as regedit.exe.
-2. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
-You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
+7. Go to `HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **SiteList** value.
+ You can also use HKEY_LOCAL_MACHINE, depending whether you want to turn off the Enterprise Mode site list for users or for computers.
-3. Close all and restart all instances of Internet Explorer.
-IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
+8. Close all and restart all instances of Internet Explorer.
+ IE11 stops looking at the site list for rendering instructions. However, Enterprise Mode is still available to your users locally (if it was turned on).
- **To turn off local control using the registry**
+ **To turn off local control using the registry**
-1. Open a registry editor, such as regedit.exe.
+9. Open a registry editor, such as regedit.exe.
-2. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
-You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
+10. Go `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, and then delete the **Enable** value.
+ You can also use HKEY_CURRENT_USER, depending whether you want to turn off Enterprise Mode for users or for computers.
-3. Close and restart all instances of IE.
-Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
+11. Close and restart all instances of IE.
+ Enterprise Mode is no longer a user option on the **Tools** menu in IE11. However, IE11 still looks at the site list (if it was turned on).
## Related topics
- [What is Enterprise Mode?](what-is-enterprise-mode.md)
- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
- [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index c98c3e7c5b..90442b3bbc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: Turn off natural metrics for Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Fix font rendering problems by turning off natural metrics (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -20,15 +24,15 @@ However, you might find that many intranet sites need you to use Windows Graphic
- Add the following HTTP header to each site: `X-UA-TextLayoutMetrics: gdi`
-
**-OR-**
+
-OR-
- Add the following <meta> tag to each site: ``
Turning off natural metrics automatically turns on GDI metrics.
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index a46290559e..29c8de2486 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -2,19 +2,17 @@
title: Turn on Enterprise Mode and use a site list (Internet Explorer 11 for IT Pros)
description: How to turn on Enterprise Mode and specify a site list.
ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
+ms.reviewer:
+audience: itpro
+manager: dansimp
ms.prod: ie11
ms.mktglfcycl: deploy
ms.pagetype: appcompat
ms.sitesec: library
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.date: 08/14/2017
ms.localizationpriority: medium
-
-
-
-
-
---
@@ -35,28 +33,28 @@ Before you can use a site list with Enterprise Mode, you need to turn the functi
**To turn on Enterprise Mode using Group Policy**
-1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
-Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
+1. Open your Group Policy editor and go to the `Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list` setting.
+ Turning this setting on also requires you to create and store a site list. For more information about creating your site list, see the [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
- 
+ 
-2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
+2. Click **Enabled**, and then in the **Options** area, type the location to your site list.
- **To turn on Enterprise Mode using the registry**
+ **To turn on Enterprise Mode using the registry**
-1. **For only the local user:** Open a registry editor, like regedit.exe and go to `HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
-
-OR-
-**For all users on the device:** Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+3. **For only the local user:** Open a registry editor, like regedit.exe and go to `HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+
-OR-
+ For all users on the device: Open a registry editor, like regedit.exe and go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode.
-2. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
+4. Edit the `SiteList` registry key to point to where you want to keep your Enterprise Mode site list file. For example:
- 
+ 
- - **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
+ - **HTTPS location**: `"SiteList"="https://localhost:8080/sites.xml"`
- - **Local network:** `"SiteList"="\\network\shares\sites.xml"`
+ - **Local network:** `"SiteList"="\\network\shares\sites.xml"`
- - **Local file:** `"SiteList"="file:///c:\\Users\\\\Documents\\testList.xml"`
+ - **Local file:** `"SiteList"="file:///c:\\Users\\\\Documents\\testList.xml"`
All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. For information about how to create and use an Enterprise Mode site list, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
@@ -65,9 +63,9 @@ Turning this setting on also requires you to create and store a site list. For m
- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index ea9a56a081..1324c12963 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Turn on local user control and logging for Enterprise Mode.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -28,34 +32,34 @@ Besides turning on this feature, you also have the option to provide a URL for E
**To turn on local control of Enterprise Mode using Group Policy**
-1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
+1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\Internet Explorer\\Let users turn on and use Enterprise Mode from the Tools menu** setting.
- 
+ 
-2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
+2. Click **Enabled**, and then in the **Options** area, type the location for where to receive reports about when your employees use this functionality to turn Enterprise Mode on or off from the **Tools** menu.
- **To turn on local control of Enterprise Mode using the registry**
+ **To turn on local control of Enterprise Mode using the registry**
-1. Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
+3. Open a registry editor, like regedit.exe and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode`.
-2. In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
+4. In the right pane, right-click and click **New**, click **String Value**, and then name the new value **Enable**.
-3. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
+5. Right-click the **Enable** key, click **Modify**, and then type a **Value data** to point to a server that you can listen to for updates.
- 
+ 
Your **Value data** location can be any of the following types:
-- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
**Important**
-The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
-- **Local network location (like, https://*emieposturl*/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
-- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
+- **URL location (like, https://www.emieposturl.com/api/records or https://localhost:13000)**. IE sends a POST message to the URL every time a change is made to Enterprise Mode from the **Tools** menu.
**Important**
+ The `https://www.emieposturl.com/api/records` example will only work if you’ve downloaded the sample discussed in the [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) topic. If you don’t have the sample, you won’t have the web API.
+- **Local network location (like, https://emieposturl/)**. IE sends a POST message to your specified local network location every time a change is made to Enterprise Mode from the **Tools** menu.
+- **Empty string**. If you leave the **Value data** box blank; your employees will be able to turn Enterprise Mode on and off from the **Tools** menu, but you won’t collect any logging data.
For information about how to collect the data provided when your employees turn Enterprise Mode on or off from the **Tools** menu, see [Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md).
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index 2d64e28d56..446375289c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: High-level info about some of the new and updated features for Internet Explorer 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f53c6f04-7c60-40e7-9fc5-312220f08156
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: List of updated features and tools - Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
index 0da4b5a228..c26e39ddcc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
@@ -7,6 +7,11 @@ ms.prod: ie11
title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer: dansimp
+audience: itpro
+manager: dansimp
+ms.author: dansimp
+author: dansimp
---
# Use the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 9abbcb8a09..58ffc300ce 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 12/04/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
index 907b26056e..3a1f3b4596 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: User interface problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -29,15 +33,15 @@ For IE11, the UI has been changed to provide just the controls needed to support
**To turn the toolbars back on**
-- Right click in the IE toolbar heading and choose to turn on the **Command bar**, **Favorites bar**, and **Status bar** from the menu.
-
-OR-
-In IE, press **ALT+V** to show the **View** menu, press **T** to enter the **Toolbars** menu, and then press:
+- Right click in the IE toolbar heading and choose to turn on the **Command bar**, **Favorites bar**, and **Status bar** from the menu.
+
-OR-
+ In IE, press ALT+V to show the View menu, press T to enter the Toolbars menu, and then press:
- - **C** to turn on the **Command Bar**
+ - **C** to turn on the **Command Bar**
- - **F** to turn on the **Favorites Bar**
+ - **F** to turn on the **Favorites Bar**
- - **S** to turn on the **Status Bar**
+ - **S** to turn on the **Status Bar**
## Where did the search box go?
IE11 uses the **One Box** feature, which lets users type search terms directly into the **Address bar**. Any text entered into the **Address bar** that doesn't appear to be a URL is automatically sent to the currently selected search provider.
@@ -45,11 +49,11 @@ IE11 uses the **One Box** feature, which lets users type search terms directly i
>[!NOTE]
>Depending on how you've set up your intranet search, the text entry might resolve to an intranet site. For more information about this, see [Intranet problems with Internet Explorer 11](intranet-problems-and-ie11.md).
-
+
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index 14c7b096ac..6bff79cc82 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: security
description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
index f4d86e9b12..710c69e3cb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use IEAK 11 while planning, customizing, and building the custom installation package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index 1ccb850f60..1f7b62dfa5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use Setup Information (.inf) files to create installation packages.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Using Setup Information (.inf) files to create packages (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -16,14 +20,14 @@ IEAK 11 uses Setup information (.inf) files to provide uninstallation instructi
**To add uninstallation instructions to the .inf files**
-- Open the Registry Editor (regedit.exe) and add these registry keys:
-```
-HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"
-HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString",,"command-line"
-```
-Where **"description"** is the name that shows up in the **Uninstall or change a program** box and **"command-line"** is the command that runs after the component is picked.
-
**Note**
-Make sure your script removes the uninstallation registry key, too. Otherwise, the component name will continue to show up in the **Uninstall or change a program**.
+- Open the Registry Editor (regedit.exe) and add these registry keys:
+ ```
+ HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"DisplayName",,"description"
+ HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString",,"command-line"
+ ```
+ Where **"description"** is the name that shows up in the **Uninstall or change a program** box and **"command-line"** is the command that runs after the component is picked.
+
Note
+ Make sure your script removes the uninstallation registry key, too. Otherwise, the component name will continue to show up in the Uninstall or change a program.
## Limitations
.Inf files have limitations:
@@ -34,9 +38,9 @@ Make sure your script removes the uninstallation registry key, too. Otherwise, t
- You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298510).
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
index 3f67e92d70..8a161b2ffb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# Verify your changes using the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
index 66e6178858..42db6c85c5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
index af5ebf2e29..2be252275c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
diff --git a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
index 942409e353..20ad5ac557 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
# View the available Enterprise Mode reports from the Enterprise Mode Site List Portal
@@ -47,4 +51,4 @@ Administrators can view the Microsoft-provided Enterprise Mode reports from the
- **Reasons for request.** Shows how many change request reasons exist, based on the **Reason for request** field.
- - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.
\ No newline at end of file
+ - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index d62ac7df09..e5de6fffdd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: virtualization
description: Virtualization and compatibility with Internet Explorer 11
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Virtualization and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 61997d30d7..da309b68cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Info about the features included in Enterprise Mode with Internet Explorer 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 10/25/2018
@@ -67,19 +71,19 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
```xml
-
+
EnterpriseSiteListManager1058620150728.135021
-
+
IE8EnterpriseIE11
- default
+ DefaultIE11
@@ -88,8 +92,8 @@ This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypf
IE8Enterprise"
@@ -160,6 +164,6 @@ Because the tool is open-source, the source code is readily available for examin
- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
-- [Microsoft Services Support](https://www.microsoft.com/en-us/microsoftservices/support.aspx)
+- [Microsoft Services Support](https://www.microsoft.com/microsoftservices/support.aspx)
- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index f0dbb0fe38..98f659748d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
ms.pagetype: security
description: How to download and use the Internet Explorer 11 Blocker Toolkit to turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.manager: elizapo
ms.prod: ie11
ms.assetid: fafeaaee-171c-4450-99f7-5cc7f8d7ba91
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: What is the Internet Explorer 11 Blocker Toolkit? (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 05/10/2018
diff --git a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
index e63b48ab92..de71b3a8ff 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md
@@ -3,11 +3,15 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal.
-author: shortpatti
+author: dansimp
ms.prod: ie11
title: Workflow-based processes for employees using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
---
@@ -40,4 +44,4 @@ Use the topics in this section to learn how to perform the available Enterprise
- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
-- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
\ No newline at end of file
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index 304aac3c88..8917b1de22 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: explore
description: Frequently asked questions about Internet Explorer 11 for IT Pros
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
ms.sitesec: library
ms.date: 10/16/2017
@@ -12,31 +16,31 @@ ms.date: 10/16/2017
# Internet Explorer 11 - FAQ for IT Pros
-Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
+Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
## Frequently Asked Questions
**Q: What operating system does IE11 run on?**
-- Windows 10
+- Windows 10
-- Windows 8.1
+- Windows 8.1
-- Windows Server 2012 R2
+- Windows Server 2012 R2
-- Windows 7 with Service Pack 1 (SP1)
+- Windows 7 with Service Pack 1 (SP1)
-- Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
-**Q: How do I install IE11 on Windows 10, Windows 8.1, or Windows Server 2012 R2?**
-IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
+**Q: How do I install IE11 on Windows 10, Windows 8.1, or Windows Server 2012 R2?**
+IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
-**Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**
-You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
+**Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**
+You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
-**Q: How does IE11 integrate with Windows 8.1?**
-IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
+**Q: How does IE11 integrate with Windows 8.1?**
+IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
**Q: What are the new or improved security features?**
IE11 offers improvements to Enhanced Protected Mode, password manager, and other security features. IE11 also turns on Transport Layer Security (TLS) 1.2 by default.
@@ -62,9 +66,9 @@ Supported web standards include:
For more information about specific changes and additions, see the [IE11 guide for developers](https://go.microsoft.com/fwlink/p/?LinkId=313188).
**Q: What test tools exist to test for potential application compatibility issues?**
-The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
+The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
-**Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?
+**Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?
It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
- **For x86 systems or for 32-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\MICROSOFT\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
@@ -77,7 +81,7 @@ For more information, see the [Web Applications](https://go.microsoft.com/fwlink
Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
**Q: What is Enterprise Mode?**
-Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
+Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
For more information, see [Turn on Enterprise Mode and use a site list](../ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md).
**Q: What is the Enterprise Mode Site List Manager tool?**
@@ -85,18 +89,18 @@ Enterprise Mode Site List Manager tool gives you a way to add websites to your E
For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
**Q: Are browser plug-ins supported in IE11?**
-The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
+The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
**Q: Is Adobe Flash supported on IE11?**
-Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
+Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
**Important**
-The preinstalled version of Adobe Flash isn't supported on IE11 running on either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. However, you can still download and install the separate Adobe Flash plug-in.
+The preinstalled version of Adobe Flash isn't supported on IE11 running on either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. However, you can still download and install the separate Adobe Flash plug-in.
-**Q: Can I replace IE11 on Windows 8.1 with an earlier version?**
-No. Windows 8.1 doesn't support any of the previous versions of IE.
+**Q: Can I replace IE11 on Windows 8.1 with an earlier version?**
+No. Windows 8.1 doesn't support any of the previous versions of IE.
**Q: Are there any new Group Policy settings in IE11?**
-IE11 includes all of the previous Group Policy settings you've used to manage and control web browser configuration since Internet Explorer 9. It also includes the following new Group Policy settings, supporting new features:
+IE11 includes all of the previous Group Policy settings you've used to manage and control web browser configuration since Internet Explorer 9. It also includes the following new Group Policy settings, supporting new features:
- Turn off Page Prediction
@@ -120,14 +124,14 @@ Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/f
-**Q: Can I customize settings for IE on Windows 8.1?**
+**Q: Can I customize settings for IE on Windows 8.1?**
Settings can be customized in the following ways:
- IE11 **Settings** charm.
- IE11-related Group Policy settings.
-- IEAK 11 for settings shared by both IE and Internet Explorer for the desktop.
+- IEAK 11 for settings shared by both IE and Internet Explorer for the desktop.
**Q: Can I make Internet Explorer for the desktop my default browsing experience?**
Group Policy settings can be set to open either IE or Internet Explorer for the desktop as the default browser experience. Individual users can configure their own settings in the **Programs** tab of **Internet Options**. The following table shows the settings and results:
@@ -143,6 +147,7 @@ Group Policy settings can be set to open either IE or Internet Explorer for the
Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
+
| | | |
|---------|---------|---------|
|[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) |
@@ -196,4 +201,4 @@ The following table displays which pages are available in IEAK 11, based on the
## Related topics
- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
\ No newline at end of file
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
index 3bba45984c..a4cb639bc5 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
@@ -2,10 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: explore
description: Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.prod: ie11
ms.assetid:
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
ms.sitesec: library
ms.date: 05/10/2018
@@ -18,11 +21,11 @@ Get answers to commonly asked questions about the Internet Explorer 11 Blocker T
>[!Important]
>If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
-- [Automatic updates delivery process]()
+- [Automatic updates delivery process](#automatic-updates-delivery-process)
-- [How the Internet Explorer 11 Blocker Toolkit works]()
+- [How the Internet Explorer 11 Blocker Toolkit works](#how-the-internet-explorer-11-blocker-toolkit-works)
-- [Internet Explorer 11 Blocker Toolkit and other update services]()
+- [Internet Explorer 11 Blocker Toolkit and other update services](#internet-explorer-11-blocker-toolkit-and-other-update-services)
## Automatic Updates delivery process
@@ -48,7 +51,7 @@ other update management solution.
**Q. Why don’t we just block URL access to Windows Update or Microsoft Update?**
A. Blocking the Windows Update or Microsoft Update URLs also stops delivery of critical security and reliability updates for all of the supported versions of the Windows operating system; leaving your computers more vulnerable.
-How the Internet Explorer 11 Blocker Toolkit works
+## How the Internet Explorer 11 Blocker Toolkit works
**Q. How should I test the Internet Explorer 11 Blocker Toolkit in my company?**
A. Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additional impact or side effects to your environment. No additional testing should be necessary.
diff --git a/browsers/internet-explorer/ie11-faq/faq-ieak11.md b/browsers/internet-explorer/ie11-faq/faq-ieak11.md
index 59d6f5be4a..8064c74737 100644
--- a/browsers/internet-explorer/ie11-faq/faq-ieak11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ieak11.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
ms.pagetype: security
description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.manager: elizapo
ms.prod: ie11
-ms.assetid:
+ms.assetid:
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: IEAK 11 - Frequently Asked Questions
ms.sitesec: library
ms.date: 05/10/2018
@@ -35,7 +38,7 @@ You can customize and install IEAK 11 on the following supported operating syste
>[!Note]
>IEAK 11 does not support building custom packages for Windows RT.
-
+
**What can I customize with IEAK 11?**
@@ -51,7 +54,7 @@ Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of
>IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. To download IEAK 11, see [Internet Explorer Administration Kit (IEAK) information and downloads](../ie11-ieak/ieak-information-and-downloads.md).
**Q: Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?**
-Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
+Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
- [Internet Explorer Administration Kit Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
@@ -97,6 +100,7 @@ The following table displays which pages are available in IEAK 11, based on the
Yes. You can use IEAK 11 to build custom Internet Explorer 11 packages in any of the supported 24 languages. You'll select the language for the custom package on the Language Selection page of the customization wizard.
IEAK 11 is available in 24 languages but can build customized Internet Explorer 11 packages in all languages of the supported operating systems. Select a language below and download IEAK 11 from the download center:
+
| | | |
|---------|---------|---------|
|[English](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/en-us/ieak.msi) |[French](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/fr-fr/ieak.msi) |[Norwegian (Bokmål)](https://download.microsoft.com/download/A/B/1/AB1954BF-8B20-4F01-808A-FE5EE5269F08/MSI/nb-no/ieak.msi) |
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
index b56b2dedbf..b211933353 100644
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Accelerators page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
index f2ab6f6f59..7e89dab65d 100644
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use IEAK 11 to add and approve ActiveX controls for your organization.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Add and approve ActiveX controls using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
index b0b9219277..eae4f678e5 100644
--- a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 7ae4e747-49d2-4551-8790-46a61b5fe838
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Add a Root Certificate page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
index 08b62952da..60be35bc0d 100644
--- a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Additional Settings page in IEAK 11 Customization Wizard for additional settings that relate to your employee’s desktop, operating system, and security.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c90054af-7b7f-4b00-b55b-5e5569f65f25
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Additional Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
index 440d2c7fc1..d3883b39ca 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Automatic Configuration page in the IEAK 11 Customization Wizard to add URLs to auto-configure IE.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: de5b1dbf-6e4d-4f86-ae08-932f14e606b0
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Automatic Configuration page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index b14d4aa1ce..1a46247c5c 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Set up auto detection for DHCP or DNS servers using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -23,13 +27,13 @@ Before you can set up your environment to use automatic detection, you need to t
## Automatic detection on DHCP and DNS servers
Automatic detection works even if the browser wasn't originally set up or installed by the administrator.
-- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
-
**Note**
-Your DHCP servers must support the DHCPINFORM message, to obtain the DHCP options.
+- **Using DHCP servers:** For local area network (LAN)-based users. This server type lets you specify your global and subnet TCP/IP parameters centrally, defining your users' parameters by using reserved addresses. By doing it this way, a computer can move between subnets, automatically reconfiguring for TCP/IP when it starts.
+
Note
+ Your DHCP servers must support the DHCPINFORM message, to obtain the DHCP options.
-- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses. To use this, you have to set up either the host record or the CNAME alias record in the DNS database file.
-
**Note**
-DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
+- **Using DNS servers:** For users on dial-up connections. This server type uses a set of protocols and services on a TCP/IP network, which lets users search for other computers by using hierarchical, user-friendly names (hosts), instead of numeric IP addresses. To use this, you have to set up either the host record or the CNAME alias record in the DNS database file.
+
Note
+ DHCP has a higher priority than DNS for automatic configuration. If DHCP provides the URL to a .pac, .jvs, .js, or .ins configuration file, the process stops and the DNS lookup doesn't happen.
**To set up automatic detection for DHCP servers**
@@ -43,16 +47,16 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
**To set up automatic detection for DNS servers**
-1. In your DNS database file, the file that’s used to associate your host (computer) names to static IP addresses in a zone, you need to create a host record named, **WPAD**. This record contains entries for all of the hosts that require static mappings, such as workstations, name servers, and mail servers. It also has the IP address to the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
The syntax is:
-` IN A `
-`corserv IN A 192.55.200.143`
-`nameserver2 IN A 192.55.200.2`
-`mailserver1 IN A 192.55.200.51`
-
**-OR-**
-Create a canonical name (CNAME) alias record, named **WPAD**. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
-**Note** For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
+1. In your DNS database file, the file that’s used to associate your host (computer) names to static IP addresses in a zone, you need to create a host record named, **WPAD**. This record contains entries for all of the hosts that require static mappings, such as workstations, name servers, and mail servers. It also has the IP address to the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
The syntax is:
+ ` IN A `
+ `corserv IN A 192.55.200.143`
+ `nameserver2 IN A 192.55.200.2`
+ `mailserver1 IN A 192.55.200.51`
+
-OR-
+ Create a canonical name (CNAME) alias record, named WPAD. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
+ Note For more info about creating a WPAD entry, see Creating a WPAD entry in DNS.
-2. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
+2. After the database file propagates to the server, the DNS name, `wpad..com` resolves to the server name that includes your automatic configuration file.
**Note**
IE11 creates a default URL template based on the host name,**wpad**. For example, `https://wpad..com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
diff --git a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
index ae8a5441f1..c317a46e0e 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Automatic Version Synchronization page in the IEAK 11 Customization Wizard to download the IE11 Setup file each time you run the Wizard.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: bfc7685f-843b-49c3-8b9b-07e69705840c
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Automatic Version Synchronization page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
index 6970178857..3508c186af 100644
--- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
@@ -2,11 +2,14 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: A list of steps to follow before you start to create your custom browser installation packages.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.manager: elizapo
ms.prod: ie11
ms.assetid: 6ed182b0-46cb-4865-9563-70825be9a5e4
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Before you start using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 04/24/2018
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
index 5a0efa8edf..5c9c189f24 100644
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Branding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
index 03b1f4eddb..c1f3999a3a 100644
--- a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Browser User Interface page in the IEAK 11 Customization Wizard to change the toolbar buttons and the title bar.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c4a18dcd-2e9c-4b5b-bcc5-9b9361a79f0d
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Browser User Interface page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -16,7 +20,7 @@ The **Browser User Interface** page of the Internet Explorer Customization Wizar
**Note** The customizations you make on this page apply only to Internet Explorer for the desktop.
- **To use the Browser User Interface page**
+ **To use the Browser User Interface page**
1. Check the **Customize Title Bars** box so you can add your custom text to the **Title Bar Text** box.
The text shows up in the title bar as **IE provided by** <*your_custom_text*>.
@@ -25,27 +29,27 @@ The text shows up in the title bar as **IE provided by** <*your_custom_text*&
**Note** Only Administrators can use this option.
-3. Click **Add** to add new toolbar buttons.
-The **Browser Toolbar Button Information** box appears.
+3. Click **Add** to add new toolbar buttons.
+ The **Browser Toolbar Button Information** box appears.
-4. In the **Toolbar caption** box, type the text that shows up when an employee hovers over your custom button. We recommend no more than 10 characters.
+4. In the **Toolbar caption** box, type the text that shows up when an employee hovers over your custom button. We recommend no more than 10 characters.
-5. In the **Toolbar action** box, browse to your script or executable file that runs when an employee clicks your custom button.
+5. In the **Toolbar action** box, browse to your script or executable file that runs when an employee clicks your custom button.
-6. In the **Toolbar icon** box, browse to the icon file that represents your button while active. This icon must be 20x20 pixels.
+6. In the **Toolbar icon** box, browse to the icon file that represents your button while active. This icon must be 20x20 pixels.
-7. Check the **This button should be shown on the toolbar by default** box so your custom button shows by default.
-This box should be cleared if you want to offer a custom set of buttons, but want your employees to choose whether or not to use them. In this situation, your buttons will show up in the **Customize Toolbars** dialog box, under **Available toolbar buttons**. Your employees can get to this dialog box in IE by clicking **Tools** from the **Command Bar**, clicking **Toolbars**, and then clicking **Customize**.
+7. Check the **This button should be shown on the toolbar by default** box so your custom button shows by default.
+ This box should be cleared if you want to offer a custom set of buttons, but want your employees to choose whether or not to use them. In this situation, your buttons will show up in the **Customize Toolbars** dialog box, under **Available toolbar buttons**. Your employees can get to this dialog box in IE by clicking **Tools** from the **Command Bar**, clicking **Toolbars**, and then clicking **Customize**.
-8. Click **OK.**
+8. Click **OK.**
-9. Click **Edit** to change your custom toolbar button or **Remove** to delete the button. The removed button will disappear from your employee’s computer after you apply the updated customization. Only custom toolbar buttons can be removed.
+9. Click **Edit** to change your custom toolbar button or **Remove** to delete the button. The removed button will disappear from your employee’s computer after you apply the updated customization. Only custom toolbar buttons can be removed.
10. Click **Next** to go to the [Search Providers](search-providers-ieak11-wizard.md) page or **Back** to go to the [User Experience](user-experience-ieak11-wizard.md) page.
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
index e317f9ebc8..b2b123ff69 100644
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
index b602a68d7f..a39adaff3e 100644
--- a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Browsing Options page in the IEAK 11 Customization Wizard to manage items in the Favorites, Favorites Bar, and Feeds section.
-author: shortpatti
-ms.prod: ie111
+author: dansimp
+ms.prod: ie11
ms.assetid: d6bd71ba-5df3-4b8c-8bb5-dcbc50fd974e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Browsing Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
index d7a3094423..e5bf7ebb40 100644
--- a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[CabSigning\] .INS file setting to customize the digital signature info for your apps.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 098707e9-d712-4297-ac68-7d910ca8f43b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the CabSigning .INS file to customize the digital signature info for your apps (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
index 64b989ddcb..cda9702eb4 100644
--- a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
@@ -3,9 +3,13 @@ ms.localizationpriority: medium
ms.mktglfcycl: deploy
ms.pagetype: appcompat
description: We’re sorry. We’ve removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 51d8f80e-93a5-41e4-9478-b8321458bc30
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Compatibility View page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
index 2e8573d0f1..aaec7b0fa2 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: We’re sorry. We’ve removed all of the functionality included on the **Connection Manager** page of the Internet Explorer Customization Wizard 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 1edaa7db-cf6b-4f94-b65f-0feff3d4081a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Connection Manager page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
index a54ca3f9f5..66beabdbca 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Connection Settings page in IEAK 11 Customization Wizard to import and preset connection settings on your employee’s computers.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: dc93ebf7-37dc-47c7-adc3-067d07de8b78
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Connection Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -24,15 +28,15 @@ The **Connection Settings** page of the Internet Explorer Administration Kit (IE
**To use the Connection Settings page**
-1. Decide if you want to customize your connection settings. You can pick:
+1. Decide if you want to customize your connection settings. You can pick:
- - **Do not customize Connection Settings.** Pick this option if you don’t want to preset your employee’s connection settings.
+ - **Do not customize Connection Settings.** Pick this option if you don’t want to preset your employee’s connection settings.
- - **Import the current Connection Settings from this machine.** Pick this option to import your connection settings from your computer and use them as the preset for your employee’s connection settings.
+ - **Import the current Connection Settings from this machine.** Pick this option to import your connection settings from your computer and use them as the preset for your employee’s connection settings.
- **Note** If you want to change any of your settings later, you can click **Modify Settings** to open the **Internet Properties** box, click the **Connection Settings** tab, and make your changes.
+ **Note** If you want to change any of your settings later, you can click **Modify Settings** to open the **Internet Properties** box, click the **Connection Settings** tab, and make your changes.
-2. Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
+2. Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
-3. Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
+3. Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
index 0112c0f16f..779e024e57 100644
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the ConnectionSettings .INS file to review the network connections for install (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
index b8981f575f..91f26adf5b 100644
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: How to create your folder structure on the computer that you’ll use to build your custom browser package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Create the build computer folder structure using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
index 4827fc1c75..3e8043c959 100644
--- a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Review this list of tasks and references before you create and deploy your Internet Explorer 11 custom install packages.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: fe71c603-bf07-41e1-a477-ade5b28c9fb3
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Tasks and references to consider before creating and deploying custom packages using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -17,7 +21,7 @@ Review this list of tasks and references to help you use the Internet Explorer A
|Task |References |
|----------------------------------------|--------------------------------------------------------------|
|Review concepts and requirements, including info about the version and features you'll use. |
[Hardware and software requirements for IEAK 11](hardware-and-software-reqs-ieak11.md)
[Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md)
[Before you start using IEAK 11](before-you-create-custom-pkgs-ieak11.md)
|
-|Prep your environment and get all of the info you'll need for running IEAK 11 |
[Create the build computer folder structure using IEAK 11](create-build-folder-structure-ieak11.md)
[Customize the Toolbar button and Favorites List icons using IEAK 11](guidelines-toolbar-and-favorites-list-ieak11.md)
[Before you install your package over your network using IEAK 11](prep-network-install-with-ieak11.md)
[Set up auto detection for DHCP or DNS servers using IEAK 11](auto-detection-dhcp-or-dns-servers-ieak11.md)
[Register an uninstall app for custom components using IEAK 11](register-uninstall-app-ieak11.md)
[Add and approve ActiveX controls using the IEAK 11](add-and-approve-activex-controls-ieak11.md)
[Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](ieak11-wizard-custom-options.md)
[Security features and IEAK 11 ](security-and-ieak11.md)
|
+|Prep your environment and get all of the info you'll need for running IEAK 11 |
[Create the build computer folder structure using IEAK 11](create-build-folder-structure-ieak11.md)
[Customize the Toolbar button and Favorites List icons using IEAK 11](guidelines-toolbar-and-favorites-list-ieak11.md)
[Before you install your package over your network using IEAK 11](prep-network-install-with-ieak11.md)
[Set up auto detection for DHCP or DNS servers using IEAK 11](auto-detection-dhcp-or-dns-servers-ieak11.md)
[Register an uninstall app for custom components using IEAK 11](register-uninstall-app-ieak11.md)
[Add and approve ActiveX controls using the IEAK 11](add-and-approve-activex-controls-ieak11.md)
[Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](ieak11-wizard-custom-options.md)
[Security features and IEAK 11](security-and-ieak11.md)
|
|Run the Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard |
[Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md)
[Use the Platform Selection page in the IEAK 11 Wizard](platform-selection-ieak11-wizard.md)
[Use the Language Selection page in the IEAK 11 Wizard](language-selection-ieak11-wizard.md)
[Use the Package Type Selection page in the IEAK 11 Wizard](pkg-type-selection-ieak11-wizard.md)
[Use the Feature Selection page in the IEAK 11 Wizard](feature-selection-ieak11-wizard.md)
[Use the Automatic Version Synchronization page in the IEAK 11 Wizard](auto-version-sync-ieak11-wizard.md)
[Use the Custom Components page in the IEAK 11 Wizard](custom-components-ieak11-wizard.md)
[Use the Internal Install page in the IEAK 11 Wizard](internal-install-ieak11-wizard.md)
[Use the User Experience page in the IEAK 11 Wizard](user-experience-ieak11-wizard.md)
[Use the Browser User Interface page in the IEAK 11 Wizard](browser-ui-ieak11-wizard.md)
[Use the Search Providers page in the IEAK 11 Wizard](search-providers-ieak11-wizard.md)
[Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](important-urls-home-page-and-support-ieak11-wizard.md)
[Use the Accelerators page in the IEAK 11 Wizard](accelerators-ieak11-wizard.md)
[Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard](favorites-favoritesbar-and-feeds-ieak11-wizard.md)
[Use the Browsing Options page in the IEAK 11 Wizard](browsing-options-ieak11-wizard.md)
[Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard](first-run-and-welcome-page-ieak11-wizard.md)
[Use the Compatibility View page in the IEAK 11 Wizard](compat-view-ieak11-wizard.md)
[Use the Connection Manager page in the IEAK 11 Wizard](connection-mgr-ieak11-wizard.md)
[Use the Connection Settings page in the IEAK 11 Wizard](connection-settings-ieak11-wizard.md)
[Use the Automatic Configuration page in the IEAK 11 Wizard](auto-config-ieak11-wizard.md)
[Use the Proxy Settings page in the IEAK 11 Wizard](proxy-settings-ieak11-wizard.md)
[Use the Security and Privacy Settings page in the IEAK 11 Wizard](security-and-privacy-settings-ieak11-wizard.md)
[Use the Add a Root Certificate page in the IEAK 11 Wizard](add-root-certificate-ieak11-wizard.md)
[Use the Programs page in the IEAK 11 Wizard](programs-ieak11-wizard.md)
[Use the Additional Settings page in the IEAK 11 Wizard](additional-settings-ieak11-wizard.md)
[Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard](wizard-complete-ieak11-wizard.md)
|
|Review your policy settings and create multiple versions of your install package. |
[Create multiple versions of your custom package using IEAK 11](create-multiple-browser-packages-ieak11.md)
[Use the RSoP snap-in to review policy settings](rsop-snapin-for-policy-settings-ieak11.md)
**Note** For deployment instructions, additional troubleshooting, and post-installation management, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
|
|Review the general IEAK Customization Wizard 11 information, which applies throughout the process. |
[Troubleshoot custom package and IEAK 11 problems](troubleshooting-custom-browser-pkg-ieak11.md)
[File types used or created by IEAK 11](file-types-ieak11.md)
[Customize Automatic Search using IEAK 11](customize-automatic-search-for-ie.md)
[Use the uninstallation .INF files to uninstall custom components](create-uninstall-inf-files-for-custom-components.md)
[Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md)
[Use proxy auto-configuration (.pac) files with IEAK 11](proxy-auto-config-examples.md)
[IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
|
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
index cb1a3823fc..6196fabf79 100644
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Create multiple versions of your custom package using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
index e9cb1ff4ce..3cf498605c 100644
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use Setup information (.inf) files to uninstall custom components (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
index 5b7532f69e..571b73d327 100644
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Custom Components page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
index f404bf78cf..e7469fa864 100644
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the CustomBranding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -14,7 +18,8 @@ ms.date: 07/27/2017
# Use the CustomBranding .INS file to create custom branding and setup info
Provide the URL to your branding cabinet (.cab) file.
-|Name |Value | Description |
-|-----------|--------------------------------|--------------------------------------------------------------|
-|Branding |`` |The location of your branding cabinet (.cab) file. For example, https://www.<your_server>.net/cabs/branding.cab.|
+
+| Name | Value | Description |
+|----------|------------------|------------------------------------------------------------------------------------------------------------------------|
+| Branding | `` | The location of your branding cabinet (.cab) file. For example, https://www.<your_server>.net/cabs/branding.cab. |
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index fde8b84b67..3c0af97192 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: manage
description: Customize Automatic Search in Internet Explorer so that your employees can type a single word into the Address box to search for frequently used pages.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 694e2f92-5e08-49dc-b83f-677d61fa918a
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Customize Automatic Search using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -21,13 +25,13 @@ You can customize Automatic Search so that your employees can type a single word
**To set up Automatic Search**
-1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.
-For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
-**Important** If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location.
+1. Create a script (.asp) file that conditionally looks for search terms, and post it to an intranet server here: https://ieautosearch/response.asp?MT=%1&srch=%2.
+ For info about the acceptable values for the *%1* and *%2* parameters, see the [Automatic Search parameters](#automatic-search-parameters). For an example of the script file, see the [Sample Automatic Search script](#sample-automatic-search-script).
+ **Important** If you aren’t using IIS in your company, you’ll need to remap this URL to your script file’s location.
-2. On the **Additional Settings** page of the IEAK 11, click **Internet Settings**, and then click **Advanced Settings**.
+2. On the **Additional Settings** page of the IEAK 11, click **Internet Settings**, and then click **Advanced Settings**.
-3. Go to the section labeled **Searching** and type *intranet* into the **Search Provider Keyword** box.
+3. Go to the section labeled **Searching** and type *intranet* into the **Search Provider Keyword** box.
**To redirect to a different site than the one provided by the search results**
@@ -90,9 +94,9 @@ end if
%>
```
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
index 4c3726a566..06e8d6c3f3 100644
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the ExtRegInf .INS file to specify your installation files and mode (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -12,7 +16,7 @@ ms.date: 07/27/2017
# Use the ExtRegInf .INS file to specify installation files and mode
-Info about how to specify your Setup information (.inf) files and the instsallation mode for your custom components.
+Info about how to specify your Setup information (.inf) files and the installation mode for your custom components.
|Name |Value |Description |
|-----------|---------|------------------------------------------------------------------------------------------------------------------|
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
index 7b876c2cea..47bf04d6e2 100644
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
index 68953ff98d..694b8d994d 100644
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 55de376a-d442-478e-8978-3b064407b631
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the FavoritesEx .INS file for your Favorites icon and URLs (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
index 4baf035425..b27bc3273a 100644
--- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
@@ -2,12 +2,15 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Feature Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
-ms.date: 07/27/2017
---
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
index 70f59f0665..f3224c2055 100644
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the File Locations page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
index d782c47cf9..38703f9131 100644
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11).
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: File types used or created by IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -19,7 +23,7 @@ A list of the file types used or created by tools in IEAK 11:
|.adm | An admin file (located at `:\Program Files\Windows IEAK 11\policies`), used by Group Policy to define the system policies and restrictions for Windows. You can use the IEAK 11 to change these settings. |
|.bat |An ASCII text file that contains a sequence of operating system commands, including the parameters and operators supported by the batch command language. When you run the batch file from a command prompt, the computer processes each command sequentially. |
|.bmp, .gif, .jpeg, and .jpg |Image files you can use to customize your toolbar button and favorites list icons. For info, see the [Customize the Toolbar button and Favorites List icons using IEAK 11](guidelines-toolbar-and-favorites-list-ieak11.md) page. |
-|.cab |A compressed cabinet (.cab) file, created by the Internet Explorer Customization Wizard 11 to store your custom compenent files. We highly recommend that your .cab files be signed for security purposes. For more info, see the [Security features and IEAK 11](security-and-ieak11.md) page. |
+|.cab |A compressed cabinet (.cab) file, created by the Internet Explorer Customization Wizard 11 to store your custom component files. We highly recommend that your .cab files be signed for security purposes. For more info, see the [Security features and IEAK 11](security-and-ieak11.md) page. |
|.cif |A component info file (IESetup.cif), identifying the new or updated components you're going to install with Internet Explorer. Each component file has an associated *ComponentID* that's used by Windows Update Setup to determine whether a new component or an update exists. |
|.cmp |Connection profile files that are created by the Connection Manager Administration Kit (CMAK). |
|.cms |Service provider files, created by the CMAK tool to specify the configuration of the phone book and many of the other functions of your service profiles. |
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
index 8ee207bf57..507450938d 100644
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
index f3fbc10a27..0864538448 100644
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Customize the toolbar button and Favorites List icons using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
index 6e1b19b500..0ba0f580a8 100644
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Hardware and software requirements for Internet Explorer 11 and the IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
index a0cec600e1..7d50512355 100644
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the HideCustom .INS file to hide the GUID for each custom component (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -17,11 +21,11 @@ Info about whether to hide the globally unique identifier (GUID) for each of you
|Name |Value |Description |
|------|-------------------------------------------------------------------------------------|-----------------------------------------------|
|GUID |
**0.** Component isn't hidden.
**1.** Component is hidden.
|Determines whether this is a hidden component. |
-
+
-
+
-
+
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
index 3363f80ab6..51dc959759 100644
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Reference about the command-line options and return codes for Internet Explorer Setup.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Internet Explorer Setup command-line options and return codes (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
index 0e0ea99ea5..b8c3d25c24 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak-information-and-downloads.md
@@ -3,11 +3,14 @@ ms.localizationpriority: medium
ms.mktglfcycl: support
ms.pagetype: security
description: The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. Use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.manager: dougkim
ms.prod: ie11
-ms.assetid:
+ms.assetid:
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Internet Explorer Administration Kit (IEAK) information and downloads
ms.sitesec: library
ms.date: 05/10/2018
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
index 1e17bda2eb..f27ec8b5b9 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Review the options available to help you customize your browser install packages for deployment to your employee's devices.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index c2483af8c4..cd7c730569 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -2,19 +2,23 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Reference about the command-line options for the IExpress Wizard.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: IExpress Wizard command-line options (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
---
+# IExpress Wizard command-line options
**Applies to:**
- Windows Server 2008 R2 with SP1
-# IExpress Wizard command-line options
Use command-line options with the IExpress Wizard (IExpress.exe) to control your Internet Explorer custom browser package extraction process.
These command-line options work with IExpress:
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
index 235580070d..35dc9f9cc5 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the IExpress Wizard on Windows Server 2008 R2 with SP1 to create self-extracting files to run your custom Internet Explorer Setup program.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 5100886d-ec88-4c1c-8cd7-be00da874c57
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: IExpress Wizard for Windows Server 2008 R2 with SP1 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
index 604489d8fc..022767b179 100644
--- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Important URLs - Home Page and Support page in the IEAK 11 Customization Wizard to choose one or more **Home** pages and an online support page for your customized version of IE.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 19e34879-ba9d-41bf-806a-3b9b9b752fc1
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
index 74c0cbdb1c..3187f8b507 100644
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@@ -1,13 +1,14 @@
---
ms.mktglfcycl: plan
description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
-author: shortpatti
+author: dansimp
+ms.author: dansimp
ms.prod: ie11
ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.localizationpriority: medium
-ms.date: 07/27/2017
+manager: dansimp
---
@@ -45,4 +46,4 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
\ No newline at end of file
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
index 30e1694ffe..15db2bc20f 100644
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Internal Install page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
index ba4e23f6df..b625916fd1 100644
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the ISP_Security .INS file to add your root certificate (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
index cd6540d994..b2f66781b7 100644
--- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
@@ -1,10 +1,14 @@
---
ms.localizationpriority: medium
ms.mktglfcycl: deploy
-description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package.
-author: shortpatti
+description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the language for your IEAK 11 custom package.
+author: dansimp
ms.prod: ie11
ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Language Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
index 056ef076a4..296dec1688 100644
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
@@ -2,10 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Learn about the version of the IEAK 11 you should run, based on your license agreement.
-author: pashort
-ms.author: shortpatti
-ms.prod: ie11, ieak11
+author: dansimp
+ms.author: dansimp
+ms.prod: ie11
ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 10/23/2018
@@ -15,44 +18,45 @@ ms.date: 10/23/2018
# Determine the licensing version and features to use in IEAK 11
In addition to the Software License Terms for the Internet Explorer Administration Kit 11 (IEAK 11, referred to as the "software"), these Guidelines further define how you may and may not use the software to create versions of Internet Explorer 11 with optional customizations (referred to as the "customized browser") for internal use and distribution in accordance with the IEAK 11 Software License Terms. IEAK 11 is for testing purposes only and is not intended to be used in a production environment.
-During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
+During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
- **External Distribution as an Internet Service Provider (ISP), Internet Content Provider (ICP), or Developer.** If you are an ISP or an ICP, your license agreement also states that you must show the Internet Explorer logo on your packaging and promotional goods, as well as on your website.
>[!IMPORTANT]
- >Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
+ >Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
- **Internal Distribution via a Corporate Intranet.** This version is for network admins that plan to directly deploy IE11 into a corporate environment.
## Available features by version
-| Feature | Internal | External |
-| ---------------------------------------- | :---------------------------------------------: | :----------------------------------------------: |
-|Welcome screen |  |  |
-|File locations |  |  |
-|Platform selection |  |  |
-|Language selection |  |  |
-|Package type selection |  |  |
-|Feature selection |  |  |
-|Automatic Version Synchronization (AVS) |  |  |
-|Custom components |  |  |
-|Internal install |  |  |
-|User experience |  |  |
-|Browser user interface |  |  |
-|Search providers |  |  |
-|Important URLs – Home page and support |  |  |
-|Accelerators |  |  |
-|Favorites, Favorites bar, and feeds |  |  |
-|Browsing options |  |  |
-|First Run wizard and Welcome page options |  |  |
-|Connection manager |  |  |
-|Connection settings |  |  |
-|Automatic configuration |  |  |
-|Proxy settings |  |  |
-|Security and privacy settings |  |  |
-|Add a root certificate |  |  |
-|Programs |  |  |
-|Additional settings |  |  |
-|Wizard complete |  |  |
+| Feature | Internal | External |
+|-------------------------------------------|:--------------------------------------------------------------------------------:|:------------------------------------------------------------------------------------:|
+| Welcome screen |  |  |
+| File locations |  |  |
+| Platform selection |  |  |
+| Language selection |  |  |
+| Package type selection |  |  |
+| Feature selection |  |  |
+| Automatic Version Synchronization (AVS) |  |  |
+| Custom components |  |  |
+| Internal install |  |  |
+| User experience |  |  |
+| Browser user interface |  |  |
+| Search providers |  |  |
+| Important URLs – Home page and support |  |  |
+| Accelerators |  |  |
+| Favorites, Favorites bar, and feeds |  |  |
+| Browsing options |  |  |
+| First Run wizard and Welcome page options |  |  |
+| Connection manager |  |  |
+| Connection settings |  |  |
+| Automatic configuration |  |  |
+| Proxy settings |  |  |
+| Security and privacy settings |  |  |
+| Add a root certificate |  |  |
+| Programs |  |  |
+| Additional settings |  |  |
+| Wizard complete |  |  |
+
---
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
index ff473d6648..a441fe7be2 100644
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Media .INS file to specify your install media (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
index 19e75dbdca..ce2517bf60 100644
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Package Type Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
index 9bac11b82d..342ac46d58 100644
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
@@ -2,16 +2,19 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
---
-# Use the Platform Selection page in the IEAK 11 Wizard
+# Use the Platform Selection page in the IEAK 11 Wizard
The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package.
**To use the Platform Selection page**
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
index d6e16707bd..809110fc8b 100644
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Before you install your package over your network using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
index 7509c355d2..8b46cc1615 100644
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
@@ -2,16 +2,19 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
---
-# Use the Programs page in the IEAK 11 Wizard
+# Use the Programs page in the IEAK 11 Wizard
The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer.
**Important** The customizations you make on this page only apply to Internet Explorer for the desktop.
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
index 5e04f4e473..06213a78ae 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use proxy auto-configuration (.pac) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
index c98971ddef..80e2e5d2c0 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Proxy .INS file to specify a proxy server (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index 22252bf546..a99dc70ae0 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Proxy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
index e0838b0473..c6fb131002 100644
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Learn how to register an uninstall app for your custom components, using IEAK 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Register an uninstall app for custom components using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.date: 07/27/2017
---
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index 922be0f879..8bf7232c7c 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: manage
description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the RSoP snap-in to review policy settings (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
index 3633d298c1..f66425a743 100644
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Search Providers page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index fe275274f8..71d99f8b9f 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: plan
description: Learn about the security features available in Internet Explorer 11 and IEAK 11.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Security features and IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
index 8da6980597..16ffc69435 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Security and Privacy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
index a01457ac6c..e65b0e2b77 100644
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
@@ -2,9 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: deploy
description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package.
-author: shortpatti
+author: dansimp
ms.prod: ie11
ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
+ms.reviewer:
+audience: itpro
+manager: dansimp
+ms.author: dansimp
title: Use the Security Imports .INS file to import security info (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
index 8f9826a8b5..7b0db0bbc4 100644
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
@@ -2,10 +2,13 @@
ms.localizationpriority: medium
ms.mktglfcycl: support
description: Info about some of the known issues using the Internet Exporer Customization Wizard and a custom Internet Explorer install package.
-author: shortpatti
-ms.author: pashort
+author: dansimp
+ms.author: dansimp
ms.prod: ie11
ms.assetid: 9e22cc61-6c63-4cab-bfdf-6fe49db945e4
+ms.reviewer:
+audience: itpro
+manager: dansimp
title: Troubleshoot custom package and IEAK 11 problems (Internet Explorer Administration Kit 11 for IT Pros)
ms.sitesec: library
ms.date: 07/27/2017
@@ -73,8 +76,8 @@ If you cannot uninstall IE using **Uninstall or change a program** in the Contro
## The Internet Explorer Customization Wizard 11 does not work with user names that user double-byte character sets
The customization wizard does not work with user names that use double-byte character sets, such as Chinese or Japanese. To fix this, set the **TEMP** and **TMP** environmental variables to a path that does not use these characters (for example, C:\temp).
-1. Open **System Properties**, click the **Advanced** tab, and then click **Environmental Variables**.
-2. Click Edit, and then modify the **TEMP** and **TMP** environmental variables to a non-user profile directory.
+1. Open **System Properties**, click the **Advanced** tab, and then click **Environmental Variables**.
+2. Click Edit, and then modify the **TEMP** and **TMP** environmental variables to a non-user profile directory.
## Unicode characters are not supported in IEAK 11 path names
diff --git a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
index b5ba778a93..965fda174e 100644
--- a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
@@ -1,37 +1,40 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
-title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the URL .INS file to use an auto-configured proxy server
-Info about whether to use an auto-configured proxy server. If yes, this also includes the URLs to the pages that appear when your employees first connect to that server.
-
-|Name |Value |Description |
-|-----|------|------------|
-|AutoConfig |
**0.** Don’t automatically configure the browser.
**1.** Automatically configure the browser.
|Determines whether to automatically configure the customized browser on your employee’s device. |
-|AutoConfigJSURL |`` |The URL for the proxy auto-config file (.js or .jvs) |
-|AutoConfigTime |*integer* |Automatically configures the browser on your employee’s device after its run for a specified length of time. |
-|AutoConfigURL |`` |The URL for the proxy auto-config (.pac) file. |
-|FirstHomePage |`` |The page (URL) that appears the first time the custom browser is opened on the employee’s device. |
-|Help_Page |`` |The URL to your internal technical support site. |
-|Home_Page |`` |The URL to your default **Home** page. |
-|NoWelcome |
**0.** Display the **Welcome** page.
**1.** Don’t display the **Welcome** page.
|Determines whether to show the **Welcome** page the first time the browser’s used on an employee’s device. |
-|Quick_Link_1 |`` |The URL to your first Quick Link. |
-|Quick_Link_1_Name |`` |The name of the site associated with Quick_Link_1. |
-|Quick_Link_2 |`` |The URL to your second Quick Link. |
-|Quick_Link_2_Name |`` |The name of the site associated with Quick_Link_2. |
-|Quick_Link_X |`` |The URL to another Quick Link. |
-|Quick_Link_X_Icon |`` |A Quick Links icon (.ico) file. |
-|Quick_Link_X_Name |`` |The name of the site associated with another Quick Link. |
-|Quick_Link_X_Offline |
**0.** Don’t make the Quick Links available offline.
**1.** Make the Quick Links available offline.
|Determines whether to make the Quick Links available for offline browsing. |
-|Search_Page |`` |The URL to the default search page. |
-|UseLocalIns |
**0.** Don’t use a local .ins file.
**1.** Use a local .ins file.
|Determines whether to use a local Internet Settings (.ins) file |
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
+author: dansimp
+ms.prod: ie11
+ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Use the URL .INS file to use an auto-configured proxy server
+Info about whether to use an auto-configured proxy server. If yes, this also includes the URLs to the pages that appear when your employees first connect to that server.
+
+|Name |Value |Description |
+|-----|------|------------|
+|AutoConfig |
**0.** Don’t automatically configure the browser.
**1.** Automatically configure the browser.
|Determines whether to automatically configure the customized browser on your employee’s device. |
+|AutoConfigJSURL |`` |The URL for the proxy auto-config file (.js or .jvs) |
+|AutoConfigTime |*integer* |Automatically configures the browser on your employee’s device after its run for a specified length of time. |
+|AutoConfigURL |`` |The URL for the proxy auto-config (.pac) file. |
+|FirstHomePage |`` |The page (URL) that appears the first time the custom browser is opened on the employee’s device. |
+|Help_Page |`` |The URL to your internal technical support site. |
+|Home_Page |`` |The URL to your default **Home** page. |
+|NoWelcome |
**0.** Display the **Welcome** page.
**1.** Don’t display the **Welcome** page.
|Determines whether to show the **Welcome** page the first time the browser’s used on an employee’s device. |
+|Quick_Link_1 |`` |The URL to your first Quick Link. |
+|Quick_Link_1_Name |`` |The name of the site associated with Quick_Link_1. |
+|Quick_Link_2 |`` |The URL to your second Quick Link. |
+|Quick_Link_2_Name |`` |The name of the site associated with Quick_Link_2. |
+|Quick_Link_X |`` |The URL to another Quick Link. |
+|Quick_Link_X_Icon |`` |A Quick Links icon (.ico) file. |
+|Quick_Link_X_Name |`` |The name of the site associated with another Quick Link. |
+|Quick_Link_X_Offline |
**0.** Don’t make the Quick Links available offline.
**1.** Make the Quick Links available offline.
|Determines whether to make the Quick Links available for offline browsing. |
+|Search_Page |`` |The URL to the default search page. |
+|UseLocalIns |
**0.** Don’t use a local .ins file.
**1.** Use a local .ins file.
|Determines whether to use a local Internet Settings (.ins) file |
+
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
index 425f3e2e60..ed8f2be8f1 100644
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
@@ -1,57 +1,60 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
-title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the User Experience page in the IEAK 11 Wizard
-The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
-
-**Note** You’ll only see this page if you are running the **Internal** version of the Internet Explorer Customization Wizard 11.
The customizations you make on this page only apply to Internet Explorer for the desktop on Windows 7.
-
-**To use the User Experience page**
-
-1. Choose how your employee should interact with Setup, including:
-
- - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
-
- - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
-
- - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
-
Both the hands-free and completely silent installation options will:
-
- - Answer prompts so Setup can continue.
-
- - Accept the license agreement.
-
- - Determine that Internet Explorer 11 is installed and not just downloaded.
-
- - Perform your specific installation type.
-
- - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
-
-2. Choose if your employee’s device will restart at the end of Setup.
-
- - **Default**. Prompts your employees to restart after installing IE.
-
- - **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
-
- - **Force restart**. Automatically restarts the computer after installing IE.
-
-3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
-
-
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
+author: dansimp
+ms.prod: ie11
+ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Use the User Experience page in the IEAK 11 Wizard
+The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
+
+**Note** You’ll only see this page if you are running the **Internal** version of the Internet Explorer Customization Wizard 11.
The customizations you make on this page only apply to Internet Explorer for the desktop on Windows 7.
+
+**To use the User Experience page**
+
+1. Choose how your employee should interact with Setup, including:
+
+ - **Interactive installation**. Lets your employees change installation options while installing your custom package. This experience shows all of the progress and error messages throughout the process.
+
+ - **Hands-free installation**. Lets you make all of the decisions for your employees. However, they’ll still see all of the progress and error messages throughout the process.
+
+ - **Completely silent installation**. Lets you make all of the decisions for your employees and hides all of the progress and error messages. Because this mode is completely silent, if the installation fails, your employees won’t know and they won’t be able to run the installation package again.
+
Both the hands-free and completely silent installation options will:
+
+ - Answer prompts so Setup can continue.
+
+ - Accept the license agreement.
+
+ - Determine that Internet Explorer 11 is installed and not just downloaded.
+
+ - Perform your specific installation type.
+
+ - Install IE in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.
+
+2. Choose if your employee’s device will restart at the end of Setup.
+
+ - **Default**. Prompts your employees to restart after installing IE.
+
+ - **No restart**. Doesn’t restart the computer after installing IE. The employee will have to manually restart later.
+
+ - **Force restart**. Automatically restarts the computer after installing IE.
+
+3. Click **Next** to go to the [Browser User Interface](browser-ui-ieak11-wizard.md) page or **Back** to go to the [Internal Install](internal-install-ieak11-wizard.md) page.
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
index b3eaeb6c0f..3efd12ffa8 100644
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
@@ -1,34 +1,37 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
-title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Using Internet Settings (.INS) files with IEAK 11
-Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
-
-Here's a list of the availble .INS file settings:
-
-|Setting |Description |
-|-----------------------------------------|------------------------------------------------------------------------------|
-|[Branding](branding-ins-file-setting.md) |Customize the branding and setup information in your browser package. |
-|[BrowserToolbars](browsertoolbars-ins-file-setting.md) |Customize the appearance of the IE toolbar. |
-|[CabSigning](cabsigning-ins-file-setting.md) |Digital signature information for your programs. |
-|[ConnectionSettings](connectionsettings-ins-file-setting.md) |Info about the networking connection settings used to install your custom package. |
-|[CustomBranding](custombranding-ins-file-setting.md) |URL location to your branding cabinet (.cab) file. |
-|[ExtRegInf](extreginf-ins-file-setting.md) |Names of your Setup information (.inf) files and the installation mode for components. |
-|[FavoritesEx](favoritesex-ins-file-setting.md) |Add a path to your icon file for **Favorites**, decide whether **Favorites** are available offline, and add URLs to each**Favorites** site. |
-|[HideCustom](hidecustom-ins-file-setting.md) |Whether to hide the globally unique identifier (GUID) for each custom component. |
-|[ISP_Security](isp-security-ins-file-setting.md) |The root certificate you’re adding to your custom package. |
-|[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
-|[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
-|[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
-|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
+author: dansimp
+ms.prod: ie11
+ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Using Internet Settings (.INS) files with IEAK 11
+Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
+
+Here's a list of the available .INS file settings:
+
+|Setting |Description |
+|-----------------------------------------|------------------------------------------------------------------------------|
+|[Branding](branding-ins-file-setting.md) |Customize the branding and setup information in your browser package. |
+|[BrowserToolbars](browsertoolbars-ins-file-setting.md) |Customize the appearance of the IE toolbar. |
+|[CabSigning](cabsigning-ins-file-setting.md) |Digital signature information for your programs. |
+|[ConnectionSettings](connectionsettings-ins-file-setting.md) |Info about the networking connection settings used to install your custom package. |
+|[CustomBranding](custombranding-ins-file-setting.md) |URL location to your branding cabinet (.cab) file. |
+|[ExtRegInf](extreginf-ins-file-setting.md) |Names of your Setup information (.inf) files and the installation mode for components. |
+|[FavoritesEx](favoritesex-ins-file-setting.md) |Add a path to your icon file for **Favorites**, decide whether **Favorites** are available offline, and add URLs to each**Favorites** site. |
+|[HideCustom](hidecustom-ins-file-setting.md) |Whether to hide the globally unique identifier (GUID) for each custom component. |
+|[ISP_Security](isp-security-ins-file-setting.md) |The root certificate you’re adding to your custom package. |
+|[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
+|[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
+|[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
+|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
index 2754da89f4..5e8b4e979e 100644
--- a/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
+++ b/browsers/internet-explorer/ie11-ieak/what-ieak-can-do-for-you.md
@@ -1,66 +1,68 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: support
-ms.pagetype: security
-description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-author: shortpatti
-ms.author: pashort
-ms.manager: elizapo
-ms.prod: ie11
-ms.assetid:
-title: What IEAK can do for you
-ms.sitesec: library
-ms.date: 05/10/2018
----
-
-# What IEAK can do for you
-
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-
-- Internal
-
-- External
-
-## IEAK 11 users
-Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
-
-IEAK 10 and newer includes the ability to install using one of the following installation modes:
-- Internal
-- External
-
->[!NOTE]
->IEAK 11 works in network environments, with or without Microsoft Active Directory service.
-
-
-### Corporations
-IEAK helps corporate administrators establish version control, centrally distribute and manage browser installation, configure automatic connection profiles, and customize large portions of Internet Explorer, including features, security, communications settings, and other important functionality.
-
-Corporate administrators install IEAK using Internal mode (for Internet Explorer 10 or newer) or Corporate mode (for Internet Explorer 9 or older).
-
-### Internet service providers
-IEAK helps ISPs customize, deploy and distribute, add third-party add-ons, search providers, and custom components, as well as include web slices and accelerators all as part of a custom Internet Explorer installation package.
-
-ISPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Service Provider (ISP) mode (for Internet Explorer 9 or older).
-
-### Internet content providers
-IEAK helps ICPs customize the appearance of Internet Explorer and its Setup program, including letting you add your company name or specific wording to the Title bar, set up a customer support webpage, set up the user home page and search providers, add links to the Favorites and the Explorer bars, add optional components, web slices and accelerators, and determine which compatibility mode Internet Explorer should use.
-
-ICPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older)
-
-### Independent software vendors
-IEAK helps ISVs distribute (and redistribute) a custom version of Internet Explorer that can include custom components, programs, and controls (like the web browser control) that you create for your users. ISVs can also determine home pages, search providers, and add websites to the Favorites bar.
-
-ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older).
-
-## Additional resources
-
-- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.md)
-- [Download IEAK 11](ieak-information-and-downloads.md)
-- [IEAK 11 overview](index.md)
-- [IEAK 11 administrators guide](https://docs.microsoft.com/internet-explorer/ie11-ieak/index)
-- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
-- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
\ No newline at end of file
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: support
+ms.pagetype: security
+description: Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
+author: dansimp
+ms.author: dansimp
+ms.manager: elizapo
+ms.prod: ie11
+ms.assetid:
+ms.reviewer:
+audience: itpro
manager: dansimp
+title: What IEAK can do for you
+ms.sitesec: library
+ms.date: 05/10/2018
+---
+
+# What IEAK can do for you
+
+Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
+
+IEAK 10 and newer includes the ability to install using one of the following installation modes:
+
+- Internal
+
+- External
+
+## IEAK 11 users
+Internet Explorer Administration Kit (IEAK) helps corporations, Internet service providers (ISPs), Internet content providers (ICPs), and independent software vendors (ISVs) to deploy and manage web-based solutions.
+
+IEAK 10 and newer includes the ability to install using one of the following installation modes:
+- Internal
+- External
+
+>[!NOTE]
+>IEAK 11 works in network environments, with or without Microsoft Active Directory service.
+
+
+### Corporations
+IEAK helps corporate administrators establish version control, centrally distribute and manage browser installation, configure automatic connection profiles, and customize large portions of Internet Explorer, including features, security, communications settings, and other important functionality.
+
+Corporate administrators install IEAK using Internal mode (for Internet Explorer 10 or newer) or Corporate mode (for Internet Explorer 9 or older).
+
+### Internet service providers
+IEAK helps ISPs customize, deploy and distribute, add third-party add-ons, search providers, and custom components, as well as include web slices and accelerators all as part of a custom Internet Explorer installation package.
+
+ISPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Service Provider (ISP) mode (for Internet Explorer 9 or older).
+
+### Internet content providers
+IEAK helps ICPs customize the appearance of Internet Explorer and its Setup program, including letting you add your company name or specific wording to the Title bar, set up a customer support webpage, set up the user home page and search providers, add links to the Favorites and the Explorer bars, add optional components, web slices and accelerators, and determine which compatibility mode Internet Explorer should use.
+
+ICPs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older)
+
+### Independent software vendors
+IEAK helps ISVs distribute (and redistribute) a custom version of Internet Explorer that can include custom components, programs, and controls (like the web browser control) that you create for your users. ISVs can also determine home pages, search providers, and add websites to the Favorites bar.
+
+ISVs install IEAK using External mode (for Internet Explorer 10 or newer) or Internet Content Provider (ICP) mode (for Internet Explorer 9 or older).
+
+## Additional resources
+
+- [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.md)
+- [Download IEAK 11](ieak-information-and-downloads.md)
+- [IEAK 11 overview](index.md)
+- [IEAK 11 administrators guide](https://docs.microsoft.com/internet-explorer/ie11-ieak/index)
+- [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
+- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
+- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
index aa88edcfee..e81b0eedea 100644
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
@@ -1,28 +1,31 @@
----
-ms.localizationpriority: medium
-ms.mktglfcycl: deploy
-description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
-author: shortpatti
-ms.prod: ie11
-ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
-title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
-ms.sitesec: library
-ms.date: 07/27/2017
----
-
-
-# Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
-The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
-
-In most cases, your next steps will be to prepare your files for installation from your network or from another distribution method. If you haven’t already done it, you’ll need to digitally sign any program or .cab files that are going to be distributed over the Internet or over an intranet that isn’t configured to allow downloads.
-
-After that, the steps you’ll use to distribute your customized browser will vary, depending on your version of IEAK (Internal or External) and the media you’re using to distribute the package. For more information, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
-
-
-
-
-
-
-
-
-
+---
+ms.localizationpriority: medium
+ms.mktglfcycl: deploy
+description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
+author: dansimp
+ms.prod: ie11
+ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
+ms.reviewer:
+audience: itpro
manager: dansimp
+ms.author: dansimp
+title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
+ms.date: 07/27/2017
+---
+
+
+# Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
+The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
+
+In most cases, your next steps will be to prepare your files for installation from your network or from another distribution method. If you haven’t already done it, you’ll need to digitally sign any program or .cab files that are going to be distributed over the Internet or over an intranet that isn’t configured to allow downloads.
+
+After that, the steps you’ll use to distribute your customized browser will vary, depending on your version of IEAK (Internal or External) and the media you’re using to distribute the package. For more information, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
+
+
+
+
+
+
+
+
+
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
index c2dbda0086..6c3085d888 100644
--- a/browsers/internet-explorer/index.md
+++ b/browsers/internet-explorer/index.md
@@ -1,8 +1,9 @@
---
ms.mktglfcycl: deploy
description: The landing page for IE11 that lets you access the documentation.
-author: shortpatti
-ms.prod: IE11
+author: dansimp
+ms.author: dansimp
+ms.prod: ie11
title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
ms.sitesec: library
diff --git a/browsers/internet-explorer/internet-explorer.yml b/browsers/internet-explorer/internet-explorer.yml
index c9b14b03a2..4c11b5c85e 100644
--- a/browsers/internet-explorer/internet-explorer.yml
+++ b/browsers/internet-explorer/internet-explorer.yml
@@ -33,7 +33,7 @@ sections:
- type: markdown
text: "
Find information and tips to help you assess compatibility and prioritize processes as you plan for Internet Explorer 11.
-
"
- title: Deploy
@@ -41,7 +41,7 @@ sections:
- type: markdown
text: "
Find the resources you need to successfully deploy Internet Explorer 11 in your organization.
-
"
- title: Manage
@@ -49,7 +49,7 @@ sections:
- type: markdown
text: "
Find everything you need to manage Internet Explorer 11 effectively in your organization. Get information on Group Policy, blocked out-of-date ActiveX controls, scripts, and more.
-
"
- title: Support
diff --git a/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md
new file mode 100644
index 0000000000..0031c6792e
--- /dev/null
+++ b/browsers/internet-explorer/kb-support/clear-ie-cache-from-command-line.md
@@ -0,0 +1,137 @@
+---
+title: Clear the Internet Explorer cache from a command line
+description: Introduces command-line commands and a sample batch file for clearing the IE cache.
+audience: ITPro
+manager: msmets
+author: ramakoni1
+ms.author: ramakoni
+ms.reviewer: ramakoni, DEV_Triage
+ms.prod: internet-explorer
+ms.technology:
+ms.topic: kb-support
+ms.custom: CI=111020
+ms.localizationpriority: Normal
+# localization_priority: medium
+# ms.translationtype: MT
+ms.date: 01/23/2020
+---
+# How to clear Internet Explorer cache by using the command line
+
+This article outlines the procedure to clear the Internet Explorer cache by using the command line.
+
+## Command line commands to clear browser cache
+
+1. Delete history from the Low folder
+ `del /s /q C:\Users\\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah`
+
+2. Delete history
+ `RunDll32.exe InetCpl.cpl, ClearMyTracksByProcess 1`
+
+3. Delete cookies
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2`
+
+4. Delete temporary internet files
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8`
+
+5. Delete form data
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16`
+
+6. Delete stored passwords
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32`
+
+7. Delete all
+ `RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255`
+
+8. Delete files and settings stored by add-ons
+ `InetCpl.cpl,ClearMyTracksByProcess 4351`
+
+If you upgraded from a previous version of Internet Explorer, you have to use the following commands to delete the files from older versions:
+`RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9`
+
+Command to reset Internet Explorer settings:
+`Rundll32.exe inetcpl.cpl ResetIEtoDefaults`
+
+## Sample batch file to clear Internet Explorer cache files
+
+A sample batch file is available that you can use to clear Internet Explorer cache files and other items. You can download the file from [https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip](https://msdnshared.blob.core.windows.net/media/2017/09/ClearIE_Cache.zip).
+
+The batch file offers the following options:
+
+- Delete Non-trusted web History (low-level hidden cleanup)
+- Delete History
+- Delete Cookies
+- Delete Temporary Internet Files
+- Delete Form Data
+- Delete Stored Passwords
+- Delete All
+- Delete All "Also delete files and settings stored by add-ons"
+- Delete IE10 and IE9 Temporary Internet Files
+- Resets IE Settings
+- EXIT
+
+**Contents of the batch file**
+
+```console
+@echo off
+:: AxelR Test Batch
+:: tested on Windows 8 + IE10, Windows7 + IE9
+
+:home
+cls
+COLOR 00
+echo Delete IE History
+echo Please select the task you wish to run.
+echo Pick one:
+echo.
+echo 1. Delete Non-trusted web History(low level hidden clean up)
+echo 2. Delete History
+echo 3. Delete Cookies
+echo 4. Delete Temporary Internet Files
+echo 5. Delete Form Data
+echo 6. Delete Stored Passwords
+echo 7. Delete All
+echo 8. Delete All "Also delete files and settings stored by add-ons"
+echo 9. Delete IE10 and 9 Temporary Internet Files
+echo 10. Reset IE Settings
+echo 77. EXIT
+:choice
+Echo Hit a number [1-10] and press enter.
+set /P CH=[1-10]
+
+if "%CH%"=="1" set x=del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah
+if "%CH%"=="2" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
+if "%CH%"=="3" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
+if "%CH%"=="4" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
+if "%CH%"=="5" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
+if "%CH%"=="6" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
+if "%CH%"=="7" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
+if "%CH%"=="8" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351
+if "%CH%"=="9" set x=RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 9
+if "%CH%"=="10" set x=rundll32.exe inetcpl.cpl ResetIEtoDefaults
+if "%CH%"=="77" goto quit
+
+%x%
+
+goto Home
+
+::Temporary Internet Files > Delete files - To delete copies of web pages, images, and media
+::that are saved for faster viewing.
+::Cookies > Delete cookies - To delete cookies, which are files that are stored on your computer by
+::websites to save preferences such as login information.
+::History > Delete history - To delete the history of the websites you have visited.
+::Form data > Delete forms - To delete all the saved information that you have typed into
+::forms.
+::Passwords > Delete passwords - To delete all the passwords that are automatically filled in
+::when you log on to a website that you've previously visited.
+::Delete all - To delete all of these listed items in one operation.
+
+::enter below in search/run to see Low history dir if exists
+::C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low
+
+::Delete all low (untrusted history) very hidden
+::this will clean any unlocked files under the dir and not delete the dir structure
+::del /s /q low\* /ah ::del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\History\low\* /ah
+
+goto Home
+:quit
+```
diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.md b/browsers/internet-explorer/kb-support/ie-edge-faqs.md
new file mode 100644
index 0000000000..ef07a2a337
--- /dev/null
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.md
@@ -0,0 +1,222 @@
+---
+title: IE and Microsoft Edge FAQ for IT Pros
+description: Describes frequently asked questions about Internet Explorer and Microsoft Edge for IT professionals.
+audience: ITPro
+manager: msmets
+author: ramakoni1
+ms.author: ramakoni
+ms.reviewer: ramakoni, DEV_Triage
+ms.prod: internet-explorer
+ms.technology:
+ms.topic: kb-support
+ms.custom: CI=111020
+ms.localizationpriority: Normal
+# localization_priority: medium
+# ms.translationtype: MT
+ms.date: 01/23/2020
+---
+# Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros
+
+## Cookie-related questions
+
+### What is a cookie?
+
+An HTTP cookie (the web cookie or browser cookie) is a small piece of data that a server sends to the user's web browser. The web browser may store the cookie and return it to the server together with the next request. For example, a cookie might be used to indicate whether two requests come from the same browser in order to allow the user to remain logged-in. The cookie records stateful information for the stateless HTTP protocol.
+
+### How does Internet Explorer handle cookies?
+
+For more information about how Internet Explorer handles cookies, see the following articles:
+
+- [Beware Cookie Sharing in Cross-Zone Scenarios](https://blogs.msdn.microsoft.com/ieinternals/2011/03/10/beware-cookie-sharing-in-cross-zone-scenarios/)
+- [A Quick Look at P3P](https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/)
+- [Internet Explorer Cookie Internals FAQ](https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/)
+- [Privacy Beyond Blocking Cookies](https://blogs.msdn.microsoft.com/ie/2008/08/25/privacy-beyond-blocking-cookies-bringing-awareness-to-third-party-content/)
+- [Description of Cookies](https://support.microsoft.com/help/260971/description-of-cookies)
+
+### Where does Internet Explorer store cookies?
+
+To see where Internet Explorer stores its cookies, follow these steps:
+
+1. Start File Explorer.
+2. Select **Views** \> **Change folder and search options**.
+3. In the **Folder Options** dialog box, select **View**.
+4. In **Advanced settings**, select **Do not show hidden files, folders, or drivers**.
+5. Clear **Hide protected operation system files (Recommended)**.
+6. Select **Apply**.
+7. Select **OK**.
+
+The following are the folder locations where the cookies are stored:
+
+**In Windows 10**
+C:\Users\username\AppData\Local\Microsoft\Windows\INetCache
+
+**In Windows 8 and Windows 8.1**
+C:\Users\username\AppData\Local\Microsoft\Windows\INetCookies
+
+**In Windows 7**
+C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies
+C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies\Low
+
+### What is the per-domain cookie limit?
+
+Since the June 2018 cumulative updates for Internet Explorer and Microsoft Edge, the per-domain cookie limit is increased from 50 to 180 for both browsers. The cookies vary by path. So, if the same cookie is set for the same domain but for different paths, it's essentially a new cookie.
+
+There's still a 5 Kilobytes (KB) limit on the size of the cookie header that is sent out. This limit can cause some cookies to be lost after they exceed that value.
+
+The JavaScript limitation was updated to 10 KB from 4 KB.
+
+For more information, see [Internet Explorer Cookie Internals (FAQ)](https://blogs.msdn.microsoft.com/ieinternals/2009/08/20/internet-explorer-cookie-internals-faq/).
+
+#### Additional information about cookie limits
+
+**What does the Cookie RFC allow?**
+RFC 2109 defines how cookies should be implemented, and it defines minimum values that browsers support. According to the RFC, browsers would ideally have no limits on the size and number of cookies that a browser can handle. To meet the specifications, the user agent should support the following:
+
+- At least 300 cookies total
+- At least 20 cookies per unique host or domain name
+
+For practicality, individual browser makers set a limit on the total number of cookies that any one domain or unique host can set. They also limit the total number of cookies that can be stored on a computer.
+
+### Cookie size limit per domain
+
+Some browsers also limit the amount of space that any one domain can use for cookies. This means that if your browser sets a limit of 4,096 bytes per domain for cookies, 4,096 bytes is the maximum available space in that domain even though you can set up to 180 cookies.
+
+## Proxy Auto Configuration (PAC)-related questions
+
+### Is an example Proxy Auto Configuration (PAC) file available?
+
+Here is a simple PAC file:
+
+```vb
+function FindProxyForURL(url, host)
+{
+ return "PROXY proxyserver:portnumber";
+}
+```
+
+> [!NOTE]
+> The previous PAC always returns the **proxyserver:portnumber** proxy.
+
+For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
+
+**Third-party information disclaimer**
+The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.
+
+### How to improve performance by using PAC scripts
+
+- [Browser is slow to respond when you use an automatic configuration script](https://support.microsoft.com/help/315810/browser-is-slow-to-respond-when-you-use-an-automatic-configuration-scr)
+- [Optimizing performance with automatic Proxyconfiguration scripts (PAC)](https://blogs.msdn.microsoft.com/askie/2014/02/07/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac/)
+
+## Other questions
+
+### How to set home and start pages in Microsoft Edge and allow user editing
+
+For more information, see the following blog article:
+
+[How do I set the home page in Microsoft Edge?](https://blogs.msdn.microsoft.com/askie/2017/10/04/how-do-i-set-the-home-page-in-edge/)
+
+### How to add sites to the Enterprise Mode (EMIE) site list
+
+For more information about how to add sites to an EMIE list, see [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool).
+
+### What is Content Security Policy (CSP)?
+
+By using [Content Security Policy](https://docs.microsoft.com/microsoft-edge/dev-guide/security/content-security-policy), you create an allow list of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
+
+Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
+
+CSP2 makes these scenarios easier to manage by adding support for nonces and hashes for script and style resources. A nonce is a cryptographically strong random value that is generated on each page load that appears in both the CSP policy and in the script tags on the page. Using nonces can help minimize the need to maintain a list of allowed source URL values while also allowing trusted scripts that are declared in script elements to run.
+
+For more information, see the following articles:
+
+- [Introducing support for Content Security Policy Level 2](https://blogs.windows.com/msedgedev/2017/01/10/edge-csp-2/)
+- [Content Security Policy](https://en.wikipedia.org/wiki/Content_Security_Policy)
+
+### Where to find Internet Explorer security zones registry entries
+
+Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users).
+
+This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
+
+The default Zone Keys are stored in the following locations:
+
+- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
+- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
+
+### Why don't HTML5 videos play in Internet Explorer 11?
+
+To play HTML5 videos in the Internet Zone, use the default settings or make sure that the registry key value of **2701** under **Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3** is set to **0**.
+
+- 0 (the default value): Allow
+- 3: Disallow
+
+This key is read by the **URLACTION\_ALLOW\_AUDIO\_VIDEO 0x00002701** URL action flag that determines whether media elements (audio and video) are allowed in pages in a URL security zone.
+
+For more information, see [Unable to play HTML5 Videos in IE](https://blogs.msdn.microsoft.com/askie/2014/12/31/unable-to-play-html5-videos-in-ie/).
+
+For Windows 10 N and Windows KN editions, you must also download the feature pack that is discussed in [Media feature pack for Windows 10 N and Windows 10 KN editions](https://support.microsoft.com/help/3010081/media-feature-pack-for-windows-10-n-and-windows-10-kn-editions).
+
+For more information about how to check Windows versions, see [Which version of Windows operating system am I running?](https://support.microsoft.com/help/13443/windows-which-version-am-i-running)
+
+### What is the Enterprise Mode Site List Portal?
+
+This is a new feature to add sites to your enterprise mode site list XML. For more information, see [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
+
+### What is Enterprise Mode Feature?
+
+For more information about this topic, see [Enterprise Mode and the Enterprise Mode Site List](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode).
+
+### Where can I obtain a list of HTTP Status codes?
+
+For information about this list, see [HTTP Status Codes](https://docs.microsoft.com/windows/win32/winhttp/http-status-codes).
+
+### What is end of support for Internet Explorer 11?
+
+Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
+
+For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
+
+### How to configure TLS (SSL) for Internet Explorer
+
+For more information about how to configure TLS/SSL for Internet Explorer, see [Group Policy Setting to configure TLS/SSL](https://gpsearch.azurewebsites.net/#380).
+
+### What is Site to Zone?
+
+Site to Zone usually refers to one of the following:
+
+**Site to Zone Assignment List**
+This is a Group Policy policy setting that can be used to add sites to the various security zones.
+
+The Site to Zone Assignment List policy setting associates sites to zones by using the following values for the Internet security zones:
+
+- Intranet zone
+- Trusted Sites zone
+- Internet zone
+- Restricted Sites zone
+
+If you set this policy setting to **Enabled**, you can enter a list of sites and their related zone numbers. By associating a site to a zone, you can make sure that the security settings for the specified zone are applied to the site.
+
+**Site to Zone Mapping**
+Site to Zone Mapping is stored as the name of the key. The protocol is a registry value that has a number that assigns it to the corresponding zone. Internet Explorer will read from the following registry subkeys for the sites that are deployed through the Site to Zone assignment list:
+
+- HKEY\_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
+- HKEY\_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapKey
+
+**Site to Zone Assignment List policy**
+This policy setting is available for both Computer Configuration and User Configuration:
+
+- Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
+- User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
+
+**References**
+[How to configure Internet Explorer security zone sites using group polices](https://blogs.msdn.microsoft.com/askie/2012/06/05/how-to-configure-internet-explorer-security-zone-sites-using-group-polices/)
+
+### What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
+
+For more information about these settings and limits, see [Connectivity Enhancements in Windows Internet Explorer 8](https://docs.microsoft.com/previous-versions/cc304129(v=vs.85)).
+
+### What is the MaxConnectionsPerProxy setting, and what are the maximum allowed values for this setting?
+
+The **MaxConnectionsPerProxy** setting controls the number of connections that a single-user client can maintain to a given host by using a proxy server.
+
+For more information, see [Understanding Connection Limits and New Proxy Connection Limits in WinInet and Internet Explorer](https://blogs.msdn.microsoft.com/jpsanders/2009/06/29/understanding-connection-limits-and-new-proxy-connection-limits-in-wininet-and-internet-explorer/).
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index b314f85b52..d1c0ab596f 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -1,16 +1,69 @@
-# [Microsoft HoloLens](index.md)
-## [What's new in Microsoft HoloLens](hololens-whats-new.md)
-## [HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md)
-## [Insider preview for Microsoft HoloLens](hololens-insider.md)
-## [Set up HoloLens](hololens-setup.md)
-## [Install localized version of HoloLens](hololens-install-localized.md)
-## [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md)
-## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
-## [Manage updates to HoloLens](hololens-updates.md)
-## [Set up HoloLens in kiosk mode](hololens-kiosk.md)
-## [Share HoloLens with multiple people](hololens-multiple-users.md)
+# [HoloLens overview](index.md)
+
+# Get Started with HoloLens 2
+## [HoloLens 2 hardware](hololens2-hardware.md)
+## [Get your HoloLens 2 ready to use](hololens2-setup.md)
+## [Set up your HoloLens 2](hololens2-start.md)
+## [HoloLens 2 fit and comfort FAQ](hololens2-fit-comfort-faq.md)
+## [Supported languages for HoloLens 2](hololens2-language-support.md)
+## [Getting around HoloLens 2](hololens2-basic-usage.md)
+
+# Get started with HoloLens (1st gen)
+## [HoloLens (1st gen) hardware](hololens1-hardware.md)
+## [Get your HoloLens (1st gen) ready to use](hololens1-setup.md)
+## [Set up your HoloLens (1st gen)](hololens1-start.md)
+## [HoloLens (1st gen) fit and comfort FAQ](hololens1-fit-comfort-faq.md)
+## [Install localized version of HoloLens (1st gen)](hololens1-install-localized.md)
+## [Getting around HoloLens (1st gen)](hololens1-basic-usage.md)
+
+# Deploying HoloLens and Mixed Reality Apps in Commercial Environments
+## [Deployment planning](hololens-requirements.md)
+## [Commercial feature overview](hololens-commercial-features.md)
+## [Lincense Requriements](hololens-licenses-requirements.md)
+## [Commercial Infrastructure Guidance](hololens-commercial-infrastructure.md)
+## [Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md)
## [Configure HoloLens using a provisioning package](hololens-provisioning.md)
-## [Install apps on HoloLens](hololens-install-apps.md)
+## [Enroll HoloLens in MDM](hololens-enroll-mdm.md)
+## [Set up ring based updates for HoloLens](hololens-updates.md)
## [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md)
-## [How HoloLens stores data for spaces](hololens-spaces.md)
-## [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
\ No newline at end of file
+
+# Navigating Windows Holographic
+## [Start menu and mixed reality home](holographic-home.md)
+## [Use your voice with HoloLens](hololens-cortana.md)
+## [Find and save files](holographic-data.md)
+## [Create, share, and view photos and video](holographic-photos-and-videos.md)
+
+# User management and access management
+## [Accounts on HoloLens](hololens-identity.md)
+## [Share your HoloLens with multiple people](hololens-multiple-users.md)
+## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
+## [Set up limited application access](hololens-kiosk.md)
+
+# Holographic Applications
+## [Try 3D Viewer](holographic-3d-viewer-beta.md)
+## [Find, install, and uninstall applications](holographic-store-apps.md)
+## [Install and uninstall custom applications](holographic-custom-apps.md)
+
+# Accessories and connectivity
+## [Connect to Bluetooth and USB-C devices](hololens-connect-devices.md)
+## [Use the HoloLens (1st gen) clicker](hololens1-clicker.md)
+## [Connect to a network](hololens-network.md)
+## [Use HoloLens offline](hololens-offline.md)
+
+# Hologram optics and placement in space
+## [Tips for viewing clear Holograms](hololens-calibration.md)
+## [Environment considerations for HoloLens](hololens-environment-considerations.md)
+## [Spatial mapping on HoloLens](hololens-spaces.md)
+
+# Update, troubleshoot, or recover HoloLens
+## [Update HoloLens](hololens-update-hololens.md)
+## [Restart, reset, or recover](hololens-recovery.md)
+## [Troubleshoot HoloLens](hololens-troubleshooting.md)
+## [Known issues](hololens-known-issues.md)
+## [Frequently asked questions](hololens-faq.md)
+## [Hololens services status](hololens-status.md)
+
+# [Release Notes](hololens-release-notes.md)
+# [Give us feedback](hololens-feedback.md)
+# [Join the Windows Insider program](hololens-insider.md)
+# [Change history for Microsoft HoloLens documentation](change-history-hololens.md)
diff --git a/devices/hololens/change-history-hololens.md b/devices/hololens/change-history-hololens.md
index 1fc820a243..4b3449e838 100644
--- a/devices/hololens/change-history-hololens.md
+++ b/devices/hololens/change-history-hololens.md
@@ -1,24 +1,27 @@
---
title: Change history for Microsoft HoloLens documentation
+ms.reviewer:
+manager: dansimp
description: This topic lists new and updated topics for HoloLens.
keywords: change history
ms.prod: hololens
ms.mktglfcycl: manage
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
-ms.date: 11/05/2018
---
# Change history for Microsoft HoloLens documentation
This topic lists new and updated topics in the [Microsoft HoloLens documentation](index.md).
-## Windows 10 Holographic for Business, version 1809
+## April 2019
-The topics in this library have been updated for Windows 10 Holographic for Business, version 1809.
+New or changed topic | Description
+--- | ---
+[Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md) | New
## November 2018
@@ -26,6 +29,10 @@ New or changed topic | Description
--- | ---
[How HoloLens stores data for spaces](hololens-spaces.md) | New
+## Windows 10 Holographic for Business, version 1809
+
+The topics in this library have been updated for Windows 10 Holographic for Business, version 1809.
+
## October 2018
@@ -43,11 +50,6 @@ New or changed topic | Description
--- | ---
Insider preview for Microsoft HoloLens | New (topic retired on release of Windows 10, version 1809)
-## June 2018
-
-New or changed topic | Description
---- | ---
-[HoloLens in the enterprise: requirements and FAQ](hololens-requirements.md#pin) | Added instructions for creating a sign-in PIN.
## May 2018
@@ -71,7 +73,7 @@ The topics in this library have been updated for Windows 10 Holographic for Busi
New or changed topic | Description
--- | ---
-[Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | Replaced the instructions for upgrading to Windows Holographic for Business using Microsoft Intune with a link to the new Intune topic.
+[Unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md) | Replaced the instructions for upgrading to Windows Holographic for Business using Microsoft Intune with a link to the new Intune topic.
## December 2017
@@ -79,14 +81,8 @@ New or changed topic | Description
--- | ---
[Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | New
-## May 2017
-
-| New or changed topic | Description |
-| --- | --- |
-| [Microsoft HoloLens in the enterprise: requirements](hololens-requirements.md) | Changed title to **Microsoft HoloLens in the enterprise: requirements and FAQ**, added questions and answers in new [FAQ section](hololens-requirements.md#faq-for-hololens) |
-
## January 2017
| New or changed topic | Description |
| --- | --- |
-| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |
\ No newline at end of file
+| All topics | Changed all references from **Windows Holographic Enterprise** to **Windows Holographic for Business** |
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
index 06af992034..4f53494c32 100644
--- a/devices/hololens/docfx.json
+++ b/devices/hololens/docfx.json
@@ -4,7 +4,7 @@
{
"files": [
"**/*.md",
- "**/**.yml"
+ "**/**.yml"
],
"exclude": [
"**/obj/**",
@@ -17,7 +17,8 @@
{
"files": [
"**/*.png",
- "**/*.jpg"
+ "**/*.jpg",
+ "**/*.gif"
],
"exclude": [
"**/obj/**",
@@ -29,26 +30,38 @@
"overwrite": [],
"externalReference": [],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
- "breadcrumb_path": "/hololens/breadcrumb/toc.json",
- "ms.technology": "windows",
- "ms.topic": "article",
- "ms.author": "jdecker",
- "ms.date": "04/05/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.itpro-hololens"
- }
- }
- },
+ "breadcrumb_path": "/hololens/breadcrumb/toc.json",
+ "ms.technology": "windows",
+ "ms.topic": "article",
+ "audience": "ITPro",
+ "manager": "laurawi",
+ "ms.date": "04/05/2017",
+ "feedback_system": "GitHub",
+ "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+ "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "_op_documentIdPathDepotMapping": {
+ "./": {
+ "depot_name": "Win.itpro-hololens",
+ "folder_relative_path_in_docset": "./"
+ }
+
+ }
+ },
"fileMetadata": {},
"template": [
null
],
"dest": "devices/hololens",
- "markdownEngineName": "dfm"
- }
+ "markdownEngineName": "markdig"
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ]
}
diff --git a/devices/hololens/holographic-3d-viewer-beta.md b/devices/hololens/holographic-3d-viewer-beta.md
new file mode 100644
index 0000000000..0973813221
--- /dev/null
+++ b/devices/hololens/holographic-3d-viewer-beta.md
@@ -0,0 +1,202 @@
+---
+title: Using 3D Viewer on HoloLens
+description: Describes the types of files and features that 3D Viewer Beta on HoloLens supports, and how to use and troubleshoot the app.
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 10/30/2019
+ms.reviewer: scooley
+audience: ITPro
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+---
+
+# Using 3D Viewer on HoloLens
+
+3D Viewer lets you view 3D models on HoloLens. You can open and view *supported* .fbx files from Microsoft Edge, OneDrive, and other apps.
+
+If you're having trouble opening a 3D model in 3D Viewer, or certain features of your 3D model are unsupported, see [Supported content specifications](#supported-content-specifications).
+
+To build or optimize 3D models for use with 3D Viewer, see [Optimizing 3D models for 3D Viewer](#optimizing-3d-models-for-3d-viewer-beta).
+
+There are two ways to open a 3D model on HoloLens. See [Viewing 3D models on HoloLens](#viewing-3d-models-on-hololens) to learn more.
+
+If you're having trouble after reading these topics, see [Troubleshooting](#troubleshooting).
+
+## Supported content specifications
+
+### File format
+
+- FBX format
+- Maximum FBX release 2015.1.0
+
+### File size
+
+- Minimum 5 KB
+- Maximum 500 MB
+
+### Geometry
+
+- Polygonal models only. No subdivision surfaces or NURBs
+- Right-handed coordinate system
+- Shear in transformation matrices is not supported
+
+### Textures
+
+- Texture maps must be embedded in the FBX file
+- Supported image formats
+ - JPEG and PNG images
+ - BMP images (24-bit RGB true-color)
+ - TGA images (24-bit RGB and 32-bit RGBQ true-color)
+- Maximum texture resolution of 2048x2048
+- Maximum of one diffuse map, one normal map, and one reflection cube map per mesh
+- Alpha channel in diffuse textures causes pixels to be discarded if below 50%
+
+### Animation
+
+- Scale/rotation/translation animation on individual objects
+- Skeletal (rigged) animation with skinning
+ - Maximum of 4 influences per vertex
+
+### Materials
+
+- Lambert and Phong materials are supported, with adjustable parameters
+- Supported material properties for Lambert
+ - Main Texture (RGB + Alpha Test)
+ - Diffuse Color (RGB)
+ - Ambient Color (RGB)
+- Supported material properties for Phong
+ - Main Texture (RGB + Alpha Test)
+ - Diffuse Color (RGB)
+ - Ambient Color (RGB)
+ - Specular Color (RGB)
+ - Shininess
+ - Reflectivity
+- Custom materials are not supported
+- Maximum of one material per mesh
+- Maximum of one material layer
+- Maximum of 8 materials per file
+
+### File and model limitations
+
+There are hard limits on the size of files, as well as the number of models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta:
+
+- 500 MB maximum file size per model
+- Vertices: 600,000 combined on all open models
+- Meshes: 1,600 combined on all open models
+- Maximum of 40 models open at one time
+
+## Optimizing 3D models for 3D Viewer Beta
+
+### Special considerations
+
+- Avoid black materials or black areas in texture maps. Holograms are made of light, thus HoloLens renders black (the absence of light) as transparent.
+- Before exporting to FBX from your creation tool, ensure all geometry is visible and unlocked and no layers that contain geometry are turned off or templated. Visibility is not respected.
+- Avoid very large translation offsets between nodes (for example, 100,000 units). This can cause the model to jitter while being moved/scaled/rotated.
+
+### Performance optimization
+
+Keep performance in mind while authoring content and validate in the 3D Viewer Beta app on HoloLens during the authoring process for best results. 3D Viewer Beta renders content real-time and performance is subject to HoloLens hardware capabilities.
+
+There are many variables in a 3D model that can impact performance. 3D Viewer Beta will show a warning on load if there are more than 150,000 vertices or more than 400 meshes. Animations can have an impact on the performance of other open models. There are also hard limits on the total number models, vertices, and meshes that can be open simultaneously in 3D Viewer Beta (see [File and model limitations](#file-and-model-limitations)).
+
+If the 3D model isn't running well due to model complexity, consider:
+
+- Reducing polygon count
+- Reducing number of bones in rigged animation
+- Avoiding self-occlusion
+
+Double-sided rendering is supported in 3D Viewer Beta, although it is turned off by default for performance reasons. This can be turned on via the **Double Sided** button on the **Details** page. For best performance, avoid the need for double-sided rendering in your content.
+
+### Validating your 3D model
+
+Validate your model by opening it in 3D Viewer Beta on HoloLens. Select the **Details** button to view your model's characteristics and warnings of unsupported content (if present).
+
+### Rendering 3D models with true-to-life dimensions
+
+By default, 3D Viewer Beta displays 3D models at a comfortable size and position relative to the user. However, if rendering a 3D model with true-to-life measurements is important (for example, when evaluating furniture models in a room), the content creator can set a flag within the file's metadata to prevent resizing of that model by both the application and the user.
+
+To prevent scaling of the model, add a Boolean custom attribute to any object in the scene named Microsoft_DisableScale and set it to true. 3D Viewer Beta will then respect the FbxSystemUnit information baked into the FBX file. Scale in 3D Viewer Beta is 1 meter per FBX unit.
+
+## Viewing 3D models on HoloLens
+
+### Open an FBX file from Microsoft Edge
+
+FBX files can be opened directly from a website using Microsoft Edge on HoloLens.
+
+1. In Microsoft Edge, navigate to the webpage containing the FBX file you want to view.
+1. Select the file to download it.
+1. When the download is complete, select the **Open** button in Microsoft Edge to open the file in 3D Viewer Beta.
+
+The downloaded file can be accessed and opened again later by using Downloads in Microsoft Edge. To save a 3D model and ensure continued access, download the file on your PC and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
+
+> [!NOTE]
+> Some websites with downloadable FBX models provide them in compressed ZIP format. 3D Viewer Beta cannot open ZIP files directly. Instead, use your PC to extract the FBX file and save it to your OneDrive account. The file can then be opened from the OneDrive app on HoloLens.
+
+### Open an FBX file from OneDrive
+
+FBX files can be opened from OneDrive by using the OneDrive app on HoloLens. Be sure you've installed OneDrive using Microsoft Store app on HoloLens and that you've already uploaded the FBX file to OneDrive on your PC.
+
+Once in OneDrive, FBX files can be opened on HoloLens using 3D Viewer Beta in one of two ways:
+
+- Launch OneDrive on HoloLens and select the FBX file to open it in 3D Viewer Beta.
+- Launch 3D Viewer Beta, air tap to show the toolbar, and select **Open File**. OneDrive will launch, allowing you to select an FBX file.
+
+## Troubleshooting
+
+### I see a warning when I open a 3D model
+
+You will see a warning if you attempt to open a 3D model that contains features that are not supported by 3D Viewer Beta, or if the model is too complex and performance may be affected. 3D Viewer Beta will still load the 3D model, but performance or visual fidelity may be compromised.
+
+For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
+
+### I see a warning and the 3D model doesn't load
+
+You will see an error message when 3D Viewer Beta cannot load a 3D model due to complexity or file size, or if the FBX file is corrupt or invalid. You will also see an error message if you have reached the limit on the total number of models, vertices, or meshes that can be open simultaneously.
+
+For more info, see [Supported content specifications](#supported-content-specifications) and [File and model limitations](#file-and-model-limitations).
+
+If you feel your model meets the supported content specifications and has not exceeded the file or model limitations, you may send your FBX file to the 3D Viewer Beta team at holoapps@microsoft.com. We are not able to respond personally, but having examples of files that do not load properly will help our team improve on future versions of the app.
+
+### My 3D model loads, but does not appear as expected
+
+If your 3D model does not look as expected in 3D Viewer Beta, air tap to show the toolbar, then select **Details**. Aspects of the file which are not supported by 3D Viewer Beta will be highlighted as warnings.
+
+The most common issue you might see is missing textures, likely because they are not embedded in the FBX file. In this case, the model will appear white. This issue can be addressed in the creation process by exporting from your creation tool to FBX with the embed textures option selected.
+
+For more info, see [Supported content specifications](#supported-content-specifications) and [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta).
+
+### I experience performance drops while viewing my 3D model
+
+Performance when loading and viewing a 3D model can be affected by the complexity of the model, number of models open simultaneously, or number of models with active animations.
+
+For more info, see [Optimizing 3D models for 3D Viewer Beta](#optimizing-3d-models-for-3d-viewer-beta) and [File and model limitations](#file-and-model-limitations).
+
+### When I open an FBX file on HoloLens, it doesn't open in 3D Viewer Beta
+
+3D Viewer Beta is automatically associated with the .fbx file extension when it is installed.
+
+If you try to open an FBX file and see a dialog box that directs you to Microsoft Store, you do not currently have an app associated with the .fbx file extension on HoloLens.
+
+Verify that 3D Viewer Beta is installed. If it is not installed, download it from Microsoft Store on HoloLens.
+
+If 3D Viewer Beta is already installed, launch 3D Viewer Beta, then try opening the file again. If the issue persists, uninstall and reinstall 3D Viewer Beta. This will re-associate the .fbx file extension with 3D Viewer Beta.
+
+If attempting to open an FBX file opens an app other than 3D Viewer Beta, that app was likely installed after 3D Viewer Beta and has taken over association with the .fbx file extension. If you prefer 3D Viewer Beta to be associated with the .fbx file extension, uninstall and reinstall 3D Viewer Beta.
+
+### The Open File button in 3D Viewer Beta doesn't launch an app
+
+The **Open File** button will open the app associated with the file picker function on HoloLens. If OneDrive is installed, the **Open File** button should launch OneDrive. However, if there is currently no app associated with the file picker function installed on HoloLens, you will be directed to Microsoft Store.
+
+If the **Open File** button launches an app other than OneDrive, that app was likely installed after OneDrive and has taken over association with the file picker function. If you prefer OneDrive to launch when selecting the **Open File** button in 3D Viewer Beta, uninstall and reinstall OneDrive.
+
+If the **Open File** button is not active, it's possible that you have reached the limit of models that can be open in 3D Viewer Beta at one time. If you have 40 models open in 3D Viewer Beta, you will need to close some before you will be able to open additional models.
+
+## Additional resources
+
+- [Support forums](http://forums.hololens.com/categories/3d-viewer-beta)
+- [Third-party notices](https://www.microsoft.com/{lang-locale}/legal/products)
diff --git a/devices/hololens/holographic-custom-apps.md b/devices/hololens/holographic-custom-apps.md
new file mode 100644
index 0000000000..0a86a7b37a
--- /dev/null
+++ b/devices/hololens/holographic-custom-apps.md
@@ -0,0 +1,54 @@
+---
+title: Manage custom apps for HoloLens
+description: Side load custom apps on HoloLens. Learn more about installing, and uninstalling holographic apps.
+ms.assetid: 6bd124c4-731c-4bcc-86c7-23f9b67ff616
+ms.date: 07/01/2019
+manager: v-miegge
+keywords: hololens, sideload, side load, side-load, store, uwp, app, install
+ms.prod: hololens
+ms.sitesec: library
+author: mattzmsft
+ms.author: mazeller
+ms.topic: article
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Install and manage custom applications (non-store)
+
+HoloLens supports many existing applications from the Microsoft Store, as well as new apps built specifically for HoloLens. This article focuses on custom holographic applications.
+
+For more information about store apps, see [Manage apps with the store](holographic-store-apps.md).
+
+## Install custom apps
+
+You can install your own applications on HoloLens either by using the Device Portal or by deploying the apps from Visual Studio.
+
+### Installing an application package with the Device Portal
+
+1. Establish a connection from [Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal) to the target HoloLens.
+1. In the left navigation, navigate to the **Apps** page .
+1. Under **App Package** browse to the .appx file that is associated with your application.
+ > [!IMPORTANT]
+ > Make sure to reference any associated dependency and certificate files.
+
+1. Select **Go**.
+ 
+
+### Deploying from Microsoft Visual Studio 2015
+
+1. Open your app's Visual Studio solution (.sln file).
+1. Open the project's **Properties**.
+1. Select the following build configuration: **Master/x86/Remote Machine**.
+1. When you select **Remote Machine**:
+ - Make sure the address points to the Wi-Fi IP address of your HoloLens.
+ - Set authentication to **Universal (Unencrypted Protocol)**.
+1. Build your solution.
+1. To deploy the app from your development PC to your HoloLens, select **Remote Machine**. If you already have an existing build on the HoloLens, select **Yes** to install this newer version.
+
+ 
+1. The application will install and auto launch on your HoloLens.
+
+After you've installed an app, you'll find it in the **All apps** list (**Start** > **All apps**).
diff --git a/devices/hololens/holographic-data.md b/devices/hololens/holographic-data.md
new file mode 100644
index 0000000000..1f28c4fac9
--- /dev/null
+++ b/devices/hololens/holographic-data.md
@@ -0,0 +1,100 @@
+---
+title: Find and save files on HoloLens
+description: Use File Explorer on HoloLens to view and manage files on your device
+keywords: how-to, file picker, files, photos, videos, pictures, OneDrive, storage, file explorer
+ms.assetid: 77d2e357-f65f-43c8-b62f-6cd9bf37070a
+author: mattzmsft
+ms.author: mazeller
+manager: v-miegge
+ms.reviewer: jarrettrenshaw
+ms.date: 12/30/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Find, open, and save files on HoloLens
+
+Files you create on HoloLens, including photos and videos, are saved directly to your HoloLens device. View and manage them in the same way you would manage files on Windows 10:
+
+- Using the File Explorer app to access local folders.
+- Within an app's storage.
+- In a special folder (such as the video or music library).
+- Using a storage service that includes an app and file picker (such as OneDrive).
+- Using a desktop PC connected to your HoloLens by using a USB cable, using MTP (Media Transfer Protocol) support.
+
+## View files on HoloLens using File Explorer
+
+> Applies to all HoloLens 2 devices and HoloLens (1st gen) as of the [Windows 10 April 2018 Update (RS4) for HoloLens](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018).
+
+Use File Explorer on HoloLens to view and manage files on your device, including 3D objects, documents, and pictures. Go to **Start** > **All apps** > **File Explorer** to get started.
+
+> [!TIP]
+> If there are no files listed in File Explorer, select **This Device** in the top left pane.
+
+If you don’t see any files in File Explorer, the "Recent" filter may be active (clock icon is highlighted in left pane). To fix this, select the **This Device** document icon in the left pane (beneath the clock icon), or open the menu and select **This Device**.
+
+## Find and view your photos and videos
+
+[Mixed reality capture](holographic-photos-and-videos.md) lets you take mixed reality photos and videos on HoloLens. These photos and videos are saved to the device's Camera Roll folder.
+
+You can access photos and videos taken with HoloLens by:
+
+- accessing the Camera Roll directly through the [Photos app](holographic-photos-and-videos.md).
+- uploading photos and videos to cloud storage by syncing your photos and videos to OneDrive.
+- using the Mixed Reality Capture page of the [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture).
+
+### Photos app
+
+The Photos app is one of the default apps on the **Start** menu, and comes built-in with HoloLens. Learn more about [using the Photos app to view content](holographic-photos-and-videos.md).
+
+You can also install the [OneDrive app](https://www.microsoft.com/p/onedrive/9wzdncrfj1p3) from the Microsoft Store to sync photos to other devices.
+
+### OneDrive app
+
+[OneDrive](https://onedrive.live.com/) lets you access, manage, and share your photos and videos with any device and with any user. To access the photos and videos captured on HoloLens, download the [OneDrive app](https://www.microsoft.com/p/onedrive/9wzdncrfj1p3) from the Microsoft Store on your HoloLens. Once downloaded, open the OneDrive app and select **Settings** > **Camera upload**, and turn on **Camera upload**.
+
+### Connect to a PC
+
+If your HoloLens is running the [Windows 10 April 2018 update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) or later, you can connect your HoloLens to a Windows 10 PC by using a USB cable to browse photos and videos on the device by using MTP (media transfer protocol). You'll need to make sure the device is unlocked to browse files if you have a PIN or password set up on your device.
+
+If you have enabled the [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal), you can use it to browse, retrieve, and manage the photos and videos stored on your device.
+
+## Access files within an app
+
+If an application saves files on your device, you can use that application to access them.
+
+### Requesting files from another app
+
+An application can request to save a file or open a file from another app by using [file pickers](https://docs.microsoft.com/windows/mixed-reality/app-model#file-pickers).
+
+### Known folders
+
+HoloLens supports a number of [known folders](https://docs.microsoft.com/windows/mixed-reality/app-model#known-folders) that apps can request permission to access.
+
+## View HoloLens files on your PC
+
+Similar to other mobile devices, connect HoloLens to your desktop PC using MTP (Media Transfer Protocol) and open File Explorer on the PC to access your HoloLens libraries for easy transfer.
+
+To see your HoloLens files in File Explorer on your PC:
+
+1. Sign in to HoloLens, then plug it into the PC using the USB cable that came with the HoloLens.
+
+1. Select **Open Device to view files with File Explorer**, or open File Explorer on the PC and navigate to the device.
+
+To see info about your HoloLens, right-click the device name in File Explorer on your PC, then select **Properties**.
+
+> [!NOTE]
+> HoloLens (1st gen) does not support connecting to external hard drives or SD cards.
+
+## Sync to the cloud
+
+To sync photos and other files from your HoloLens to the cloud, install and set up OneDrive on HoloLens. To get OneDrive, search for it in the Microsoft Store on your HoloLens.
+
+HoloLens doesn't back up app files and data, so it's a good idea to save your important stuff to OneDrive. That way, if you reset your device or uninstall an app, your info will be backed up.
diff --git a/devices/hololens/holographic-home.md b/devices/hololens/holographic-home.md
new file mode 100644
index 0000000000..9b554c0638
--- /dev/null
+++ b/devices/hololens/holographic-home.md
@@ -0,0 +1,87 @@
+---
+title: Start menu and mixed reality home
+description: Navigate the mixed reality home in Windows Holographic.
+ms.assetid: 742bc126-7996-4f3a-abb2-cf345dff730c
+ms.date: 08/07/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Start menu and mixed reality home
+
+Just like the Windows PC experience starts with the desktop, Windows Holographic starts with mixed reality home. Using the Start menu you can open and place app windows, immersive app launchers, and 3D content in mixed reality home, and their placement in your physical space will be remembered.
+
+## Use the Start menu
+
+The Start menu on HoloLens is where you'll open apps, see important status info, and access tools like the camera.
+
+Wherever you are in HoloLens, you can always open the Start menu by using **Start gesture**. On HoloLens (1st gen) the Start gesture is [bloom](https://support.microsoft.com/help/12644/hololens-use-gestures). On HoloLens 2, the [Start gesture](hololens2-basic-usage.md#start-gesture) is to tap the Start icon that appears on your wrist. You can also open the Start menu using your voice by saying "Go to Start".
+
+> [!TIP]
+> When the Start menu is open, use the Start gesture to close it, or look at the Start menu and say "Close".
+
+At the top of the Start menu, you'll see status indicators for Wi-Fi, battery, volume, and a clock. On HoloLens 2 there is also a listening indicator that shows whether the device is speech enabled and is listening for voice commands. At the bottom you'll find the **Photo** and **Video** buttons which allow you to take photos and video recordings. There is also a **Connect** button that allows you to project what you see to another device using Miracast.
+
+### Find apps on Start menu
+
+The Start menu has a **Pinned apps** list and an **All apps** list.
+
+- The **Pinned apps** list shows apps that have been pinned. You can add and remove apps from the **Pinned apps** list using the context menu that appears when you **select and hold** on an app tile.
+
+- The **All apps** list shows all apps that are installed on the device. Select the **All apps** button on the right side of the **Start** menu to get to the list.
+
+On both app lists, use the **Page up** and **Page down** buttons on the right side of the Start menu to page through all the apps in the list. Both app lists will automatically open to the page that was last used during a device session.
+
+> [!TIP]
+> On HoloLens 2, you can directly scroll the app lists using your index finger. Just touch the list with your finger tip and drag upwards or downwards.
+
+### Open apps from Start menu
+
+To open an app from the Start menu, simply **select** an **app tile**. You can also say the name of an app to open it.
+
+When you open an app from the Start menu, one of the following will happen, depending on how the app is designed:
+
+- An **app window** is placed. The app is then loaded in the window and you can use it like a touch screen.
+- A **3D app launcher** for an immersive app is placed. You need to then **select** the launcher to open the immersive app.
+- An app window is placed which acts as a **launcher** for an immersive app. The immersive app will proceed to launch automatically.
+
+App windows and app launchers placed in mixed reality home will stay around until you decide to remove them. They give you a convenient shortcut in the world to use those app windows or to launch immersive apps without having to open them again from the Start menu.
+
+> [!NOTE]
+>Like on a phone, system resources is managed automatically on HoloLens. For example, when you open a new immersive app, all other running apps will immediately become inactive. There is no need to remove app windows and launchers in mixed reality home to free up system resources.
+
+## Using apps on HoloLens
+
+Apps on HoloLens can use app window view or immersive view. With app window view the app simply shows its content inside a window. With immersive view an app takes you away from mixed realty home where it can then display its content in the physical environment all around you. Apps can also choose to use both views.
+
+### Use app windows
+
+On HoloLens (1st gen) app windows are placed and used in mixed reality home, where you can [move, resize, and rotate](hololens1-basic-usage.md#move-resize-and-rotate-apps) them as you like. In addition to using app windows with gaze and gesture, you can also use them with Bluetooth connected mouse and keyboard.
+
+On HoloLens 2, in addition to using app windows in mixed reality home, you can also use one app window at a time inside an immersive app. You can also put an app window into **Follow me** mode where it will stay in front of you as you walk around. When you open an app window while inside an immersive app, it will open in **Follow me** mode automatically. You can [move, resize, and rotate](hololens2-basic-usage.md#move-resize-and-rotate-holograms) app windows directly using your hands in both mixed reality home and inside an immersive app.
+
+> [!NOTE]
+>
+> - Up to three app windows can be active in mixed reality home at a time. You can open more, but only three will remain active.
+> - When an app window is not active, it will show content that looks darkened compared to an active window. Some will simply show the app icon instead of any content. To activate an inactive window simply **select** it.
+> - Each open app can have one active window at a time, except Microsoft Edge, which can have up to three.
+
+### Close apps
+
+To close an app that uses an app window, simply close the app window with the **Close** button on the title bar. You can also look at the window and say "Close".
+
+To exit an app that uses immersive view, use the Start gesture to bring up the **Start menu**, then select the **Mixed reality home** button.
+
+If an immersive app is in a broken state and you need to restart it, you can make sure the app is first completely shut down by closing its launcher in mixed reality home, then launching it from the Start menu.
+
+## Related info
+
+[Find, Install, and Uninstall applications from the Microsoft Store](holographic-store-apps.md)
diff --git a/devices/hololens/holographic-photos-and-videos.md b/devices/hololens/holographic-photos-and-videos.md
new file mode 100644
index 0000000000..10e6bb4756
--- /dev/null
+++ b/devices/hololens/holographic-photos-and-videos.md
@@ -0,0 +1,150 @@
+---
+title: Capture and manage mixed reality photos and videos
+description: Learn how to capture, view, and share mixed reality photos and videos, using HoloLens.
+keywords: hololens, photo, video, capture, mrc, mixed reality capture, photos, camera, stream, livestream, demo
+ms.assetid: 1b636ec3-6186-4fbb-81b2-71155aef0593
+ms.prod: hololens
+ms.sitesec: library
+author: mattzmsft
+ms.author: mazeller
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+ms.date: 10/28/2019
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Create mixed reality photos and videos
+
+HoloLens gives users the experience of mixing the real world with the digital world. Mixed reality capture (MRC) lets you capture that experience as a photo or video, or share what you see with others in real-time.
+
+Mixed reality capture uses a first-person point of view so other people can see holograms as you see them. For a third-person point of view, use [spectator view](https://docs.microsoft.com/windows/mixed-reality/spectator-view). Spectator view is especially useful for demos.
+
+While it's fun to share videos amongst friends and colleagues, videos can also help teach other people to use an app or to communicate problems with apps and experiences.
+
+> [!NOTE]
+> If you can't launch mixed reality capture experiences and your HoloLens is a work device, check with your system administrator. Access to the camera can be restricted through company policy.
+
+## Capture a mixed reality photo
+
+There are several ways to take a photo of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu.
+
+### Hardware buttons to take photos
+
+To take a quick photo of your current view, press the volume up and volume down buttons at the same time. This is a bit like the HoloLens version of a screenshot or print screen.
+
+- [Button locations on HoloLens 2](hololens2-hardware.md)
+- [Button locations on HoloLens (1st gen)](hololens1-hardware.md#hololens-components)
+
+> [!NOTE]
+> Holding the **volume up** and **volume down** buttons for three seconds will start recording a video rather than taking a photo. To stop recording, tap both **volume up** and **volume down** buttons simultaneously.
+
+### Voice commands to take photos
+
+Cortana can also take a picture. Say: "Hey Cortana, take a picture."
+
+### Start menu to take photos
+
+Use the Start gesture to go to **Start**, then select the **camera** icon.
+
+Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to take a photo. You can continue to air tap and capture additional photos. Any photos you capture will be saved to your device.
+
+Use the Start gesture again to end photo capture.
+
+## Capture a mixed reality video
+
+There are several ways to record a video of mixed reality on HoloLens; you can use hardware buttons, voice, or the Start menu.
+
+### Hardware buttons to record videos
+
+The quickest way to record a video is to press and hold the **volume up** and **volume down** buttons simultaneously until a three-second countdown begins. To stop recording, tap both buttons simultaneously.
+
+> [!NOTE]
+> Quickly pressing the **volume up** and **volume down** buttons at the same time will take a photo rather than recording a video.
+
+### Voice to record videos
+
+Cortana can also record a video. Say: "Hey Cortana, start recording." To stop a video, say "Hey Cortana, stop recording."
+
+### Start menu to record videos
+
+Use the Start gesture to go to **Start**, then select the **video** icon. Point your head in the direction of what you want to capture, then [air tap](hololens2-basic-usage.md#touch-holograms-near-you) to start recording. There will be a three second countdown and your recording will begin.
+
+To stop recording, use the Start gesture and select the highlighted **video** icon. The video will be saved to your device.
+
+> [!NOTE]
+> **Applies to HoloLens (1st gen) only**
+> The [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018) changes how the Start gesture and Windows button behave on HoloLens (1st gen). Before the update, the Start gesture or Windows button would stop a video recording. After the update, however, the Start gesture or Windows button opens the **Start** menu (or the **quick actions menu** if you are in an immersive app), from which you can select the highlighted **video** icon to stop recording.
+
+## Share what you see in real-time
+
+You can share what you see in HoloLens with friends and colleagues in real-time. There are a few methods available:
+
+1. Connecting to a Miracast-enabled device or adapter to watch on a TV.
+1. Using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal) to watch on a PC
+1. Using the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) to watch on a PC.
+1. Deploying the [Microsoft Dynamics 365 Remote Assist](https://dynamics.microsoft.com/en-us/mixed-reality/remote-assist) app, which enables front-line workers to stream what they see to a remote expert. The remote expert can then guide the front-line worker verbally or by annotating in their world.
+
+> [!NOTE]
+> Sharing what you see via Windows Device Portal or Microsoft HoloLens companion app requires your HoloLens to be in [Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#setting-up-hololens-to-use-windows-device-portal).
+
+### Stream video with Miracast
+
+Use the Start gesture to go to **Start**, then select the **connect** icon. From the picker that appears, select the Miracast-enabled device or adapter to which you want to connect.
+
+To stop sharing, use the Start gesture and select the highlighted **connect** icon. Because you were streaming, nothing will be saved to your device.
+
+> [!NOTE]
+> Miracast support was enabled on HoloLens (1st gen) beginning with the [Windows 10 October 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-october-2018).
+
+### Real time video with Windows Device Portal
+
+Because sharing via Windows Device Portal requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode and navigate Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+
+### Microsoft HoloLens companion app
+
+Because sharing via the Microsoft HoloLens companion app requires Developer mode to be enabled on HoloLens, follow the instructions in our developer documentation to [set up Developer mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). Then, download the [Microsoft HoloLens companion app](https://www.microsoft.com/store/productId/9NBLGGH4QWNX) and follow the instructions within the app to connect to your HoloLens.
+
+Once the app is set up with your HoloLens, select the **Live stream** option from the app's main menu.
+
+## View your mixed reality photos and videos
+
+Mixed reality photos and videos are saved to the device's "Camera Roll". You can browse the contents of this folder on your HoloLens with the File Explorer app (navigate to Pictures > Camera Roll).
+
+You can also view your mixed reality photos and videos in the Photos app, which is pre-installed on HoloLens. To pin a photo in your world, select it in the Photos app and choose **Place in mixed world**. You can move the photo around your world after it's been placed.
+
+To view and/or save your mixed reality photos and videos on a PC connected to HoloLens, you can use [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#mixed-reality-capture) or your [PC's File Explorer via MTP](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018#new-features-for-hololens).
+
+## Share your mixed reality photos and videos
+
+After capturing a mixed reality photo or video, a preview will appear. Select the **share** icon above the preview to bring up the share assistant. From there, you can select the end point to which you'd like to share that photo or video.
+
+You can also share mixed reality photos and videos from OneDrive, by automatically uploading your mixed reality photos and videos. Open the OneDrive app on HoloLens and sign in with a personal [Microsoft account](https://account.microsoft.com) if you haven't already. Select the **settings** icon and choose **Camera upload**. Turn Camera upload on. Your mixed reality photos and videos will now be uploaded to OneDrive each time you launch the app on HoloLens.
+
+> [!NOTE]
+> You can only enable camera upload in OneDrive if you’re signed into OneDrive with a personal Microsoft account. If you set up HoloLens with a work or school account, you can add a personal Microsoft account in the OneDrive app to enable this feature.
+
+## Limitations of mixed reality capture
+
+- While using mixed reality capture, the framerate of HoloLens will be halved to 30 Hz.
+- Videos have a maximum length of five minutes.
+- The resolution of photos and videos may be reduced if the photo/video camera is already in use by another application, while live streaming, or when system resources are low.
+
+## Default file format and resolution
+
+### Default photo format and resolution
+
+| Device | Format | Extension | Resolution |
+|----------|----------|----------|----------|
+| HoloLens 2 | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 3904x2196px |
+| HoloLens (1st gen) | [JPEG](https://en.wikipedia.org/wiki/JPEG) | .jpg | 1408x792px |
+
+### Recorded video format and resolution
+
+| Device | Format | Extension | Resolution | Speed | Audio |
+|----------|----------|----------|----------|----------|----------|
+| HoloLens 2 | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1920x1080px | 30fps | 48kHz Stereo |
+| HoloLens (1st gen) | [MPEG-4](https://en.wikipedia.org/wiki/MPEG-4) | .mp4 | 1216x684px | 24fps | 48kHz Stereo |
diff --git a/devices/hololens/holographic-store-apps.md b/devices/hololens/holographic-store-apps.md
new file mode 100644
index 0000000000..085f14c50e
--- /dev/null
+++ b/devices/hololens/holographic-store-apps.md
@@ -0,0 +1,53 @@
+---
+title: Find, install, and uninstall applications
+description: The Microsoft Store is your source for apps and games that work with HoloLens. Learn more about finding, installing, and uninstalling holographic apps.
+ms.assetid: cbe9aa3a-884f-4a92-bf54-8d4917bc3435
+ms.reviewer: v-miegge
+ms.date: 08/30/2019
+manager: jarrettr
+keywords: hololens, store, uwp, app, install
+ms.prod: hololens
+ms.sitesec: library
+author: mattzmsft
+ms.author: mazeller
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Find, install, and uninstall applications from the Microsoft Store
+
+The Microsoft Store is your go-to source for apps and games that work with HoloLens. When you go to the Store on your HoloLens, any apps you see there will run on it.
+
+Apps on HoloLens use either 2D view or holographic view. Apps that use 2D view look like windows and can be positioned all around you. Apps that use holographic view surround you and become the only app you see.
+
+HoloLens supports many existing applications from the Microsoft Store, as well as new apps built specifically for HoloLens. This article focuses on holographic applications from the Microsoft Store.
+
+To learn more about installing and running custom apps, read [Custom holographic applications](holographic-custom-apps.md).
+
+## Find apps
+
+Open the Microsoft Store from the **Start** menu. Then browse for apps and games. You can use Cortana to search by saying "Hey, Cortana" and then saying your search terms.
+
+## Install apps
+
+To download apps, you'll need to be signed in with a Microsoft account. To buy them, you'll need a payment method associated with the Microsoft account you use on your HoloLens. To set up a payment method, go to [account.microsoft.com](https://account.microsoft.com/) and select **Payment & billing** > **Payment options** > **Add a payment option**.
+
+1. To open the [**Start** menu](holographic-home.md), perform a [bloom](hololens1-basic-usage.md) gesture or tap your wrist.
+2. Select the Store app and then tap to place this tile into your world.
+3. Once the Store app opens, use the search bar to look for any desired application.
+4. Select **Get** or **Install** on the application's page (a purchase may be required).
+
+## Uninstall apps
+
+There are two ways to uninstall applications. You can uninstall applications through the Microsoft Store or Start menu.
+
+### Uninstall from the Start menu
+
+On the **Start** menu or in the **All apps** list, gaze at the app. Tap and hold until the menu appears, then select **Uninstall**.
+
+### Uninstall from the Microsoft Store
+
+Open the Microsoft Store from the **Start** menu, and then browse for the application you'd like to uninstall. On the Store page, each application that you have installed has an **Uninstall** button.
diff --git a/devices/hololens/hololens-FAQ.md b/devices/hololens/hololens-FAQ.md
new file mode 100644
index 0000000000..a183165e4a
--- /dev/null
+++ b/devices/hololens/hololens-FAQ.md
@@ -0,0 +1,217 @@
+---
+title: Frequently asked questions about HoloLens and holograms
+description: Do you have a quick question about HoloLens or interacting with holograms? This article provides a quick answer and more resources.
+keywords: hololens, faq, known issue, help
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+ms.date: 10/30/2019
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# HoloLens and holograms: Frequently asked questions
+
+Here are some answers to questions you might have about using HoloLens, placing holograms, working with spaces, and more.
+
+Any time you're having problems, make sure HoloLens is [charged up](https://support.microsoft.com/help/12627/hololens-charge-your-hololens). Try [restarting it](hololens-restart-recover.md) to see if that fixes things. And please use the Feedback app to send us info about the issue—you'll find it on the [**Start** menu](holographic-home.md).
+
+For tips about wearing your HoloLens, see [HoloLens fit and comfort: FAQ](https://support.microsoft.com/help/13405/hololens-fit-and-comfort-faq).
+
+This FAQ addresses the following questions and issues:
+
+
+- [My holograms don't look right or are moving around](#my-holograms-dont-look-right-or-are-moving-around)
+- [I see a message that says "Finding your space"](#i-see-a-message-that-says-finding-your-space)
+- [I'm not seeing the holograms I expect to see in my space](#im-not-seeing-the-holograms-i-expect-to-see-in-my-space)
+- [I can't place holograms where I want](#i-cant-place-holograms-where-i-want)
+- [Holograms disappear or are encased in other holograms or objects](#holograms-disappear-or-are-encased-in-other-holograms-or-objects)
+- [I can see holograms that are on the other side of a wall](#i-can-see-holograms-that-are-on-the-other-side-of-a-wall)
+- [When I place a hologram on a wall, it seems to float](#when-i-place-a-hologram-on-a-wall-it-seems-to-float)
+- [Apps appear too close to me when I'm trying to move them](#apps-appear-too-close-to-me-when-im-trying-to-move-them)
+- [I'm getting a low disk space error](#im-getting-a-low-disk-space-error)
+- [HoloLens doesn't respond to my gestures](#hololens-doesnt-respond-to-my-gestures)
+- [HoloLens doesn't respond to my voice](#hololens-doesnt-respond-to-my-voice)
+- [I'm having problems pairing or using a Bluetooth device](#im-having-problems-pairing-or-using-a-bluetooth-device)
+- [I'm having problems with the HoloLens clicker](#im-having-problems-with-the-hololens-clicker)
+- [I can't connect to Wi-Fi](#i-cant-connect-to-wi-fi)
+- [My HoloLens isn't running well, is unresponsive, or won't start](#my-hololens-isnt-running-well-is-unresponsive-or-wont-start)
+- [How do I delete all spaces?](#how-do-i-delete-all-spaces)
+- [I cannot find or use the keyboard to type in the HoloLens 2 Emulator](#i-cannot-find-or-use-the-keyboard-to-type-in-the-hololens-2-emulator)
+
+## My holograms don't look right or are moving around
+
+If your holograms don't look right (for example, they're jittery or shaky, or you see black patches on top of them), try one of these fixes:
+
+- [Clean your device visor](hololens1-hardware.md#care-and-cleaning) and make sure nothing is blocking the sensors.
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Try walking around and gazing at your surroundings so HoloLens can scan them more completely.
+- If you've placed a lot of holograms, try removing some.
+
+If you're still having problems, trying running the Calibration app, which calibrates your HoloLens just for you, to help keep your holograms looking their best. Go to **Settings **>** System **>** Utilities**. Under Calibration, select **Open Calibration**.
+
+[Back to list](#list)
+
+## I see a message that says Finding your space
+
+When HoloLens is learning or loading a space, you might see a brief message that says "Finding your space." If this message continues for more than a few seconds, you'll see another message under the Start menu that says "Still looking for your space."
+
+These messages mean that HoloLens is having trouble mapping your space. When this happens, you'll be able to open apps, but you won't be able to place holograms in your environment.
+
+If you see these messages often, try the following:
+
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Make sure your device visor is clean. [Learn how](hololens1-hardware.md#care-and-cleaning).
+- Make sure you have a strong Wi-Fi signal. If you enter a new environment that has no Wi-Fi or a weak signal, HoloLens won't be able find your space. Check your Wi-Fi connection by going to **Settings **> **Network & Internet** >** Wi-Fi**.
+- Try moving more slowly.
+
+[Back to list](#list)
+
+## I'm not seeing the holograms I expect to see in my space
+
+If you don't see holograms you placed, or you're seeing some you don't expect, try the following:
+
+- Try turning on some lights. HoloLens works best in a well-lit space.
+- Remove holograms you don't need by going to **Settings** > **System** > **Holograms** > **Remove nearby holograms**. Or, if needed, select **Remove all holograms**.
+
+ > [!NOTE]
+ > If the layout or lighting in your space changes significantly, your device might have trouble identifying your space and showing your holograms.
+
+[Back to list](#list)
+
+## I can't place holograms where I want
+
+Here are some things to try if you're having trouble placing holograms:
+
+- Stand about 1 to 3 meters from where you're trying to place the hologram.
+- Don't place holograms on black or reflective surfaces.
+- Make sure you're in a well-lit room without a lot of direct sunlight.
+- Walk around the rooms so HoloLens can rescan your surroundings. To see what's already been scanned, air tap to reveal the mapping mesh graphic.
+
+[Back to list](#list)
+
+## Holograms disappear or are encased in other holograms or objects
+
+If you get too close to a hologram, it will temporarily disappear—just move away from it. Also, if you've placed a lot of holograms close together, some may disappear. Try removing a few.
+
+Holograms can also be blocked or encased by other holograms or by objects such as walls. If this happens, try one of the following:
+
+- If the hologram is encased in another hologram, move it to another location: select **Adjust**, then tap and hold to position it.
+- If the hologram is encased in a wall, select **Adjust**, then walk toward the wall until the hologram appears. Tap and hold, then pull the hologram forward and out of the wall.
+- If you can't move the hologram with gestures, use your voice to remove it. Gaze at the hologram, then say "Remove." Then reopen it and place it in a new location.
+
+[Back to list](#list)
+
+## I can see holograms that are on the other side of a wall
+
+If you're very close to a wall, or if HoloLens hasn't scanned the wall yet, you'll be able to see holograms that are in the next room. Stand 1 to 3 meters from the wall and gaze to scan it.
+
+If HoloLens has problems scanning the wall, it might be because there's a black or reflective object nearby (for example, a black couch or a stainless steel refrigerator). If there is, scan the other side of the wall.
+
+[Back to list](#list)
+
+## When I place a hologram on a wall, it seems to float
+
+Holograms placed on walls will appear to be an inch or so away from the wall. If they appear farther away, try the following:
+
+- Stand 1 to 3 meters from the wall when you place a hologram and face the wall straight on.
+- Air tap the wall to reveal the mapping mesh graphic. Make sure the mesh is lined up with the wall. If it isn't, remove the hologram, rescan the wall, and try again.
+- If the issue persists, run the Calibration app. You'll find it in **Settings** > **System** > **Utilities**.
+
+[Back to list](#list)
+
+## Apps appear too close to me when I'm trying to move them
+
+Try walking around and looking at the area where you're placing the app so HoloLens will scan it from different angles. [Cleaning your device visor](hololens1-hardware.md#care-and-cleaning) may also help.
+
+[Back to list](#list)
+
+## I'm getting a low disk space error
+
+Free up some storage space by doing one or more of the following:
+
+- Remove some of the holograms you've placed, or remove some saved data from within apps. [How do I find my data?](holographic-data.md)
+- Delete some pictures and videos in the Photos app.
+- Uninstall some apps from your HoloLens. In the All apps list, tap and hold the app you want to uninstall, then select **Uninstall**. (This will also delete any of the app's data stored on the device.)
+
+[Back to list](#list)
+
+## HoloLens doesn't respond to my gestures
+
+To make sure HoloLens can see your gestures, keep your hand in the gesture frame, which extends a couple of feet on either side of you. HoloLens can also best see your hand when you hold it about 18 inches in front of your body (though you don't have to be precise about this). When HoloLens can see your hand, the cursor will change from a dot to a ring. Learn more about [using gestures in HoloLens 2](hololens2-basic-usage.md) or [using gestures in HoloLens (1st gen)](hololens1-basic-usage.md).
+
+[Back to list](#list)
+
+## HoloLens doesn't respond to my voice
+
+If Cortana isn't responding to your voice, make sure Cortana is on. In the **All apps** list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+[Back to list](#list)
+
+## I'm having problems pairing or using a Bluetooth device
+
+If you're having problems [pairing a Bluetooth device](hololens-connect-devices.md), try the following:
+
+- Go to **Settings** > **Devices** and make sure Bluetooth is turned on. If it is, try turning if off and on again.
+- Make sure your Bluetooth device is fully charged or has fresh batteries.
+- If you still can't connect, [restart your HoloLens](hololens-recovery.md).
+
+If you're having trouble using a Bluetooth device, make sure it's a supported device. Supported devices include:
+
+- English-language QWERTY Bluetooth keyboards, which can be used anywhere you use the holographic keyboard.
+- Bluetooth mice.
+- The [HoloLens clicker](hololens1-clicker.md).
+
+Other Bluetooth HID and GATT devices can be paired, but they might require a companion app from Microsoft Store to work with HoloLens.
+
+HoloLens doesn't support Bluetooth audio profiles. Bluetooth audio devices, such as speakers and headsets, may appear as available in HoloLens settings, but they aren't supported.
+
+[Back to list](#list)
+
+## I'm having problems with the HoloLens clicker
+
+Use the [clicker](hololens1-clicker.md) to select, scroll, move, and resize holograms. Additional clicker gestures may vary from app to app.
+
+If you're having trouble using the clicker, make sure its charged and paired with your HoloLens. If the battery is low, the indicator light will blink amber. To see if its paired, go to **Settings** > **Devices** and see if it shows up there. [Pair the clicker](hololens-connect-devices.md#pair-the-clicker).
+
+If the clicker is charged and paired and you're still having problems, reset it by holding down the main button and the pairing button for 15 seconds. Then pair the clicker with your HoloLens again.
+
+If that doesn't help, see [Restart or recover the HoloLens clicker](hololens1-clicker.md#restart-or-recover-the-clicker).
+
+[Back to list](#list)
+
+## I can't connect to Wi-Fi
+
+Here are some things to try if you can't connect to Wi-Fi on HoloLens:
+
+- Make sure Wi-Fi is turned on. Bloom to go to Start, then select **Settings** > **Network & Internet** > **Wi-Fi** to check. If Wi-Fi is on, try turning it off and on again.
+- Move closer to the router or access point.
+- Restart your Wi-Fi router, then [restart HoloLens](hololens-recovery.md). Try connecting again.
+- If none of these things work, check to make sure your router is using the latest firmware. You can find this information on the manufacturers website.
+
+[Back to list](#list)
+
+## My HoloLens isn't running well, is unresponsive, or won't start
+
+If your device isn't performing properly, see [Restart, reset, or recover HoloLens](hololens-recovery.md).
+
+[Back to list](#list)
+
+## How do I delete all spaces?
+
+*Coming soon*
+
+[Back to list](#list)
+
+## I cannot find or use the keyboard to type in the HoloLens 2 Emulator
+
+*Coming soon*
+
+[Back to list](#list)
diff --git a/devices/hololens/hololens-calibration.md b/devices/hololens/hololens-calibration.md
new file mode 100644
index 0000000000..cfc55d1070
--- /dev/null
+++ b/devices/hololens/hololens-calibration.md
@@ -0,0 +1,149 @@
+---
+title: Improve visual quality and comfort
+description: Calibrating your IPD (interpupillary distance) can improve the quality of your visuals. Both HoloLens and Windows Mixed Reality immersive headsets offer ways to customize IPD.
+author: Teresa-Motiv
+ms.author: xerxesb
+ms.date: 9/13/2019
+ms.topic: article
+keywords: calibration, comfort, visuals, quality, ipd
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.localizationpriority: high
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Improve visual quality and comfort
+
+HoloLens 2 and HoloLens (1st gen) both work better when they're calibrated to your unique eyes.
+
+While both devices need to calibrate for the best hologram viewing experience, they use different calibration technologies and techniques. Jump to [HoloLens 2 calibration](#calibrating-your-hololens-2) or [HoloLens (1st gen) calibration](#calibrating-your-hololens-1st-gen).
+
+## Calibrating your HoloLens 2
+
+HoloLens 2 uses eye-tracking technology to improve your experience seeing and interacting with the virtual environment. Calibrating the HoloLens 2 ensures that it can accurately track your eyes (and the eyes of anyone else who uses the device). After calibration, holograms will appear correctly even as the visor shifts on your head.
+
+HoloLens 2 prompts a user to calibrate the device under the following circumstances:
+
+- The user is using the device for the first time
+- The user previously opted out of the calibration process
+- The calibration process did not succeed the last time the user used the device
+- The user has deleted their calibration profiles
+- The visor is raised and the lowered and any of the above circumstances apply (this may be disabled in **Settings > System > Calibration**.)
+
+
+
+During this process, you'll look at a set of targets (gems). It's fine if you blink or close your eyes during calibration but try not to stare at other objects in the room. This allows HoloLens to learn about your eye position to render your holographic world.
+
+
+
+
+
+
+
+If calibration was successful, you'll see a success screen. If not, read more about diagnosing calibration failures [here](#troubleshooting-hololens-2-calibration).
+
+
+
+### Calibration when sharing a device or session
+
+Multiple users can share a HoloLens 2 device, without a need for each person to go through device setup. When a new user puts the device on their head for th first time, HoloLens 2 automatically prompts the user to calibrate visuals. When a user that has previously calibrated visuals puts the device on their head, the display seamlessly adjusts for quality and a comfortable viewing experience.
+
+### Manually starting the calibration process
+
+1. Use the start gesture to open the [**Start** menu](hololens2-basic-usage.md#start-gesture).
+1. If the Settings app isn't pinned to **Start**, select **All Apps**.
+1. Select **Settings**, and then select **System** > **Calibration** > **Eye Calibration** > **Run eye calibration**.
+
+ 
+
+### Troubleshooting HoloLens 2 calibration
+
+Calibration should work for most people, but there are cases where calibration fails.
+
+Some potential reasons for calibration failure include:
+
+- Getting distracted and not following the calibration targets
+- Dirty or scratched device visor or device visor not positioned properly
+- Dirty or scratched glasses
+- Certain types of contact lenses and glasses (colored contact lenses, some toric contact lenses, IR blocking glasses, some high prescription glasses, sunglasses, or similar)
+- More-pronounced makeup and some eyelash extensions
+- Hair or thick eyeglass frames if they are blocking the device from seeing your eyes
+- Certain eye physiology, eye conditions or eye surgery such as narrow eyes, long eyelashes, amblyopia, nystagmus, some cases of LASIK or other eye surgeries
+
+If calibration is unsuccessful try:
+
+- Cleaning your device visor
+- Cleaning your glasses
+- Pushing your device visor as close to your eyes as possible
+- Moving objects in your visor out of the way (such as hair)
+- Turning on a light in your room or moving out of direct sunlight
+
+If you followed all guidelines and calibration is still failing, please let us know by filing feedback in [Feedback Hub](hololens-feedback.md).
+
+### Calibration data and security
+
+Calibration information is stored locally on the device and is not associated with any account information. There is no record of who has used the device without calibration. This mean new users will get prompted to calibrate visuals when they use the device for the first time, as well as users who opted out of calibration previously or if calibration was unsuccessful.
+
+Calibration information can always be deleted from the device in **Settings** > **Privacy** > **Eye tracker**.
+
+### Disable calibration
+
+You can also disable the calibration prompt by following these steps:
+
+1. Select **Settings** > **System** > **Calibration**.
+1. Turn off **When a new person uses this HoloLens, automatically ask to run eye calibration**.
+
+> [!IMPORTANT]
+> This setting may adversely affect hologram rendering quality and comfort. When you turn off this setting, features that depend on eye tracking (such as text scrolling) no longer work in immersive applications.
+
+### HoloLens 2 eye-tracking technology
+
+The device uses its eye-tracking technology to improve display quality, and to ensure that all holograms are positioned accurately and comfortable to view in 3D. Because it uses the eyes as landmarks, the device can adjust itself for every user and tune its visuals as the headset shifts slightly throughout use. All adjustments happen on the fly without a need for manual tuning.
+
+HoloLens applications use eye tracking to track where you are looking in real time. This is the main capability developers can leverage to enable a whole new level of context, human understanding and interactions within the Holographic experience. Developers don’t need to do anything to leverage this capability.
+
+## Calibrating your HoloLens (1st gen)
+
+HoloLens (1st gen) adjusts hologram display according to the your [interpupillary distance](https://en.wikipedia.org/wiki/Interpupillary_distance) (IPD). If the IPD is not accurate, holograms may appear unstable or at an incorrect distance. You can improve the quality of your visuals by calibrating the device to your interpupillary distance (IPD).
+
+When you set up your Hololens (1st gen) device, it prompts to calibrate your visuals after Cortana introduces herself. It's recommended that you complete the calibration step during this setup phase. However you can skip it by waiting until Cortana prompts you and then saying "Skip."
+
+During the calibration process, HoloLens asks you to align your finger with a series of six targets per eye. HoloLens uses this process to set the IPD correctly for your eyes.
+
+
+
+### Manually start the calibration process
+
+If you need to update the calibration or if a new user needs to adjust it, you can manually run the Calibration app at any time. The Calibration app is installed by default. You can access it by using eihter the **Start** menu or the Settings app.
+
+To use the **Start** menu to run the Calibration app, follow these steps:
+
+1. Use the [bloom](hololens1-basic-usage.md) gesture to open the **Start** menu.
+1. To view all apps, select **+**.
+1. Select **Calibration**.
+
+
+
+
+
+To use the Settings app to run the Calibration app, follow these steps:
+
+1. Use the [bloom](hololens1-basic-usage.md) gesture to open the **Start** menu.
+1. If **Settings** isn't pinned to **Start**, select **+** to view all apps.
+1. Select **Settings**.
+1. Select **System** > **Utilities** > **Open Calibration**.
+
+
+
+## Immersive headsets
+
+Some immersive headsets provide the ability to customize the IPD setting. To change the IPD for your headset, open the Settings app and select **Mixed reality** > **Headset display**, and then move the slider control. You’ll see the changes in real time in your headset. If you know your IPD, maybe from a visit to the optometrist, you can enter it directly as well.
+
+You can also adjust this setting on your PC by selecting **Settings** > **Mixed reality** > **Headset display**.
+
+If your headset does not support IPD customization, this setting will be disabled.
diff --git a/devices/hololens/hololens-commercial-features.md b/devices/hololens/hololens-commercial-features.md
new file mode 100644
index 0000000000..309d81e904
--- /dev/null
+++ b/devices/hololens/hololens-commercial-features.md
@@ -0,0 +1,78 @@
+---
+title: Commercial features
+description: The Microsoft HoloLens Commercial Suite includes features that make it easier for businesses to manage HoloLens devices. HoloLens 2 devices are equipped with commercial features by default.
+keywords: HoloLens, commercial, features, mdm, mobile device management, kiosk mode
+author: scooley
+ms.author: scooley
+ms.date: 08/26/2019
+ms.topic: article
+audience: ITPro
+ms.prod: hololens
+ms.sitesec: library
+ms.localizationpriority: high
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Commercial features
+
+HoloLens includes features that make it easier for businesses to manage HoloLens devices.
+
+Every HoloLens 2 device has commercial features available.
+
+HoloLens (1st gen) came with two licensing options, the developer license and a commercial license. To unlock HoloLens's commercial capabilities, upgrade from the developer license to a commercial license. To purchase the Microsoft HoloLens Commercial Suite, contact your local Microsoft account manager.
+
+>[!VIDEO https://www.youtube.com/embed/tNd0e2CiAkE]
+
+## Key commercial features
+
+- **Kiosk mode.** You can use HoloLens in demo or showcase experiences by using kiosk mode, to limit which apps can run.
+
+ 
+
+- **Mobile Device Management (MDM) for HoloLens.** Your IT department can manage multiple HoloLens devices simultaneously by using solutions such as Microsoft Intune. You can manage settings, select apps to install, and set security configurations that are tailored to your organization's needs.
+
+ 
+
+- **Windows Update for Business.** Windows Update for Business provides controlled operating system updates to devices and support for the long-term servicing channel.
+- **Data security.** BitLocker data encryption is enabled on HoloLens to provide the same level of security protection as any other Windows device.
+- **Work access.** Anyone in your organization can remotely connect to the corporate network through virtual private network (VPN) on a HoloLens. HoloLens can also access Wi-Fi networks that require credentials.
+- **Microsoft Store for Business.** Your IT department can also set up an enterprise private store, containing only your company’s apps for your specific HoloLens usage. Securely distribute your enterprise software to selected group of enterprise users.
+
+## Feature comparison between editions
+
+|Features |HoloLens Development Edition |HoloLens Commercial Suite |HoloLens 2 |
+|---|:---:|:---:|:---:|
+|Device Encryption (BitLocker) | |✔️ |✔️ |
+|Virtual Private Network (VPN) | |✔️ |✔️ |
+|[Kiosk mode](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal#kiosk-mode) | |✔️ |✔️ |
+|**Management and deployment** | | | |
+|Mobile Device Management (MDM) | |✔️ |✔️ |
+|Ability to block unenrollment | |✔️ |✔️ |
+|Cert-based corporate Wi-Fi access | |✔️ |✔️ |
+|Microsoft Store (Consumer) |Consumer |Filter by using MDM |Filter by using MDM |
+|[Business Store Portal](https://docs.microsoft.com/microsoft-store/working-with-line-of-business-apps) | |✔️ |✔️ |
+|**Security and identity** | | | |
+|Sign in by using Azure Active Directory (AAD) account |✔️ |✔️ |✔️ |
+|Sign in by using Microsoft Account (MSA) |✔️ |✔️ |✔️ |
+|Next Generation Credentials with PIN unlock |✔️ |✔️ |✔️ |
+|[Secure boot](https://docs.microsoft.com/windows-hardware/design/device-experiences/oem-secure-boot) |✔️ |✔️ |✔️ |
+|**Servicing and support** | | | |
+|Automatic system updates as they arrive |✔️ |✔️ |✔️ |
+|[Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb) | |✔️ |✔️ |
+|Long-Term Servicing Channel (LTSC) | |✔️ |✔️ |
+
+## Enabling commercial features
+
+Your organization's IT admin can set up commercial features such as Microsoft Store for Business, kiosk mode, and enterprise Wi-Fi access. The [Microsoft HoloLens](https://docs.microsoft.com/hololens) documentation provides step-by-step instructions for enrolling devices and installing apps from Microsoft Store for Business.
+
+## See also
+
+- [Microsoft HoloLens](https://docs.microsoft.com/hololens)
+- [Kiosk mode](/windows/mixed-reality/using-the-windows-device-portal.md#kiosk-mode)
+- [CSPs supported in HoloLens devices](/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices)
+- [Microsoft Store For Business and line of business applications](https://blogs.technet.microsoft.com/sbucci/2016/04/13/windows-store-for-business-and-line-of-business-applications/)
+- [Working with line-of-business apps](/microsoft-store/working-with-line-of-business-apps)
diff --git a/devices/hololens/hololens-commercial-infrastructure.md b/devices/hololens/hololens-commercial-infrastructure.md
new file mode 100644
index 0000000000..ad23e185ee
--- /dev/null
+++ b/devices/hololens/hololens-commercial-infrastructure.md
@@ -0,0 +1,113 @@
+---
+title: Infrastructure Guidelines for HoloLens
+description:
+ms.prod: hololens
+ms.sitesec: library
+author: pawinfie
+ms.author: pawinfie
+audience: ITPro
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 1/23/2020
+ms.reviewer:
+manager: bradke
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Configure Your Network
+
+This portion of the document will require the following people:
+1. Network Admin with permissions to make changes to the proxy/firewall
+2. Azure Active Directory Admin
+3. Mobile Device Manager Admin
+4. Teams admin for Remote Assist only
+
+## Infrastructure Requirements
+
+### HoloLens Specific Network Requirements
+Make sure that these ports and URLs are allowed on your network firewall. This will enable HoloLens to function properly. The latest list can be found [here](hololens-offline.md).
+
+### Remote Assist Specific Network Requirements
+
+1. The recommended bandwidth for optimal performance of Remote Assist is 1.5Mbps. Detailed network requirements and additional information can be found [here](https://docs.microsoft.com/MicrosoftTeams/prepare-network).
+**Please note, if you don’t network have network speeds of at least 1.5Mbps, Remote Assist will still work. However, quality may suffer.**
+1. Make sure that these ports and URLs are allowed on your network firewall. This will enable Microsoft Teams to function. The latest list can be found [here](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams).
+
+### Guides Specific Network Requirements
+Guides only require network access to download and use the app.
+
+## Azure Active Directory Guidance
+This step is only necessary if your company plans on managing the HoloLens and mixed reality apps.
+
+### 1. Ensure that you have an Azure AD License.
+Please [HoloLens Licenses Requirements](hololens-licenses-requirements.md)for additional information.
+
+### 2. Ensure that your company’s users are in Azure Active Directory (Azure AD).
+Instructions for adding users can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/add-users-azure-active-directory).
+
+### 3. We suggest that users who will be need similar licenses are added to a group.
+1. [Create a Group](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal)
+
+2. [Add users to groups](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-groups-members-azure-portal)
+
+### 4. Ensure that your company’s users (or group of users) are assigned the necessary licenses.
+Directions for assigning licenses can be found [here](https://docs.microsoft.com/azure/active-directory/fundamentals/license-users-groups).
+
+### 5. **IMPORTANT:** Only do this step if users are expected to enroll their HoloLens/Mobile device onto the network.
+These steps ensure that your company’s users (or a group of users) can add devices.
+1. Option 1: Give all users permission to join devices to Azure AD.
+**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
+**Set Users may join devices to Azure AD to *All***
+
+1. Option 2: Give selected users/groups permission to join devices to Azure AD
+**Sign in to the Azure portal as an administrator** > **Azure Active Directory** > **Devices** > **Device Settings** >
+**Set Users may join devices to Azure AD to *Selected***
+
+
+1. Option 3: You can block all users from joining their devices to the domain. This means that all devices will need to be manually enrolled by your IT department.
+
+## Mobile Device Manager Admin Steps
+
+### Scenario 1: Kiosk Mode
+As a note, auto-launching an app does not currently work for HoloLens.
+
+How to Set Up Kiosk Mode Using Microsoft Intune.
+#### 1. Sync Microsoft Store to Intune ([Here](https://docs.microsoft.com/intune/apps/windows-store-for-business))
+
+#### 2. Check your app settings
+
+1. Log into your Microsoft Store Business account
+1. **Manage** > **Products and Services** > **Apps and Software** > **Select the app you want to sync** > **Private Store Availability** > **Select “Everyone” or “Specific Groups”**
+1. If you do not see your apps in **Intune** > **Client Apps** > **Apps** , you may have to [sync your apps](https://docs.microsoft.com/intune/apps/windows-store-for-business#synchronize-apps) again.
+
+#### 3. Configuring Kiosk Mode using MDM
+
+Information on configuring Kiosk Mode in Intune can be found [here](https://docs.microsoft.com/hololens/hololens-kiosk#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803)
+
+ >[!NOTE]
+ >You can configure different users to have different Kiosk Mode experiences by using “Azure AD” as the “User logon type”. However, this option is only available in Multi-App kiosk mode. Multi-App kiosk mode will work with only one app as well as multiple apps.
+
+
+
+If you are configuring Kiosk Mode on an MDM other than Intune, please check your MDM provider's documentation.
+
+## Additional Intune Quick Links
+
+1. [Create Profiles:](https://docs.microsoft.com/intune/configuration/device-profile-create) Profiles allow you to add and configure settings that will be pushed to the devices in your organization.
+
+1. [CSPs (Configuration Service Providers)](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices) allows you to create and deploy management settings for the devices on your network. Some CSPs are supported by HoloLens devices. (See the list of CSPs for HoloLens [here](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#csps-supported-in-hololens-devices).
+
+1. [Create Compliance Policy](https://docs.microsoft.com/intune/protect/create-compliance-policy)
+
+1. Conditional Access allows/denies mobile devices and mobile applications from accessing company resources. Two documents you may find helpful are [Plan your CA Deployment](https://docs.microsoft.com/azure/active-directory/conditional-access/plan-conditional-access) and [Best Practices](https://docs.microsoft.com/azure/active-directory/conditional-access/best-practices).
+
+## Certificates and Authentication
+### MDM Certificate Distribution
+If your company requires certificates, Intune supports PKCS, PFX, and SCEP. It is important to understand which certificate is right for your company. Please visit [here](https://docs.microsoft.com/intune/protect/certificates-configure) to determine which cert is best for you. If you plan to use certs for HoloLens Authentication, PFX or SCEP may be right for you.
+
+Steps for SCEP can be found [here](https://docs.microsoft.com/intune/protect/certificates-profile-scep).
+
+### Device Certificates
+Certificates can also be added to the HoloLens through package provisioning. Please see [HoloLens Provisioning](hololens-provisioning.md) for additional information.
diff --git a/devices/hololens/hololens-connect-devices.md b/devices/hololens/hololens-connect-devices.md
new file mode 100644
index 0000000000..bbe2dad4d3
--- /dev/null
+++ b/devices/hololens/hololens-connect-devices.md
@@ -0,0 +1,74 @@
+---
+title: Connect to Bluetooth and USB-C devices
+description: This guide walks through connecting to Bluetooth and USB-C devices and accessories.
+ms.assetid: 01af0848-3b36-4c13-b797-f38ad3977e30
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 09/13/2019
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Connect to Bluetooth and USB-C devices
+
+## Pair Bluetooth devices
+
+Pair a Bluetooth mouse and keyboard with HoloLens, then use them to interact with holograms and to type anywhere you'd use the holographic keyboard.
+
+Classes of Bluetooth devices supported by HoloLens 2:
+
+- Mouse
+- Keyboard
+- Bluetooth audio output (A2DP) devices
+
+Classes of Bluetooth devices supported by HoloLens (1st gen):
+
+- Mouse
+- Keyboard
+- HoloLens (1st gen) clicker
+
+> [!NOTE]
+> Other types of Bluetooth devices, such as speakers, headsets, smartphones, and game pads, may appear as available in HoloLens settings, but aren't supported on HoloLens (1st gen). [Learn more](https://go.microsoft.com/fwlink/p/?LinkId=746660).
+
+### Pair a Bluetooth keyboard or mouse
+
+1. Turn on your keyboard or mouse and make it discoverable. The way you make it discoverable depends on the device. To learn how to do this, check the device or visit the manufacturer's website.
+
+1. Use the bloom gesture (HoloLens (1st gen) or the start gesture (HoloLens 2) to go to **Start**, then select **Settings**.
+1. Select **Devices** and make sure that Bluetooth is on. When you see the device name, select **Pair** and follow the instructions.
+
+### Pair the clicker
+
+> Applies to HoloLens (1st gen) only.
+
+1. Use the bloom gesture to go to **Start**, then select **Settings**.
+
+1. Select **Devices** and make sure that Bluetooth is on.
+1. Use the tip of a pen to press and hold the clicker's pairing button until the status light blinks white. Make sure to hold the button down until the light starts blinking. [Where's the pairing button?](hololens1-clicker.md)
+1. On the pairing screen, select **Clicker** > **Pair**.
+
+## Connect USB-C devices
+
+> Applies to HoloLens 2 only.
+
+HoloLens 2 lets you connect a wide range of USB-C devices.
+
+HoloLens 2 supports the following devices classes:
+
+- Mass storage devices (such as thumb drives)
+- Ethernet adapters (including ethernet with charging)
+- USB-C to 3.5mm digital audio adapters
+- USB-C digital audio headsets (including headset adapters with charging)
+- Wired mouse
+- Wired keyboard
+- Combination PD hubs (USB A + PD charging)
+
+## Connect to Miracast
+
+Use Miracast by opening the **Start** menu and selecting the display icon or saying "Connect" while gazing at the **Start** menu. Choose an available device from the list that appears and complete pairing to begin projection.
diff --git a/devices/hololens/hololens-cortana.md b/devices/hololens/hololens-cortana.md
new file mode 100644
index 0000000000..82ded27dd3
--- /dev/null
+++ b/devices/hololens/hololens-cortana.md
@@ -0,0 +1,122 @@
+---
+title: Use your voice with HoloLens
+description: Cortana can help you do all kinds of things on your HoloLens
+ms.assetid: fd96fb0e-6759-4dbe-be1f-58bedad66fed
+ms.date: 11/8/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+audience: ITPro
+ms.author: v-miegge
+ms.topic: article
+manager: jarrettr
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Use your voice with HoloLens
+
+You can use your voice to do almost anything on HoloLens, such as taking a quick photo or opening an app. Many voice commands are built into HoloLens, while others are available through Cortana.
+
+This article teaches you how to control HoloLens and your holographic world with your voice and with Cortana.
+
+> [!NOTE]
+> Speech is only supported in [some languages](hololens2-language-support.md). The speech language is based on the Windows display language, not the keyboard language.
+>
+> You can verify the Windows display language by selecting **Settings** > **Time and Language** > **Language**.
+
+## Built-in voice commands
+
+Get around HoloLens faster with these basic commands. In order to use these you need to enable Speech during first run of the device or in **Settings** > **Privacy** > **Speech**. You can always check whether speech is enabled by looking at the status at the top of Start menu.
+
+### General speech commands
+
+Use these commands throughout Windows Mixed Reality to get around faster. Some commands use the gaze cursor, which you bring up by saying “select.”
+
+>[!NOTE]
+>Hand rays are not supported on HoloLens (1st Gen).
+
+| Say this | To do this |
+| - | - |
+| "Select" | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say “select” again. |
+|Open the Start menu | "Go to Start" |
+|Close the Start menu | "Close" |
+|Leave an immersive app | Say "Go to Start" to bring up the quick actions menu, then say "Mixed reality home." |
+|Hide and show hand ray | "Hide hand ray" / "Show hand ray" |
+|See available speech commands | "What can I say?" |
+
+### Hologram commands
+
+To use these commands, gaze at a 3D object, hologram, or app window.
+
+| Say this | To do this |
+| - | - |
+| "Bigger" | Make it bigger |
+| "Smaller" | Make it smaller |
+| "Face me" | Turn it to face you |
+| "Move this" | Move it (follow your gaze) |
+| "Close" | Close it |
+| "Follow me" / "Stop following" | Make it follow you as you move around |
+
+### See it, say it
+
+Many buttons and other elements on HoloLens also respond to your voice—for example, **Follow me** and **Close** on the app bar, or the **Back** button in Edge. To find out if a button is voice-enabled, rest your **gaze cursor** on it for a moment to see a voice tip.
+
+### Dictation mode
+
+Tired of typing? Switch to dictation mode any time that the holographic keyboard is active. To get started, select the microphone button or say "Start dictating." To stop dictating, select the button again or say "Stop dictating." To delete what you just dictated, say "Delete that."
+
+> [!NOTE]
+> To use dictation mode, you have to have an internet connection.
+
+HoloLens dictation uses explicit punctuation, meaning that you say the name of the punctuation you want to use. For instance, you might say "Hey **comma** what are you up to **question mark**."
+
+Here are the punctuation keywords that you can use:
+
+- Period, comma, question mark, exclamation point/exclamation mark
+- New line/new paragraph
+- Semicolon, colon
+- Open quote(s), close quote(s)
+- Hashtag, smiley/smiley face, frowny, winky
+- Dollar, percent
+
+Sometimes it's helpful to spell out things like email addresses. For instance, to dictate example@outlook.com, you'd say "E X A M P L E at outlook dot com."
+
+## Do more with Cortana
+
+Cortana can help you do all kinds of things on your HoloLens, from searching the web to shutting down your device. She can give you suggestions, ideas, reminders, alerts, and more. To get her attention, select Cortana on **Start** or say "Hey Cortana" anytime.
+
+
+
+Here are some things you can try saying (remember to say "Hey Cortana" first).
+
+**Hey, Cortana**...
+
+- What can I say?
+- Increase the volume.
+- Decrease the brightness.
+- Shut down.
+- Restart.
+- Go to sleep.
+- Mute.
+- Launch <*app name*>.
+- Move <*app name*> here (gaze at the spot that you want the app to move to).
+- Go to Start.
+- Take a picture.
+- Start recording. (Starts recording a video.)
+- Stop recording. (Stops recording a video.)
+- What time is it?
+- Show me the latest NBA scores.
+- How much battery do I have left?
+- Tell me a joke.
+
+Some Cortana features that you're used to from Windows on your PC or phone (for example, reminders and notifications) aren't supported in Microsoft HoloLens, and the Cortana experience may vary from one region to another.
+
+### Turn Cortana off
+
+Cortana is on the first time you use HoloLens when you enable speech. You can turn her off in Cortana's settings. In the **All apps** list, select **Cortana** > **Settings**. Then turn off Cortana can give you suggestions, ideas, reminders, alerts, and more.
+
+If Cortana isn't responding to "Hey Cortana," check that speech is enabled on Start and go to Cortana's settings and check to make sure she's on.
diff --git a/devices/hololens/hololens-encryption.md b/devices/hololens/hololens-encryption.md
index 8a223c0745..6c8b9118e6 100644
--- a/devices/hololens/hololens-encryption.md
+++ b/devices/hololens/hololens-encryption.md
@@ -4,22 +4,28 @@ description: Enable Bitlocker device encryption to protect files stored on the H
ms.prod: hololens
ms.mktglfcycl: manage
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 01/26/2019
+ms.reviewer:
+manager: dansimp
+appliesto:
+- HoloLens (1st gen)
---
# Enable encryption for HoloLens
-You can enable [BitLocker device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) to protect files and information stored on the HoloLens. Device encryption helps protect your data by encrypting it using AES-CBC 128 encryption method, which is equivalent to [EncryptionMethodByDriveType method 3](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp#encryptionmethodbydrivetype) in the BitLocker configuration service provider (CSP). Only someone with the right encryption key (such as a password) can decrypt it or perform a data recovery.
+HoloLens (1st gen) and HoloLens 2 both support device encryption using BitLocker, however, BitLocker is always enabled on HoloLens 2.
+This article will help you enable and manage BitLocker on HoloLens (1st gen).
+On HoloLens (1st gen) you can enable BitLocker device encryption manually or using mobile device management (MDM). Follow these instructions to enable [BitLocker device encryption](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption) to protect files and information stored on the HoloLens. Device encryption helps protect your data using the AES-CBC 128 encryption method, which is equivalent to [EncryptionMethodByDriveType method 3](https://docs.microsoft.com/windows/client-management/mdm/bitlocker-csp#encryptionmethodbydrivetype) in the BitLocker configuration service provider (CSP). Personnel who have the correct encryption key (such as a password) can decrypt it or perform a data recovery.
## Enable device encryption using MDM
-You can use your mobile device management (MDM) provider to apply a policy that requires device encryption. The policy used is the [Security/RequireDeviceEncryption setting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-requiredeviceencryption) in the Policy CSP.
+You can use your Mobile Device Management (MDM) provider to apply a policy that requires device encryption. The policy to use is the [Security/RequireDeviceEncryption setting](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-security#security-requiredeviceencryption) in the Policy CSP.
[See instructions for enabling device encryption using Microsoft Intune.](https://docs.microsoft.com/intune/compliance-policy-create-windows#windows-holographic-for-business)
@@ -37,69 +43,57 @@ Provisioning packages are files created by the Windows Configuration Designer to
### Create a provisioning package that upgrades the Windows Holographic edition and enables encryption
-1. [Create a provisioning package for HoloLens.](hololens-provisioning.md)
-
-2. Go to **Runtime settings** > **Policies** > **Security**, and select **RequireDeviceEncryption**.
+1. [Create a provisioning package for HoloLens.](hololens-provisioning.md)
+1. Go to **Runtime settings** > **Policies** > **Security**, and select **RequireDeviceEncryption**.
-2. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
+1. Find the XML license file that was provided when you purchased the Commercial Suite.
+1. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
>[!NOTE]
>You can configure [additional settings in the provisioning package](hololens-provisioning.md).
-3. On the **File** menu, click **Save**.
+1. On the **File** menu, click **Save**.
-4. Read the warning that project files may contain sensitive information, and click **OK**.
+1. Read the warning explaining that project files may contain sensitive information and click **OK**.
>[!IMPORTANT]
- >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-3. On the **Export** menu, click **Provisioning package**.
+ >When you build a provisioning package, you may include sensitive information in the project files and provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when no longer needed.
-4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next**.
-
-5. Set a value for **Package Version**.
+1. On the **Export** menu, click **Provisioning package**.
+1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next**.
+1. Set a value for **Package Version**.
>[!TIP]
>You can make changes to existing packages and change the version number to update previously applied packages.
-6. On the **Select security details for the provisioning package**, click **Next**.
-
-7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
+1. On the **Select security details for the provisioning package**, click **Next**.
+1. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
Optionally, you can click Browse to change the default output location.
-8. Click **Next**.
-
-9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
-
-10. When the build completes, click **Finish**.
-
+1. Click **Next**.
+1. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
+1. When the build completes, click **Finish**.
### Apply the provisioning package to HoloLens
1. Connect the device via USB to a PC and start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box).
-
-2. Briefly press and release the **Volume Down** and **Power** buttons simultaneously.
-
-3. HoloLens will show up as a device in File Explorer on the PC.
-
-4. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
-
-5. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page.
-
-6. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
-
-7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
+1. Briefly press and release the **Volume Down** and **Power** buttons simultaneously.
+1. HoloLens will show up as a device in File Explorer on the PC.
+1. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
+1. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page.
+1. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
+1. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
>[!NOTE]
->If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
+>If the device was purchased before August 2016, you will need to sign into the device with a Microsoft account, get the latest OS update, and then reset the OS in order to apply the provisioning package.
## Verify device encryption
Encryption is silent on HoloLens. To verify the device encryption status:
-
-- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
-
+- On HoloLens, go to **Settings** > **System** > **About**. **BitLocker** is **enabled** if the device is encrypted.
+
+ 
diff --git a/devices/hololens/hololens-enroll-mdm.md b/devices/hololens/hololens-enroll-mdm.md
index 5f79d72c2e..dc042a0f9f 100644
--- a/devices/hololens/hololens-enroll-mdm.md
+++ b/devices/hololens/hololens-enroll-mdm.md
@@ -1,14 +1,19 @@
---
-title: Enroll HoloLens in MDM (HoloLens)
+title: Enroll HoloLens in MDM
description: Enroll HoloLens in mobile device management (MDM) for easier management of multiple devices.
ms.prod: hololens
-ms.mktglfcycl: manage
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+ms.assetid: 2a9b3fca-8370-44ec-8b57-fb98b8d317b0
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 07/15/2019
+ms.reviewer:
+manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Enroll HoloLens in MDM
@@ -16,26 +21,28 @@ ms.date: 07/27/2017
You can manage multiple Microsoft HoloLens devices simultaneously using solutions like [Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business). You will be able to manage settings, select apps to install and set security configurations tailored to your organization's need. See [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business), the [configuration service providers (CSPs) that are supported in Windows Holographic](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/configuration-service-provider-reference#hololens), and the [policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies).
>[!NOTE]
->Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you [upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
-
+>Mobile device management (MDM), including the VPN, Bitlocker, and kiosk mode features, is only available when you [upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
## Requirements
- Your organization will need to have mobile device management (MDM) set up in order to manage HoloLens devices. Your MDM provider can be Microsoft Intune or a 3rd party provider that uses Microsoft MDM APIs.
-## Auto-enrollment in MDM
+ Your organization will need to have Mobile Device Management (MDM) set up in order to manage HoloLens devices. Your MDM provider can be Microsoft Intune or a 3rd party provider that uses Microsoft MDM APIs.
-If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
+## Auto-enrollment in MDM
+
+If your organization uses Azure Active Directory (Azure AD) and an MDM solution that accepts an AAD token for authentication (currently, only supported in Microsoft Intune and AirWatch), your IT admin can configure Azure AD to automatically allow MDM enrollment after the user signs in with their Azure AD account. [Learn how to configure Azure AD enrollment.](https://docs.microsoft.com/intune/deploy-use/set-up-windows-device-management-with-microsoft-intune#azure-active-directory-enrollment)
When auto-enrollment is enabled, no additional manual enrollment is needed. When the user signs in with an Azure AD account, the device is enrolled in MDM after completing the first-run experience.
## Enroll through Settings app
When the device is not enrolled in MDM during the first-run experience, the user can manually enroll the device with the organization's MDM server using the Settings app.
-
+
1. Go to **Settings** > **Accounts** > **Work access**.
-
-2. Select **Enroll into device management** and enter your organizational account. You will be redirected to your organization's sign in page.
-
-4. Upon successful authentication to the MDM server, a success message is shown.
+1. Select **Enroll into device management** and enter your organizational account. You will be redirected to your organization's sign in page.
+1. Upon successful authentication to the MDM server, a success message is shown.
Your device is now enrolled with your MDM server. The device will need to restart to acquire policies, certificates, and apps. The Settings app will now reflect that the device is enrolled in device management.
+
+## Unenroll HoloLens from Intune
+
+You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
\ No newline at end of file
diff --git a/devices/hololens/hololens-environment-considerations.md b/devices/hololens/hololens-environment-considerations.md
new file mode 100644
index 0000000000..bdd500b298
--- /dev/null
+++ b/devices/hololens/hololens-environment-considerations.md
@@ -0,0 +1,121 @@
+---
+title: Environment considerations for HoloLens
+description: Get the best possible experience using HoloLens when you optimize the device for your eyes and environment. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better holograms.
+keywords: holographic frame, field of view, fov, calibration, spaces, environment, how-to
+author: dorreneb
+ms.author: dobrown
+manager: jarrettr
+ms.date: 8/29/2019
+ms.prod: hololens
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Environment considerations for HoloLens
+
+HoloLens blends the holographic with the "real" world, placing holograms in your surroundings. A holographic app window "hangs" on the wall, a holographic ballerina spins on the tabletop, bunny ears sit on top of your unwitting friend’s head. When you’re using an immersive game or app, the holographic world will spread to fill your surroundings but you’ll still be able to see and move around the space.
+
+The holograms you place will stay where you’ve put them, even if you turn off your device.
+
+## Setting up an environment
+
+HoloLens devices know how to place stable and accurate holograms by *tracking* users in a space. Without proper tracking, the device does not understand the environment or the user within it so holograms can appear in the wrong places, not appear in the same spot every time, or not appear at all. The data used to track users is represented in the *spatial map*.
+
+Tracking performance is heavily influenced by the environment the user is in, and tuning an environment to induce stable and consistent tracking is an art rather than a science. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better tracking.
+
+### Lighting
+
+Windows Mixed Reality uses visual light to track the user's location. When an environment is too bright, the cameras can get saturated, and nothing is seen. If the environment is too dark, the cameras cannot pick up enough information, and nothing is seen. Lighting should be even and sufficiently bright that a human can see without effort, but not so bright that the light is painful to look at.
+
+Areas where there are points of bright light in an overall dim area are also problematic, as the camera has to adjust when moving in and out of bright spaces. This can cause the device to "get lost" and think that the change in light equates to a change in location. Stable light levels in an area will lead to better tracking.
+
+Any outdoor lighting can also cause instability in the tracker, as the sun may vary considerably over time. For example, tracking in the same space in the summer vs. winter can produce drastically different results, as the secondhand light outside may be higher at different times of year.
+
+If you have a luxmeter, a steady 500-1000 lux is a good place to start.
+
+#### Types of lighting
+
+Different types of light in a space can also influence tracking. Light bulbs pulse with the AC electricity running through it - if the AC frequency is 50Hz, then the light pulses at 50Hz. For a human, this pulsing is not noticed. However, HoloLens' 30fps camera sees these changes - some frames will be well-lit, some will be poorly lit, and some will be over-exposed as the camera tries to compensate for light pulses.
+
+In the USA, electricity frequency standard is 60Hz, so light bulb pulses are harmonized with HoloLens' framerate - 60Hz pulses align with HoloLens' 30 FPS framerate. However, many countries have an AC frequency standard of 50Hz, which means some HoloLens frames will be taken during pulses, and others will not. In particular, fluorescent lighting in Europe has been known to cause issues.
+
+There are a few things you can try to resolve flickering issues. Temperature, bulb age, and warm-up cycles are common causes of fluorescent flickering and replacing bulbs may help. Tightening bulbs and making sure current draws are constant can also help.
+
+### Items in a space
+
+HoloLens uses unique environmental landmarks, also known as *features*, to locate itself in a space.
+
+A device can almost never track in a feature-poor area, as the device has no way of knowing where in space it is. Adding features to the walls of a space is usually a good way to improve tracking. Posters, symbols taped to a wall, plants, unique objects, or other similar items all help. A messy desk is a good example of an environment that leads to good tracking - there are a lot of different features in a single area.
+
+Additionally, use unique features in the same space. The same poster repeated multiple times over a wall, for example, will cause device confusion as the HoloLens won't know which of the repetitive posters it is looking at. One common way of adding unique features is to use lines of masking tape to create unique, non-repetitive patterns along the walls and floor of a space.
+
+A good question to ask yourself is: if you saw just a small amount of the scene, could you uniquely locate yourself in the space? If not, it's likely the device will have problems tracking as well.
+
+#### Wormholes
+
+If you have two areas or regions that look the same, the tracker may think they are the same. This results in the device tricking itself into thinking it is somewhere else. We call these types of repetitive areas *wormholes*.
+
+To prevent wormholes, try to prevent identical areas in the same space. Identical areas can sometimes include factory stations, windows on a building, server racks, or work stations. Labelling areas or adding unique features to each similar-looking areas can help mitigate wormholes.
+
+### Movement in a space
+
+If your environment is constantly shifting and changing, the device has no stable features to locate against.
+
+The more moving objects that are in a space, including people, the easier it is to lose tracking. Moving conveyor belts, items in different states of construction, and lots of people in a space have all been known to cause tracking issues.
+
+The HoloLens can quickly adapt to these changes, but only when that area is clearly visible to the device. Areas that are not seen as frequently may lag behind reality, which can cause errors in the spatial map. For example, a user scans a friend and then turns around while the friend leaves the room. A 'ghost' representation of the friend will persist in the spatial mapping data until the user re-scans the now empty space.
+
+### Proximity of the user to items in the space
+
+Similarly to how humans cannot focus well on objects close to the eyes, HoloLens struggles when objects are close to it's cameras. If an object is too close to be seen with both cameras, or if an object is blocking one camera, the device will have far more issues with tracking against the object.
+
+The cameras can see no closer than 15cm from an object.
+
+### Surfaces in a space
+
+Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car - when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
+
+Less shiny objects are easier to track against.
+
+### Wi-Fi fingerprint considerations
+
+As long as Wi-Fi is enabled, map data will be correlated with a Wi-Fi fingerprint, even when not connected to an actual WiFi network/router. Without Wi-Fi info, the space and holograms may be slightly slower to recognize. If the Wi-Fi signals change significantly, the device may think it is in a different space altogether.
+
+Network identification (such as SSID or MAC address) is not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens.
+
+## Mapping new spaces
+
+When you enter a new space (or load an existing one), you’ll see a mesh graphic spreading over the space. This means your device is mapping your surroundings. While a HoloLens will learn a space over time, there are tips and tricks to map spaces.
+
+## Environment management
+
+There are two settings which enable users to “clean up” holograms and cause HoloLens to “forget" a space. They exist in **Holograms and environments** in the settings app, with the second setting also appearing under **Privacy** in the settings app.
+
+1. **Delete nearby holograms**. When you select this setting, HoloLens will erase all anchored holograms and all stored map data for the “current space” where the device is located. A new map section would be created and stored in the database for that location once holograms are again placed in that same space.
+
+1. **Delete all holograms**.By selecting this setting, HoloLens will erase ALL map data and anchored holograms in the entire databases of spaces. No holograms will be rediscovered and any holograms need to be newly placed to again store map sections in the database.
+
+## Hologram quality
+
+Holograms can be placed throughout your environment—high, low, and all around you—but you’ll see them through a [holographic frame](https://docs.microsoft.com/windows/mixed-reality/holographic-frame) that sits in front of your eyes. To get the best view, make sure to adjust your device so you can see the entire frame. And don’t hesitate to walk around your environment and explore!
+
+For your [holograms](https://docs.microsoft.com/windows/mixed-reality/hologram) to look crisp, clear, and stable, your HoloLens needs to be calibrated just for you. When you first set up your HoloLens, you’ll be guided through this process. Later on, if holograms don’t look right or you’re seeing a lot of errors, you can make adjustments.
+
+If you are having trouble mapping spaces, try deleting nearby holograms and remapping the space.
+
+### Calibration
+
+If your holograms look jittery or shaky, or if you’re having trouble placing holograms, the first thing to try is the [Calibration app](hololens-calibration.md). This app can also help if you’re experiencing any discomfort while using your HoloLens.
+
+To get to the Calibration app, go to **Settings** > **System** > **Utilities**. Select **Open Calibration** and follow the instructions.
+
+If someone else is going to be using your HoloLens, they should run the Calibration app first so the device is set up properly for them.
+
+## See also
+
+- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping)
+- [Holograms](https://docs.microsoft.com/windows/mixed-reality/hologram)
diff --git a/devices/hololens/hololens-feedback.md b/devices/hololens/hololens-feedback.md
new file mode 100644
index 0000000000..3199517a90
--- /dev/null
+++ b/devices/hololens/hololens-feedback.md
@@ -0,0 +1,82 @@
+---
+title: Give us feedback
+description: Create actionable feedback for HoloLens and Windows Mixed Reality developers by using the Feedback Hub.
+ms.assetid: b9b24c72-ff86-44a9-b30d-dd76c49479a9
+author: mattzmsft
+ms.author: mazeller
+ms.date: 09/13/2019
+ms.prod: hololens
+ms.topic: article
+keywords: feedback, bug, issue, error, troubleshoot, help
+manager: jarrettr
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Give us feedback
+
+Use the Feedback Hub to tell us which features you love, which features you could do without, or when something could be better.
+
+## Feedback for Windows Mixed Reality immersive headset on PC
+
+> [!IMPORTANT]
+> Before you report an issue, make sure that your environment meets the following requirements so that you can successfully upload logs and other information:
+>
+> - Have a minimum of 3GB free disk space available on the main drive of the device.
+> - To upload cabs or other large files, connect to a non-metered network.
+
+1. Make sure that you have the immersive headset connected to your PC, and then on the desktop, select **Feedback Hub**.
+1. In the left pane, select **Feedback**.
+ 
+1. To enter new feedback, select **Add new feedback**.
+ 
+1. To make feedback actionable, in **What kind of feedback is this?** select **Problem**.
+1. In **Summarize your issue**, enter a meaningful title for your feedback.
+1. In **Give us more detail**, provide details and repro steps.
+ 
+
+ As the top category, select **Mixed Reality**. Then select an applicable subcategory, as explained in the following table:
+
+ |Subcategory |Description |
+ |----------|----------|
+ | Apps | Issues about a specific application. |
+ | Developer | Issues about authoring or running an app for Mixed Reality. |
+ | Device | Issues about the head-mounted device (HMD) itself. |
+ | Home experience | Issues about your VR environment and your interactions with the your mixed reality home. |
+ | Input | Issues about input methods, such as motion controllers, speech, gamepad, or mouse and keyboard. |
+ | Set up | Anything that is preventing you from setting up the device. |
+ | All other issues | Anything else. |
+
+1. If possible, add traces or video to your feedback to help us identify and fix the issue more quickly. To do this, follow these steps:
+ 1. To start collecting traces, select **Start capture**. The app starts collecting traces and a video capture of your mixed reality scenario.
+
+ 
+ 1. Do not close the Feedback Hub app, but switch to the scenario that produces the issue. Run through the scenario to produce the circumstances that you have described.
+ 1. After you finish your scenario, go back to the Feedback Hub app and select **Stop capture**. The app stops collecting information, stores the information in a file, and attaches the file to your feedback.
+1. Select **Submit**.
+ 
+ The Thank You page indicates that your feedback has been successfully submitted.
+ 
+
+To easily direct other people (such as co-workers, Microsoft staff, [forum](https://forums.hololens.com/) readers et al) to the issue, go to **Feedback** > **My Feedback**, select the issue, select **Share**. This action provides a shortened URL that you can give to others so that they can upvote or escalate your issue.
+
+## Feedback for HoloLens
+
+1. Use the **bloom** gesture to open the **Start** menu, and then select **Feedback Hub**.
+
+ 
+1. Place the app in your environment and then select the app to launch it.
+1. To see if someone else has given similar feedback, in the Feedback search box, enter a few keywords about the topic.
+
+ 
+1. If you find similar feedback, select it, add any details, then select **Upvote**.
+
+ 
+1. If you don’t find any similar feedback, select **Add new feedback**, select a topic from **Select a category**, and then select a subcategory from **Select a subcategory**.
+
+ 
+1. Enter your feedback.
+1. If you are reporting a reproducible issue, you can select **Reproduce**. Without closing Feedback Hub, reproduce the issue. After you finish, come back to Feedback Hub and select **I’m done**. The app adds a mixed reality capture of your repro and relevant diagnostic logs to your feedback.
+1. Select **Post feedback**, and you’re done.
diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
new file mode 100644
index 0000000000..3cc6cc4cfc
--- /dev/null
+++ b/devices/hololens/hololens-identity.md
@@ -0,0 +1,111 @@
+---
+title: Managing user identity and login on HoloLens
+description: Manage user identity, security, and login on HoloLens.
+keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference
+ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e
+author: scooley
+ms.author: scooley
+ms.date: 1/6/2019
+ms.prod: hololens
+ms.topic: article
+ms.sitesec: library
+ms.topic: article
+ms.localizationpriority: medium
+audience: ITPro
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# User identity and signin
+
+> [!NOTE]
+> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
+
+Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices.
+
+HoloLens supports several kinds of user identities. You can use one or more user accounts to sign in. Here's an overview of the identity types and authentication options on HoloLens:
+
+| Identity type | Accounts per device | Authentication options |
+| --- | --- | --- |
+| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) |
Azure web credential provider
Azure Authenticator App
Biometric (Iris) – HoloLens 2 only
PIN – Optional for HoloLens (1st gen), required for HoloLens 2
PIN – Optional for HoloLens (1st gen), required for HoloLens 2
Password
|
+| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
+
+Cloud-connected accounts (AAD and MSA) offer more features because they can use Azure services.
+
+## Setting up users
+
+The most common way to set up a new user is during the HoloLens out-of-box experience (OOBE). During setup, HoloLens prompts for a user to sign in by using the account that they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure. See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens 2](hololens2-start.md).
+
+Like Windows on other devices, signing in during setup creates a user profile on the device. The user profile stores apps and data. The same account also provides Single Sign-on for apps such as Edge or Skype by using the Windows Account Manager APIs.
+
+If you use an enterprise or organizational account to sign in to HoloLens, HoloLens enrolls in the organization's IT infrastructure. This enrollment allows your IT Admin to configure Mobile Device Management (MDM) to send group policies to your HoloLens.
+
+By default, as for other Windows 10 devices, you'll have to sign in again when HoloLens restarts or resumes from standby. You can use the Settings app to change this behavior, or the behavior can be controlled by group policy.
+
+### Linked accounts
+
+As in the Desktop version of Windows, you can link additional web account credentials to your HoloLens account. Such linking makes it easier to access resources across or within apps (such as the Store) or to combine access to personal and work resources. After you connect an account to the device, you can grant permission to use the device to apps so that you don't have to sign in to each app individually.
+
+Linking accounts does not separate the user data created on the device, such as images or downloads.
+
+### Setting up multi-user support (AAD only)
+
+> [!NOTE]
+> **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
+HoloLens supports multiple users from the same AAD tenant. To use this feature, you must use an account that belongs to your organization to set up the device. Subsequently, other users from the same tenant can sign in to the device from the sign-in screen or by tapping the user tile on the Start panel. Only one user can be signed in at a time. When a user signs in, HoloLens signs out the previous user.
+
+All users can use the apps installed on the device. However, each user has their own app data and preferences. Removing an app from the device removes it for all users.
+
+## Removing users
+
+You can remove a user from the device by going to **Settings** > **Accounts** > **Other people**. This action also reclaims space by removing all of that user's app data from the device.
+
+## Using single sign-on within an app
+
+As an app developer, you can take advantage of linked identities on HoloLens by using the [Windows Account Manager APIs](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.Web.Core), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
+
+Any account interrupts that might occur, such as requesting user consent for account information, two-factor authentication, and so forth, must be handled when the app requests an authentication token.
+
+If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This request triggers the account settings pane to launch as a modal child of your app. For 2D apps, this window renders directly over the center of your app. For Unity apps, this request briefly takes the user out of your holographic app to render the child window. For information about customizing the commands and actions on this pane, see [WebAccountCommand Class](https://docs.microsoft.com/uwp/api/Windows.UI.ApplicationSettings.WebAccountCommand).
+
+## Enterprise and other authentication
+
+If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
+
+## Deprecated APIs
+
+One way in which developing for HoloLens differs from developing for Desktop is that the [OnlineIDAuthenticator](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator) API is not fully supported. Although the API returns a token if the primary account is in good-standing, interrupts such as those described in this article do not display any UI for the user and fail to correctly authenticate the account.
+
+## Frequently asked questions
+
+### Is Windows Hello for Business supported on HoloLens?
+
+Windows Hello for Business (which supports using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
+
+1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
+1. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
+1. On HoloLens, the user can then use **Settings** > **Sign-in Options** > **Add PIN** to set up a PIN.
+
+> [!NOTE]
+> Users who sign in by using a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
+
+#### Does the type of account change the sign-in behavior?
+
+Yes, the behavior for the type of account affects the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type:
+
+- **Microsoft account**: signs in automatically
+- **Local account**: always asks for password, not configurable in **Settings**
+- **Azure AD**: asks for password by default, and configurable by **Settings** to no longer ask for password.
+
+> [!NOTE]
+> Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy.
+
+## Additional resources
+
+Read much more about user identity protection and authentication on [the Windows 10 security and identity documentation](https://docs.microsoft.com/windows/security/identity-protection/).
+
+Learn more about setting up hybrid identity infrastructure thorough the [Azure Hybrid identity documentation](https://docs.microsoft.com/azure/active-directory/hybrid/).
diff --git a/devices/hololens/hololens-insider.md b/devices/hololens/hololens-insider.md
index 3a90c8fe68..633f296a3e 100644
--- a/devices/hololens/hololens-insider.md
+++ b/devices/hololens/hololens-insider.md
@@ -3,50 +3,52 @@ title: Insider preview for Microsoft HoloLens (HoloLens)
description: It’s simple to get started with Insider builds and to provide valuable feedback for our next major operating system update for HoloLens.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 10/23/2018
+audience: ITPro
+ms.date: 1/6/2020
+ms.reviewer:
+manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
# Insider preview for Microsoft HoloLens
-Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
-
+Welcome to the latest Insider Preview builds for HoloLens! It’s simple to get started and provide valuable feedback for our next major operating system update for HoloLens.
-
-
-## How do I install the Insider builds?
-
-On a device running the Windows 10 April 2018 Update, go to **Settings -> Update & Security -> Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider.
+## Start receiving Insider builds
-Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms.
+On a device running the Windows 10 April 2018 Update, go to **Settings** -> **Update & Security** -> **Windows Insider Program** and select **Get started**. Link the account you used to register as a Windows Insider.
-Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build.
+Then, select **Active development of Windows**, choose whether you’d like to receive **Fast** or **Slow** builds, and review the program terms.
-## How do I stop receiving Insider builds?
+Select **Confirm -> Restart Now** to finish up. After your device has rebooted, go to **Settings -> Update & Security -> Check for updates** to get the latest build.
-If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](https://docs.microsoft.com/windows/mixed-reality/reset-or-recover-your-hololens#perform-a-full-device-recovery) using the Windows Device Recovery Tool to recover your device to a non-Insider version of Windows Holographic.
+## Stop receiving Insider builds
+
+If you no longer want to receive Insider builds of Windows Holographic, you can opt out when your HoloLens is running a production build, or you can [recover your device](hololens-recovery.md) using the Windows Device Recovery Tool to recover your device to a non-Insider version of Windows Holographic.
To verify that your HoloLens is running a production build:
+
- Go to **Settings > System > About**, and find the build number.
-- If the build number is 10.0.17763.1, your HoloLens is running a production build. [See the list of production build numbers.](https://www.microsoft.com/itpro/windows-10/release-information)
+- [See the release notes for production build numbers.](hololens-release-notes.md)
To opt out of Insider builds:
+
- On a HoloLens running a production build, go to **Settings > Update & Security > Windows Insider Program**, and select **Stop Insider builds**.
- Follow the instructions to opt out your device.
+## Provide feedback and report issues
+Please use [the Feedback Hub app](hololens-feedback.md) on your HoloLens to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
+
+>[!NOTE]
+>Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
## Note for developers
You are welcome and encouraged to try developing your applications using Insider builds of HoloLens. Check out the [HoloLens Developer Documentation](https://developer.microsoft.com/windows/mixed-reality/development) to get started. Those same instructions work with Insider builds of HoloLens. You can use the same builds of Unity and Visual Studio that you're already using for HoloLens development.
-
-## Provide feedback and report issues
-
-Please use [the Feedback Hub app](https://docs.microsoft.com/windows/mixed-reality/give-us-feedback) on your HoloLens or Windows 10 PC to provide feedback and report issues. Using Feedback Hub ensures that all necessary diagnostics information is included to help our engineers quickly debug and resolve the problem. Issues with the Chinese and Japanese version of HoloLens should be reported the same way.
-
->[!NOTE]
->Be sure to accept the prompt that asks whether you’d like Feedback Hub to access your Documents folder (select **Yes** when prompted).
-
diff --git a/devices/hololens/hololens-install-apps.md b/devices/hololens/hololens-install-apps.md
deleted file mode 100644
index 05d7673aa2..0000000000
--- a/devices/hololens/hololens-install-apps.md
+++ /dev/null
@@ -1,94 +0,0 @@
----
-title: Install apps on HoloLens (HoloLens)
-description: The recommended way to install apps on HoloLens is to use Microsoft Store for Business.
-ms.prod: hololens
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 10/23/2018
----
-
-# Install apps on HoloLens
-
-The recommended way to install Universal Windows Platform (UWP) apps on HoloLens is to use Microsoft Store for Business. You can make your own [line-of-business application](https://technet.microsoft.com/itpro/windows/manage/working-with-line-of-business-apps) available through Microsoft Store for Business.
-
-You can also deploy apps using your mobile device management (MDM) provider or use the Windows Device Portal to install apps.
-
-## Use Microsoft Store for Business to deploy apps to HoloLens
-
-Microsoft Store for Business is a private Microsoft Store for your enterprise. People in your organization can open the Store app and select your private Store to install apps that you have made available to them.
-
-
-
-In your Microsoft Store for Business dashboard, you can also download apps to distribute to devices that aren't connected to the Internet, plus add line-of-business (LOB) apps for distribution.
-
-### Requirements
-
-- You need to be a global administrator for your Azure Active Directory (Azure AD) tenant.
-
- >[!TIP]
- >You can create an Azure AD account and tenant as part of the Store for Business sign-up process.
-
-- End users need Azure AD accounts when they access Store for Business content from Windows-based devices.
-
-### Microsoft Store for Business process
-
-1. [Sign up for Microsoft Store for Business.](https://technet.microsoft.com/itpro/windows/manage/sign-up-windows-store-for-business)
-2. [Assign roles and permissions for managing your Store for Business.](https://technet.microsoft.com/itpro/windows/manage/roles-and-permissions-windows-store-for-business)
-3. (Optional) [Configure Microsoft Store for Business to work with your MDM provider.](https://technet.microsoft.com/itpro/windows/manage/configure-mdm-provider-windows-store-for-business)
-3. [Get apps for your Store for Business.](https://technet.microsoft.com/itpro/windows/manage/acquire-apps-windows-store-for-business)
-4. [Distribute apps to your employees.](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-to-your-employees-windows-store-for-business)
-
-### Install apps on HoloLens from Microsoft Store for Business
-
-The method that you use to install an app from your Microsoft Store for Business on HoloLens depends on the distribution method that you choose.
-
-| Distribution method | To install on HoloLens|
-| --- | --- |
-| [Using private store](https://docs.microsoft.com/microsoft-store/distribute-apps-from-your-private-store) | Open the Store app and select the tab for your organization to choose from available apps. |
-| Using MDM | [You can configure MDM to synchronize your Store for Business inventory.](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-with-management-tool) See the **Important** note in [Use MDM to deploy apps to HoloLens.](#use-mdm-to-deploy-apps-to-hololens) |
-
-
-
-## Use MDM to deploy apps to HoloLens
-
->[!IMPORTANT]
->Online-licensed apps cannot be deployed with Microsoft Store for Business on HoloLens via an MDM provider. If attempted, apps will remain in “downloading” state. Instead, you can use your MDM provider to deploy MDM-hosted apps to HoloLens, or deploy offline-licensed apps to HoloLens via Store for Business
-
-
-You can deploy UWP apps to HoloLens using your MDM provider. For Intune instructions, see [Deploy apps in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/add-apps).
-
-Using Intune, you can also [monitor your app deployment](https://docs.microsoft.com/intune/deploy-use/monitor-apps-in-microsoft-intune).
-
-
-
-## Use the Windows Device Portal to install apps on HoloLens
-
->[!IMPORTANT]
->When you set up HoloLens to use the Device Portal, you must enable **Developer Mode** on the device. **Developer Mode** on a device that has been upgraded to Windows Holographic for Business enables side-loading of apps, which risks the installation of apps that have not been certified by the Microsoft Store. Administrators can block the ability to enable **Developer Mode** using the **ApplicationManagement/AllowDeveloper Unlock** setting in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). [Learn more about Developer Mode.](https://msdn.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
-
-1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
-
-2. On a PC, connect to the HoloLens using [Wi-Fi](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_wi-fi) or [USB](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#connecting_over_usb).
-
-3. [Create a user name and password](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#creating_a_username_and_password) if this is the first time you connect to the Windows Device Portal, or enter the user name and password that you previously set up.
-
- >[!TIP]
- >If you see a certificate error in the browser, follow [these troubleshooting steps](https://developer.microsoft.com/windows/mixed-reality/Using_the_Windows_Device_Portal.html#security_certificate).
-
-4. In the Windows Device Portal, click **Apps**.
-
- 
-
-5. In **Install app**, select an **app package** from a folder on your computer or network. If the app package requires additional software, such as dependency frameworks, select **I want to specify framework packages**.
-
-6. In **Deploy**, click **Go** to deploy the app package and added dependencies to the connected HoloLens.
-
-
-
-
-
-
diff --git a/devices/hololens/hololens-install-localized.md b/devices/hololens/hololens-install-localized.md
deleted file mode 100644
index e3729388c3..0000000000
--- a/devices/hololens/hololens-install-localized.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Install localized versions of HoloLens (HoloLens)
-description: Learn how to install the Chinese or Japanese versions of HoloLens
-ms.prod: hololens
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 11/13/2018
----
-
-# Install localized versions of HoloLens
-
-In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens using the Windows Device Recovery Tool (WDRT).
-
->[!IMPORTANT]
->Installing the Chinese or Japanese builds of HoloLens using WDRT will delete existing data, like personal files and settings, from your HoloLens.
-
-
-2. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
-3. Download the package for the language you want to your PC: [Simplified Chinese](https://aka.ms/hololensdownload-ch) or [Japanese](https://aka.ms/hololensdownload-jp).
-4. When the download is finished, select **File Explorer > Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all... > Extract** to unzip it.
-5. Connect your HoloLens to your PC using the micro-USB cable it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
-6. The tool will automatically detect your HoloLens. Select the Microsoft HoloLens tile.
-7. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the extension “.ffu”.)
-8. Select **Install software** and follow the instructions to finish installing.
-9. Once the build is installed, HoloLens setup will start automatically. Put on the device and follow the setup directions.
-
-When you’re done with setup, go to **Settings -> Update & Security -> Windows Insider Program** and check that you’re configured to receive the latest preview builds. The Chinese/Japanese version of HoloLens will be kept up-to-date with the latest preview builds via the Windows Insider Program the same way the English version is.
-
-## Note for language support
-
-- You can’t change the system language between English, Japanese, and Chinese using the Settings app. Flashing a new build is the only supported way to change the device system language.
-- While you can enter Simplified Chinese / Japanese text using the on-screen Pinyin keyboard, typing in Simplified Chinese / Japanese using a Bluetooth hardware keyboard is not supported at this time. However, on Chinese/Japanese HoloLens, you can continue to use a BT keyboard to type in English (the ~ key on a hardware keyboard toggles the keyboard to type in English).
diff --git a/devices/hololens/hololens-kiosk.md b/devices/hololens/hololens-kiosk.md
index c888927596..d0dbb126b7 100644
--- a/devices/hololens/hololens-kiosk.md
+++ b/devices/hololens/hololens-kiosk.md
@@ -3,22 +3,24 @@ title: Set up HoloLens in kiosk mode (HoloLens)
description: Use a kiosk configuration to lock down the apps on HoloLens.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/13/2018
+ms.reviewer:
+manager: dansimp
---
# Set up HoloLens in kiosk mode
-In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#guest)
+In Windows 10, version 1803, you can configure your HoloLens devices to run as multi-app or single-app kiosks. You can also configure guest access for a HoloLens kiosk device by [designating a SpecialGroup account in your XML file.](#add-guest-access-to-the-kiosk-configuration-optional)
When HoloLens is configured as a multi-app kiosk, only the allowed apps are available to the user. The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access.
-Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the bloom gesture and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
+Single-app kiosk mode starts the specified app when the user signs in, and restricts the user's ability to launch new apps or change the running app. When single-app kiosk mode is enabled for HoloLens, the [start gestures](https://docs.microsoft.com/hololens/hololens2-basic-usage#start-gesture) (including [Bloom](https://docs.microsoft.com/hololens/hololens1-basic-usage) on HoloLens (1st Gen)) and Cortana are disabled, and placed apps aren't shown in the user's surroundings.
The following table lists the device capabilities in the different kiosk modes.
@@ -38,24 +40,22 @@ The [AssignedAccess Configuration Service Provider (CSP)](https://docs.microsoft
>Be aware that voice commands are enabled for kiosk mode configured in Microsoft Intune or provisioning packages, even if the Cortana app is not selected as a kiosk app.
For HoloLens devices running Windows 10, version 1803, there are three methods that you can use to configure the device as a kiosk:
-- You can use [Microsoft Intune or other mobile device management (MDM) service](#intune-kiosk) to configure single-app and multi-app kiosks.
-- You can [use a provisioning package](#ppkg-kiosk) to configure single-app and multi-app kiosks.
-- You can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
+- You can use [Microsoft Intune or other mobile device management (MDM) service](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803) to configure single-app and multi-app kiosks.
+- You can [use a provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure single-app and multi-app kiosks.
+- You can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks. This method is recommended only for demonstrations, as it requires that developer mode be enabled on the device.
-For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#portal-kiosk) to configure single-app kiosks.
+For HoloLens devices running Windows 10, version 1607, you can [use the Windows Device Portal](#set-up-kiosk-mode-using-the-windows-device-portal-windows-10-version-1607-and-version-1803) to configure single-app kiosks.
-
-## Start layout for HoloLens
+## Start layout for HoloLens
-If you use [MDM, Microsoft Intune](#intune-kiosk), or a [provisioning package](#ppkg-kiosk) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
+If you use [MDM, Microsoft Intune](#set-up-kiosk-mode-using-microsoft-intune-or-mdm-windows-10-version-1803), or a [provisioning package](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to configure a multi-app kiosk, the procedure requires a Start layout. Start layout customization isn't supported in Holographic for Business, so you'll need to use a placeholder Start layout.
>[!NOTE]
>Because a single-app kiosk launches the kiosk app when a user signs in, there is no Start screen displayed.
-
### Start layout file for MDM (Intune and others)
-Save the following sample as an XML file. You will select this file when you configure the kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
+Save the following sample as an XML file. You can use this file when you configure the multi-app kiosk in Microsoft Intune (or in another MDM service that provides a kiosk profile).
>[!NOTE]
>If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, use the [Start layout instructions for a provisioning package](#start-layout-for-a-provisioning-package).
@@ -78,7 +78,7 @@ Save the following sample as an XML file. You will select this file when you con
### Start layout for a provisioning package
-You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
+You will [create an XML file](#setup-kiosk-mode-using-a-provisioning-package-windows-10-version-1803) to define the kiosk configuration to be included in a provisioning package. Use the following sample in the `StartLayout` section of your XML file.
```xml
@@ -98,34 +98,28 @@ You will [create an XML file](#ppkg-kiosk) to define the kiosk configuration to
]]>
-```
+```
-
## Set up kiosk mode using Microsoft Intune or MDM (Windows 10, version 1803)
For HoloLens devices that are managed by Microsoft Intune, you [create a device profile](https://docs.microsoft.com/intune/device-profile-create) and configure the [Kiosk settings](https://docs.microsoft.com/intune/kiosk-settings).
-For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
+For other MDM services, check your provider's documentation for instructions. If you need to use a custom setting and full XML configuration to set up a kiosk in your MDM service, [create an XML file that defines the kiosk configuration](#create-a-kiosk-configuration-xml-file), and make sure to include the [Start layout](#start-layout-for-a-provisioning-package) in the XML file.
-
-
-
## Setup kiosk mode using a provisioning package (Windows 10, version 1803)
Process:
-1. [Create an XML file that defines the kiosk configuration.](#create-xml-file)
-2. [Add the XML file to a provisioning package.](#add-xml)
-3. [Apply the provisioning package to HoloLens.](#apply-ppkg)
+1. [Create an XML file that defines the kiosk configuration.](#create-a-kiosk-configuration-xml-file)
+2. [Add the XML file to a provisioning package.](#add-the-kiosk-configuration-xml-file-to-a-provisioning-package)
+3. [Apply the provisioning package to HoloLens.](#apply-the-provisioning-package-to-hololens)
-
### Create a kiosk configuration XML file
Follow [the instructions for creating a kiosk configuration XML file for desktop](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configure-a-kiosk-using-a-provisioning-package), with the following exceptions:
- Do not include Classic Windows applications (Win32) since they aren't supported on HoloLens.
-- Use the [placeholder Start XML](#start-kiosk) for HoloLens.
+- Use the [placeholder Start XML](#start-layout-for-hololens) for HoloLens.
-
#### Add guest access to the kiosk configuration (optional)
In the [Configs section of the XML file](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps#configs), you can configure a special group named **Visitor** to allow guests to use the kiosk. When the kiosk is configured with the **Visitor** special group, a "**Guest**" option is added to the sign-in page. The **Guest** account does not require a password, and any data associated with the account is deleted when the account signs out.
@@ -141,8 +135,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
```
-
-
### Add the kiosk configuration XML file to a provisioning package
1. Open [Windows Configuration Designer](https://www.microsoft.com/store/apps/9nblggh4tx22).
@@ -153,27 +145,25 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
6. Expand **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
7. In the center pane, click **Browse** to locate and select the kiosk configuration XML file that you created.
- 
+ 
8. (**Optional**: If you want to apply the provisioning package after device initial setup and there is an admin user already available on the kiosk device, skip this step.) Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
-8. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
-8. On the **File** menu, select **Save.**
-9. On the **Export** menu, select **Provisioning package**.
-10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+9. (**Optional**: If you already have a non-admin account on the kiosk device, skip this step.) Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
+10. On the **File** menu, select **Save.**
+11. On the **Export** menu, select **Provisioning package**.
+12. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-11. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
+13. On the **Provisioning package security** page, do not select **Enable package encryption** or provisioning will fail on HoloLens. You can choose to enable package signing.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
-12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
+14. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Configuration Designer uses the project folder as the output location. Optionally, you can click **Browse** to change the default output location.
-13. Click **Next**.
+15. Click **Next**.
-14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+16. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
-
-
### Apply the provisioning package to HoloLens
1. Connect HoloLens via USB to a PC and start the device, but do not continue past the **Fit** page of OOBE (the first page with the blue box).
@@ -189,7 +179,6 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with OOBE.
-
## Set up kiosk mode using the Windows Device Portal (Windows 10, version 1607 and version 1803)
1. [Set up the HoloLens to use the Windows Device Portal](https://developer.microsoft.com/windows/mixed-reality/using_the_windows_device_portal#setting_up_hololens_to_use_windows_device_portal). The Device Portal is a web server on your HoloLens that you can connect to from a web browser on your PC.
@@ -209,7 +198,7 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
>[!NOTE]
- >The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+ >The kiosk mode option will be available if the device is [enrolled in device management](hololens-enroll-mdm.md) and has a [license to upgrade to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
5. Select **Enable Kiosk Mode**, choose an app to run when the device starts, and click **Save**.
@@ -226,4 +215,4 @@ Use the following snippet in your kiosk configuration XML to enable the **Guest*
Watch how to configure a kiosk in a provisioning package.
->[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
\ No newline at end of file
+>[!VIDEO https://www.microsoft.com/videoplayer/embed/fa125d0f-77e4-4f64-b03e-d634a4926884?autoplay=false]
diff --git a/devices/hololens/hololens-known-issues.md b/devices/hololens/hololens-known-issues.md
new file mode 100644
index 0000000000..3cb3f43717
--- /dev/null
+++ b/devices/hololens/hololens-known-issues.md
@@ -0,0 +1,160 @@
+---
+title: HoloLens known issues
+description: This is the list of known issues that may affect HoloLens developers.
+keywords: troubleshoot, known issue, help
+author: mattzmsft
+ms.author: mazeller
+ms.date: 8/30/2019
+ms.topic: article
+HoloLens and holograms: Frequently asked questions
+manager: jarrettr
+ms.prod: hololens
+appliesto:
+- HoloLens 1
+---
+
+# HoloLens known issues
+
+This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
+
+## Unable to connect and deploy to HoloLens through Visual Studio
+
+>[!NOTE]
+>Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+
+Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
+
+Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail. This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \ due to error 80004005.
+
+### Workaround
+
+Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging:
+
+1. Open Visual Studio
+1. Select **File** > **New** > **Project**.
+1. Select **Visual C#** > **Windows Desktop** > **Console App (.NET Framework)**.
+1. Give the project a name (such as "HoloLensDeploymentFix") and make sure the Framework is set to at least .NET Framework 4.5, then Select **OK**.
+1. Right-click on the **References** node in Solution Explorer and add the following references (select to the **Browse** section and select **Browse**):
+
+ ``` CMD
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Deploy.dll
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\Microsoft.Tools.Connectivity.dll
+ C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\SirepInterop.dll
+ ```
+
+ >[!NOTE]
+ >If you don't have 10.0.18362.0 installed, use the most recent version that you have.
+
+1. Right-click on the project in Solution Explorer and select **Add** > **Existing Item**.
+1. Browse to C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86 and change the filter to **All Files (\*.\*)**.
+1. Select both SirepClient.dll and SshClient.dll, and Select **Add**.
+1. Locate and select both files in Solution Explorer (they should be at the bottom of the list of files) and change **Copy to Output Directory** in the **Properties** window to **Copy always**.
+1. At the top of the file, add the following to the existing list of `using` statements:
+
+ ``` CMD
+ using Microsoft.Tools.Deploy;
+ using System.Net;
+ ```
+
+1. Inside of `static void Main(...)`, add the following code:
+
+ ``` PowerShell
+ RemoteDeployClient client = RemoteDeployClient.CreateRemoteDeployClient();
+ client.Connect(new ConnectionOptions()
+ {
+ Credentials = new NetworkCredential("DevToolsUser", string.Empty),
+ IPAddress = IPAddress.Parse(args[0])
+ });
+ client.RemoteDevice.DeleteFile(@"C:\Data\Users\DefaultAccount\AppData\Local\DevelopmentFiles\VSRemoteTools\x86\CoreCLR\mscorlib.ni.dll");
+ ```
+
+1. Select **Build** > **Build Solution**.
+1. Open a Command Prompt Window and cd to the folder that contains the compiled .exe file (for example, C:\MyProjects\HoloLensDeploymentFix\bin\Debug)
+1. Run the executable and provide the device's IP address as a command-line argument. (If connected using USB, you can use 127.0.0.1, otherwise use the device’s Wi-Fi IP address.) For example, "HoloLensDeploymentFix 127.0.0.1"
+
+1. After the tool has exited without any messages (this should only take a few seconds), you will now be able to deploy and debug from Visual Studio 2017 or newer. Continued use of the tool is not necessary.
+
+We will provide further updates as they become available.
+
+## Issues launching the Microsoft Store and apps on HoloLens
+
+> [!NOTE]
+> Last Update: 4/2 @ 10 AM - Issue resolved.
+
+You may experience issues when trying to launch the Microsoft Store and apps on HoloLens. We've determined that the issue occurs when background app updates deploy a newer version of framework packages in specific sequences while one or more of their dependent apps are still running. In this case, an automatic app update delivered a new version of the .NET Native Framework (version 10.0.25531 to 10.0.27413) caused the apps that are running to not correctly update for all running apps consuming the prior version of the framework. The flow for framework update is as follows:
+
+1. The new framework package is downloaded from the store and installed
+1. All apps using the older framework are ‘updated’ to use the newer version
+
+If step 2 is interrupted before completion then any apps for which the newer framework wasn’t registered will fail to launch from the start menu. We believe any app on HoloLens could be affected by this issue.
+
+Some users have reported that closing hung apps and launching other apps such as Feedback Hub, 3D Viewer or Photos resolves the issue for them—however, this does not work 100% of the time.
+
+We have root caused that this issue was not caused the update itself, but a bug in the OS that resulted in the .NET Native framework update being handled incorrectly. We are pleased to announce that we have identified a fix and have released an update (OS version 17763.380) containing the fix.
+
+To see if your device can take the update, please:
+
+1. Go to the Settings app and open **Update & Security**.
+1. Select **Check for Updates**.
+1. If update to 17763.380 is available, please update to this build to receive the fix for the App Hang bug
+1. Upon updating to this version of the OS, the Apps should work as expected.
+
+Additionally, as we do with every HoloLens OS release, we have posted the FFU image to the [Microsoft Download Center](https://aka.ms/hololensdownload/10.0.17763.380).
+
+If you would not like to take the update, we have released a new version of the Microsoft Store UWP app as of 3/29. After you have the updated version of the Store:
+
+1. Open the Store and confirm that it loads.
+1. Use the bloom gesture to open the menu.
+1. Attempt to open previously broken apps.
+1. If it still cannot be launched, tap and hold the icon of the broken app and select uninstall.
+1. Resinstall these apps from the store.
+
+If your device is still unable to load apps, you can sideload a version of the .NET Native Framework and Runtime through the download center by following these steps:
+
+1. Please download [this zip file](https://download.microsoft.com/download/8/5/C/85C23745-794C-419D-B8D7-115FBCCD6DA7/netfx_1.7.zip) from the Microsoft Download Center. Unzipping will produce two files. Microsoft.NET.Native.Runtime.1.7.appx and Microsoft.NET.Native.Framework.1.7.appx
+1. Please verify that your device is dev unlocked. If you haven’t done that before the instructions to do that are [here](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+1. You then want to get into the Windows Device Portal. Our recommendation is to do this over USB and you would do that by typing http://127.0.0.1:10080 into your browser.
+1. After you have the Windows Device Portal up we need you to “side load” the two files that you downloaded. To do that you need to go down the left side bar until you get to the **Apps** section and select **Apps**.
+1. You will then see a screen that is similar to the below. You want to go to the section that says **Install App** and browse to where you unzipped those two APPX files. You can only do one at a time, so after you select the first one, then click on “Go” under the Deploy section. Then do this for the second APPX file.
+
+ 
+1. At this point we believe your applications should start working again and that you can also get to the Store.
+1. In some cases, it is necessary run the additional step of launching the 3D Viewer app before affected apps will launch.
+
+We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
+
+## Device Update
+
+- 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
+
+## Visual Studio
+
+- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development.
+- When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed.
+
+## Emulator
+
+- Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
+- You cannot use the PC webcam in the Emulator.
+- The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
+
+## Unity
+
+- See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
+- Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
+
+## Windows Device Portal
+
+- The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
+- On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
+- After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
+
+## API
+
+- If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward).
+
+## Xbox Wireless Controller
+
+- Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens.
+- If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens.
+- If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it.
diff --git a/devices/hololens/hololens-licenses-requirements.md b/devices/hololens/hololens-licenses-requirements.md
new file mode 100644
index 0000000000..6d33228879
--- /dev/null
+++ b/devices/hololens/hololens-licenses-requirements.md
@@ -0,0 +1,50 @@
+---
+title: Licenses for Mixed Reality Deployment
+description:
+ms.prod: hololens
+ms.sitesec: library
+author: pawinfie
+ms.author: pawinfie
+audience: ITPro
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 1/23/2020
+ms.reviewer:
+manager: bradke
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Licenses Required for Mixed Reality Deployment
+
+If you plan on using a Mobile Device Management system (MDM) to manage your HoloLens, please review the MDM License Guidance section.
+
+## Mobile Device Management (MDM) Licenses Guidance
+
+If you plan on using an MDM other than Intune, an [Azure Active Directory Licenses](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis) is required.
+
+If you plan on using Intune as your MDM, you can acquire an [Enterprise Mobility + Security (EMS) suite (E3 or E5) licenses](https://www.microsoft.com/microsoft-365/enterprise-mobility-security/compare-plans-and-pricing). **Please note that Azure AD is included in both suites.**
+
+## Identify the licenses needed for your scenario and products
+
+### Remote Assist License Requirements
+Make sure you have the required licensing and device. Updated licensing and product requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/remote-assist/requirements).
+
+1. [Remote Assist License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
+1. [Teams Freemium/Teams](https://products.office.com/microsoft-teams/free)
+1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
+
+### Guides License Requirements
+Updated licensing and device requirements can be found [here](https://docs.microsoft.com/dynamics365/mixed-reality/guides/requirements).
+
+1. [Azure Active Directory (Azure AD) License](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis)
+1. [Power BI](https://powerbi.microsoft.com/desktop/)
+1. [Guides](https://docs.microsoft.com/dynamics365/mixed-reality/guides/setup)
+
+### Scenario 1: Kiosk Mode
+If you are not planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
+
+1. If you are **not** planning to use an MDM to manage your device and you are planning to use a local account or an MSA as the login identity, you will not need any additional licenses. Kiosk mode can be accomplished using a provisioning packages.
+1. If you are planning to use an MDM other than Intune, your MDM provider will have steps on configuring Kiosk mode.
+1. If you are planning to use **Intune** as your MDM, implementation directions can be found in [Configuring your Network for HoloLens]().
diff --git a/devices/hololens/hololens-multiple-users.md b/devices/hololens/hololens-multiple-users.md
index f5bbdf30af..4bd8b317ef 100644
--- a/devices/hololens/hololens-multiple-users.md
+++ b/devices/hololens/hololens-multiple-users.md
@@ -1,31 +1,53 @@
---
-title: Share HoloLens with multiple people (HoloLens)
-description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts.
+title: Share your HoloLens with multiple people
+description: You can configure HoloLens to be shared by multiple Azure Active Directory accounts, or by multiple users that use a single account.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 04/30/2018
+ms.date: 09/16/2019
+ms.reviewer:
+manager: dansimp
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
-# Share HoloLens with multiple people
+# Share your HoloLens with multiple people
+It's common to share one HoloLens with many people or to have many people share a set of HoloLens devices. This article describes the different ways in which you can share a device.
-A HoloLens device can be shared by multiple Azure Active Directory (Azure AD) accounts, each with their own user settings and user data on the device.
+## Share with multiple people, each using their own account
-**Prerequisite**: The HoloLens device must be running Windows 10, version 1803, and be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+**Prerequisite**: The HoloLens device must be running Windows 10, version 1803 or later. HoloLens (1st gen) also need to be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
-During setup, you must select **My work or school owns it** and sign in with an Azure AD account. After setup, ensure that **Other People** appears in **Settings** > **Accounts**.
+When they use their own Azure Active Directory (Azure AD) accounts, multiple users can each keep their own user settings and user data on the device.
-Other people can use the HoloLens device by signing in with their Azure AD account credentials. To switch users, press the power button once to go to standby and then press the power button again to return to the lock screen, or select the user tile on the upper right of the pins panel to sign out the current user.
+To make sure that multiple people can use their own accounts on your HoloLens, follow these steps to configure it:
->[!NOTE]
->Each subsequent user will need to perform [Calibration](https://developer.microsoft.com/windows/mixed-reality/calibration) in order to set their correct interpupillary distance (PD) for the device while signed in.
+1. Make sure the the device is running Windows 10, version 1803 or later.
+ > [!IMPORTANT]
+ > If you are using a HoloLens (1st gen) device, [upgrade the device to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
+1. When you set up the device, select **My work or school owns it** and sign in by using an Azure AD account.
+1. After you finish setup, make sure that the account settings (**Settings** > **Accounts**) includes **Other users**.
-To see users on the device or to remove a user from the device, go to **Settings** > **Accounts** > **Other users**.
-
+To use HoloLens, each user follows these steps:
-
+1. If another user has been using the device, do one of the following:
+ - Press the power button once to go to standby, and then press the power button again to return to the lock screen
+ - HoloLens 2 users may select the user tile on the top of the Pins panel to sign out the current user.
+1. Use your Azure AD account credentials to sign in to the device.
+ If this is the first time that you have used the device, you have to [calibrate](hololens-calibration.md) HoloLens to your own eyes.
+
+To see a list of the device users or to remove a user from the device, go to **Settings** > **Accounts** > **Other users**.
+
+## Share with multiple people, all using the same account
+
+Multiple users can also share a HoloLens device while using a single user account.
+
+**On HoloLens 2**, when a new user puts the device on their head for the first time (while keeping the same account signed in), the device prompts the new user to quickly calibrate and personalize the viewing experience. The device can store the calibration information so that in the future, the device can automatically optimize the quality and comfort of each user's viewing experience. The users do not need to calibrate the device again.
+
+**On HoloLens (1st gen)** users sharing an account will need to ask to recalibrate in the Settings app. Read more about [calibration](hololens-calibration.md).
diff --git a/devices/hololens/hololens-network.md b/devices/hololens/hololens-network.md
new file mode 100644
index 0000000000..19c9669559
--- /dev/null
+++ b/devices/hololens/hololens-network.md
@@ -0,0 +1,93 @@
+---
+title: Connect to a network
+description: Instructions on how to connect to internet with HoloLens and how to identify the device's IP address.
+ms.assetid: 0895606e-96c0-491e-8b1c-52e56b00365d
+author: mattzmsft
+ms.author: mazeller
+keywords: HoloLens, wifi, wireless, internet, ip, ip address
+ms.date: 08/30/19
+ms.prod: hololens
+ms.sitesec: library
+ms.localizationpriority: high
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Connect to a network
+
+To do most things on your HoloLens, you have to be connected to a network. This guide will help you:
+
+- Connect to a network using Wi-Fi or (for HoloLens 2 only) Ethernet over USB-C
+- Disable and re-enable Wi-Fi
+
+Read more about [using HoloLens offline](hololens-offline.md).
+
+## Connecting for the first time
+
+The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. If you have trouble connecting to Wi-Fi during setup, make sure that your network is either an open, password-protected network or a captive portal network. Make sure that the network doesn't require you to use a certificate to connect. After setup, you can connect to other types of Wi-Fi networks.
+
+## Connecting to Wi-Fi after setup
+
+1. Select **Start** > **Settings**.
+ - *HoloLens (1st gen) only*: Use your gaze to position the Settings app, then air tap to place it, or say "Place."
+1. Select **Network & Internet** > **Wi-Fi**. If you don't see your network, scroll down the list.
+1. Select a network, then select **Connect**.
+1. If you are prompted for a network password type it and then select **Next**.
+
+## Connecting to Wi-Fi on HoloLens (1st gen)
+
+HoloLens contains a 802.11ac-capable, 2x2 Wi-Fi radio. Connecting HoloLens to a Wi-Fi network is similar to connecting a Windows 10 Desktop or Mobile device to a Wi-Fi network.
+
+
+
+1. Open the **Start** menu.
+1. Select the Settings app from **Start** or from the **All Apps** list on the right of the **Start** menu. The Settings app will be auto-placed in front of you.
+1. Select **Network & Internet**.
+1. Make sure Wi-Fi is turned on.
+1. Select a Wi-Fi network from the list.
+1. If needed, type in the Wi-Fi network password.
+
+You can also confirm you are connected to a Wi-Fi network by checking the Wi-Fi status in the **Start** menu:
+
+1. Open the **Start** menu.
+1. Look at the top left of the **Start** menu for Wi-Fi status. The state of Wi-Fi and the SSID of the connected network will be shown.
+
+## Disabling Wi-Fi on HoloLens (1st gen)
+
+### Using the Settings app on HoloLens
+
+1. Open the **Start** menu.
+1. Select the **Settings** app from **Start** or from the **All Apps** list on the right of the **Start** menu. The **Settings** app will be auto-placed in front of you.
+1. Select **Network & Internet**.
+1. Select the Wi-Fi slider switch to move it to the **Off** position. This will turn off the RF components of the Wi-Fi radio and disable all Wi-Fi functionality on HoloLens.
+
+ > [!WARNING]
+ > When the Wi-Fi radio is disabled, HoloLens will not be able to automatically load your [spaces](hololens-spaces.md).
+
+1. Move the slider switch to the **On** position to turn on the Wi-Fi radio and restore Wi-Fi functionality on Microsoft HoloLens. The selected Wi-Fi radio state (**On** or **Off**) will persist across reboots.
+
+## Identifying the IP Address of your HoloLens on the Wi-Fi network
+
+### By using the Settings app
+
+1. Open the **Start** menu.
+1. Select the **Settings** app from **Start** or from the **All Apps** list on the right of the **Start** menu. The **Settings** app will be auto-placed in front of you.
+1. Select **Network & Internet**.
+1. Scroll down to beneath the list of available Wi-Fi networks and select **Hardware properties**.
+
+ 
+
+ The IP address appears next to **IPv4 address**.
+
+### By using Cortana
+
+Say "Hey Cortana, What's my IP address?" and Cortana will display and read out your IP address.
+
+### By using Windows Device Portal
+
+1. In a web browser on your PC, open the [device portal](/windows/mixed-reality/using-the-windows-device-portal.md#networking).
+1. Navigate to the **Networking** section.
+ This section displays your IP address and other network information. By using this method, you can copy and paste of the IP address on your development PC.
diff --git a/devices/hololens/hololens-offline.md b/devices/hololens/hololens-offline.md
new file mode 100644
index 0000000000..e3b11960b1
--- /dev/null
+++ b/devices/hololens/hololens-offline.md
@@ -0,0 +1,160 @@
+---
+title: Manage connection endpoints for HoloLens
+description: To set up HoloLens, you'll need to connect to a Wi-Fi network
+keywords: hololens, offline, OOBE
+audience: ITPro
+ms.date: 07/01/2019
+ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
+author: v-miegge
+ms.author: v-miegge
+manager: v-miegge
+ms.topic: article
+ms.prod: hololens
+ms.sitesec: library
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Manage connection endpoints for HoloLens
+
+Some HoloLens components, apps, and related services transfer data to Microsoft network endpoints. This article lists different endpoints and URLs that need to be whitelisted in your network configuratiion (e.g. proxy or firewall) for those components to be functional.
+
+## Near-offline setup
+
+HoloLens supports a limited set of offline experiences for customers who have network environment restrictions. However, HoloLens needs network connection to go through initial device set up and the following URLs have to be enabled:
+
+| Purpose | URL |
+|------|------|
+| IDPS | https://sdx.microsoft.com/frx/idps |
+| [NCSI](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-ncsi) | http://www.msftconnecttest.com/connecttest.txt |
+| AADv9 | https://login.microsoftonline.com/WebApp/CloudDomainJoin/9 |
+| AADv10 | https://login.microsoftonline.com/WebApp/CloudDomainJoin/10 |
+| AAD Pin | https://account.live.com/aadngc?uiflavor=win10&showSuccess=1 |
+| MSA | https://login.live.com/ppsecure/inlineconnect.srf?id=80600 |
+| MSA Pin | https://account.live.com/msangc?fl=enroll |
+
+## Endpoint configuration
+
+In addition to the list above, to take full advantage of HoloLens functionality, the following endpoints need to be enabled in your network configuration.
+
+
+| Purpose | URL |
+|------|------|
+| Azure | wd-prod-fe.cloudapp.azure.com | | |
+| | ris-prod-atm.trafficmanager.net | | | |
+| | validation-v2.sls.trafficmanager.net | | | |
+| Azure AD Multi-Factor Authentication | https://secure.aadcdn.microsoftonline-p.com | | | |
+| Intune and MDM Configurations | activation-v2.sls.microsoft.com/* | | | |
+| | cdn.onenote.net | | | |
+| | client.wns.windows.com | | | |
+| | crl.microsoft.com/pki/crl/* | | | |
+| | ctldl.windowsupdate.com | | | |
+| | *displaycatalog.mp.microsoft.com | | | |
+| | dm3p.wns.windows.com | | | |
+| | *microsoft.com/pkiops/* | | | |
+| | ocsp.digicert.com/* | | | |
+| | r.manage.microsoft.com | | | |
+| | tile-service.weather.microsoft.com | | | |
+| | settings-win.data.microsoft.com | | | |
+| Certificates | activation-v2.sls.microsoft.com/* | | | |
+| | crl.microsoft.com/pki/crl/* | | | |
+| | ocsp.digicert.com/* | | | |
+| | https://www.microsoft.com/pkiops/* | | | |
+| Cortana and Search | store-images.*microsoft.com | | | |
+| | www.bing.com/client | | | |
+| | www.bing.com | | | |
+| | www.bing.com/proactive | | | |
+| | www.bing.com/threshold/xls.aspx | | | |
+| | exo-ring.msedge.net | | | |
+| | fp.msedge.net | | | |
+| | fp-vp.azureedge.net | | | |
+| | odinvzc.azureedge.net | | | |
+| | spo-ring.msedge.net | | | |
+| Device Authentication | login.live.com* | | | |
+| Device metadata | dmd.metaservices.microsoft.com | | | |
+| Location | inference.location.live.net | | | |
+| | location-inference-westus.cloudapp.net | | | |
+| Diagnostic Data | v10.events.data.microsoft.com | | | |
+| | v10.vortex-win.data.microsoft.com/collect/v1 | | | |
+| | https://www.microsoft.com | | | |
+| | co4.telecommand.telemetry.microsoft.com | | | |
+| | cs11.wpc.v0cdn.net | | | |
+| | cs1137.wpc.gammacdn.net | | | |
+| | modern.watson.data.microsoft.com* | | | |
+| | watson.telemetry.microsoft.com | | | |
+| Licensing | licensing.mp.microsoft.com | | | |
+| Microsoft Account | login.msa.akadns6.net | | | |
+| | us.configsvc1.live.com.akadns.net | | | |
+| Microsoft Edge | iecvlist.microsoft.com | | | |
+| Microsoft forward link redirection service (FWLink) | go.microsoft.com | | | |
+| Microsoft Store | *.wns.windows.com | | | |
+| | storecatalogrevocation.storequality.microsoft.com | | | |
+| | img-prod-cms-rt-microsoft-com* | | | |
+| | store-images.microsoft.com | | | |
+| | .md.mp.microsoft.com | | |
+| | *displaycatalog.mp.microsoft.com | | | |
+| | pti.store.microsoft.com | | | |
+| | storeedgefd.dsx.mp.microsoft.com | | | |
+| | markets.books.microsoft.com | | | |
+| | share.microsoft.com | | | |
+| Network Connection Status Indicator (NCSI) | www.msftconnecttest.com* | | | |
+| Office | *.c-msedge.net | | | |
+| | *.e-msedge.net | | | |
+| | *.s-msedge.net | | | |
+| | nexusrules.officeapps.live.com | | | |
+| | ocos-office365-s2s.msedge.net | | | |
+| | officeclient.microsoft.com | | | |
+| | outlook.office365.com | | | |
+| | client-office365-tas.msedge.net | | | |
+| | https://www.office.com | | | |
+| | onecollector.cloudapp.aria | | | |
+| | v10.events.data.microsoft.com/onecollector/1.0/ | | | |
+| | self.events.data.microsoft.com | | | |
+| | to-do.microsoft.com | | | |
+| OneDrive | g.live.com/1rewlive5skydrive/* | | | |
+| | msagfx.live.com | | | |
+| | oneclient.sfx.ms | | | |
+| Photos App | evoke-windowsservices-tas.msedge.net | | | |
+| Settings | cy2.settings.data.microsoft.com.akadns.net | | | |
+| | settings.data.microsoft.com | | | |
+| | settings-win.data.microsoft.com | | | |
+| Windows Defender | wdcp.microsoft.com | | | |
+| | definitionupdates.microsoft.com | | | |
+| | go.microsoft.com | | | |
+| | *smartscreen.microsoft.com | | | |
+| | smartscreen-sn3p.smartscreen.microsoft.com | | | |
+| | unitedstates.smartscreen-prod.microsoft.com | | | |
+| Windows Spotlight | *.search.msn.com | | | |
+| | arc.msn.com | | | |
+| | g.msn.com* | | | |
+| | query.prod.cms.rt.microsoft.com | | | |
+| | ris.api.iris.microsoft.com | | | |
+| Windows Update | *.prod.do.dsp.mp.microsoft.com | | | |
+| | cs9.wac.phicdn.net | | | |
+| | emdl.ws.microsoft.com | | | |
+| | *.dl.delivery.mp.microsoft.com | | | |
+| | *.windowsupdate.com | | | |
+| | *.delivery.mp.microsoft.com | | | |
+| | *.update.microsoft.com | | | |
+
+
+
+## References
+
+> [!NOTE]
+> If you are deploying D365 Remote Assist, you will have to enable the endpoints on this [list](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams)
+- [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization)
+- [Manage connection endpoints for Windows 10 Enterprise, version 1903](https://docs.microsoft.com/windows/privacy/manage-windows-1903-endpoints)
+- [Manage connections from Windows 10 operating system components to Microsoft services](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm)
+- [Intune network configuration requirements and bandwidth](https://docs.microsoft.com/intune/fundamentals/network-bandwidth-use#network-communication-requirements)
+- [Network endpoints for Microsoft Intune](https://docs.microsoft.com/intune/fundamentals/intune-endpoints)
+- [Office 365 URLs and IP address ranges](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges)
+- [Prerequisites for Azure AD Connect](https://docs.microsoft.com/azure/active-directory/hybrid/how-to-connect-install-prerequisites)
+
+
+## HoloLens limitations
+
+After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections will have limited capabilities when you use HoloLens offline.
diff --git a/devices/hololens/hololens-provisioning.md b/devices/hololens/hololens-provisioning.md
index 3e488d4a85..b22a4ef671 100644
--- a/devices/hololens/hololens-provisioning.md
+++ b/devices/hololens/hololens-provisioning.md
@@ -3,11 +3,13 @@ title: Configure HoloLens using a provisioning package (HoloLens)
description: Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/13/2018
+ms.reviewer:
+manager: dansimp
---
# Configure HoloLens using a provisioning package
@@ -34,7 +36,7 @@ The HoloLens wizard helps you configure the following settings in a provisioning
- Upgrade to the enterprise edition
>[!NOTE]
- >Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+ >Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
- Configure the HoloLens first experience (OOBE)
- Configure Wi-Fi network
@@ -59,7 +61,7 @@ Use the Windows Configuration Designer tool to create a provisioning package.
2. Click **Provision HoloLens devices**.
- 
+ 
3. Name your project and click **Finish**.
@@ -72,12 +74,12 @@ Use the Windows Configuration Designer tool to create a provisioning package.
-
Browse to and select the enterprise license file to upgrade the HoloLens edition.You can also toggle **Yes** or **No** to hide parts of the first experience.To set up the device without the need to connect to a Wi-Fi network, toggle **Skip Wi-Fi setup** to **On**.Select a region and timezone in which the device will be used.
-
 In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select **On**, enter the SSID, the network type (**Open** or **WPA2-Personal**), and (if **WPA2-Personal**) the password for the wireless network.
-
 You can enroll the device in Azure Active Directory, or create a local account on the deviceBefore you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions. To create a local account, select that option and enter a user name and password. **Important:** (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.
-
 To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.
-
 Toggle **Yes** or **No** to enable Developer Mode on the HoloLens. [Learn more about Developer Mode.](https://docs.microsoft.com/windows/uwp/get-started/enable-your-device-for-development#developer-mode)
 Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.
+
Browse to and select the enterprise license file to upgrade the HoloLens edition.You can also toggle Yes or No to hide parts of the first experience.To set up the device without the need to connect to a Wi-Fi network, toggle Skip Wi-Fi setup to On.Select a region and timezone in which the device will be used.
+
In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.
+
You can enroll the device in Azure Active Directory, or create a local account on the deviceBefore you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions. To create a local account, select that option and enter a user name and password. Important: (For Windows 10, version 1607 only) If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.
+
To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.
Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
@@ -88,7 +90,7 @@ After you're done, click **Create**. It only takes a few seconds. When the packa
## Create a provisioning package for HoloLens using advanced provisioning
>[!NOTE]
->Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md).
+>Settings in a provisioning package will only be applied if the provisioning package includes an edition upgrade license to Windows Holographic for Business or if [the device has already been upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md).
1. On the Windows Configuration Designer start page, select **Advanced provisioning**.
2. In the **Enter project details** window, specify a name for your project and the location for your project. Optionally, enter a brief description to describe your project.
@@ -184,7 +186,7 @@ In Windows Configuration Designer, when you create a provisioning package for Wi
| --- | --- |
| **Certificates** | Deploy a certificate to HoloLens. |
| **ConnectivityProfiles** | Deploy a Wi-Fi profile to HoloLens. |
-| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens-upgrade-enterprise.md) |
+| **EditionUpgrade** | [Upgrade to Windows Holographic for Business.](hololens1-upgrade-enterprise.md) |
| **Policies** | Allow or prevent developer mode on HoloLens. [Policies supported by Windows Holographic for Business](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#hololenspolicies) |
>[!NOTE]
diff --git a/devices/hololens/hololens-recovery.md b/devices/hololens/hololens-recovery.md
new file mode 100644
index 0000000000..b2e0d48bc7
--- /dev/null
+++ b/devices/hololens/hololens-recovery.md
@@ -0,0 +1,131 @@
+---
+title: Reset or recover your HoloLens
+ms.reviewer: Both basic and advanced instructions for rebooting or resetting your HoloLens.
+description: How to use Advanced Recovery Companion to flash an image to HoloLens 2.
+keywords: how-to, reboot, reset, recover, hard reset, soft reset, power cycle, HoloLens, shut down, arc, advanced recovery companion
+ms.prod: hololens
+ms.sitesec: library
+author: mattzmsft
+ms.author: mazeller
+ms.date: 08/30/2019
+ms.topic: article
+ms.localizationpriority: high
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Restart, reset, or recover HoloLens
+
+If you’re experiencing problems with your HoloLens you may want to try a restart, reset, or even re-flash with device recovery.
+
+Here are some things to try if your HoloLens isn’t running well. This article will guide you through the recommended recovery steps in succession.
+
+This article focuses on the HoloLens device and software, if your holograms don't look right, [this article](hololens-environment-considerations.md) talks about environmental factors that improve hologram quality.
+
+## Restart your HoloLens
+
+First, try restarting the device.
+
+### Perform a safe restart by using Cortana
+
+The safest way to restart the HoloLens is by using Cortana. This is generally a great first-step when experiencing an issue with HoloLens:
+
+1. Put on your device
+1. Make sure it’s powered on, a user is logged in, and the device is not waiting for a password to unlock it.
+1. Say “Hey Cortana, reboot” or "Hey Cortana, restart."
+1. When she acknowledges she will ask you for confirmation. Wait a second for a sound to play after she has finished her question, indicating she is listening to you and then say “Yes.”
+1. The device will now restart.
+
+### Perform a safe restart by using the power button
+
+If you still can't restart your device, you can try to restart it by using the power button:
+
+1. Press and hold the power button for five seconds.
+ 1. After one second, you will see all five LEDs illuminate, then slowly turn off from right to left.
+ 1. After five seconds, all LEDs will be off, indicating the shutdown command was issued successfully.
+ 1. Note that it’s important to stop pressing the button immediately after all the LEDs have turned off.
+1. Wait one minute for the shutdown to cleanly succeed. Note that the shutdown may still be in progress even if the displays are turned off.
+1. Power on the device again by pressing and holding the power button for one second.
+
+### Perform a safe restart by using Windows Device Portal
+
+> [!NOTE]
+> To do this, HoloLens has to be configured as a developer device.
+> Read more about [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+
+If the previous procedure doesn't work, you can try to restart the device by using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). In the upper right corner, there is an option to restart or shut down the device.
+
+### Perform an unsafe forced restart
+
+If none of the previous methods are able to successfully restart your device, you can force a restart. This method is equivalent to pulling the battery from the HoloLens. It is a dangerous operation which may leave your device in a corrupt state. If that happens, you'll have to flash your HoloLens.
+
+> [!WARNING]
+> This is a potentially harmful method and should only be used in the event none of the above methods work.
+
+1. Press and hold the power button for at least 10 seconds.
+
+ - It’s okay to hold the button for longer than 10 seconds.
+ - It’s safe to ignore any LED activity.
+1. Release the button and wait for two or three seconds.
+1. Power on the device again by pressing and holding the power button for one second.
+If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out and the screen stops displaying holograms. Wait 1 minute, then press the power button again to turn on the device.
+
+## Reset to factory settings
+
+>[!NOTE]
+>The battery needs at least 40 percent charge to reset.
+
+If your HoloLens is still experiencing issues after restarting, try resetting it to factory state. Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
+
+If you reset your device, all your personal data, apps, and settings will be erased. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth).
+
+1. Launch the Settings app, and then select **Update** > **Reset**.
+1. Select the **Reset device** option and read the confirmation message.
+1. If you agree to reset your device, the device will restart and display a set of spinning gears with a progress bar.
+1. Wait about 30 minutes for this process to complete.
+1. The reset will complete and the device will restart into the out-of-the-box experience.
+
+## Re-install the operating system
+
+If the device is still having a problem after rebooting and resetting, you can use a recovery tool on your computer to reinstall the HoloLens' operating system and firmware.
+
+HoloLens (1st gen) and HoloLens 2 use different tools but both tools will auto-detect your HoloLens and install new software.
+
+All of the data HoloLens needs to reset is packaged in a Full Flash Update (ffu). This is similar to an iso, wim, or vhd. [Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
+
+### HoloLens 2
+
+The Advanced Recovery Companion is a new app in Microsoft Store restore the operating system image to your HoloLens 2 device.
+
+1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store.
+2. Connect HoloLens 2 to your computer.
+3. Start Advanced Recovery Companion.
+4. On the **Welcome** page, select your device.
+5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.)
+6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
+
+>[!TIP]
+>In the event that a HoloLens 2 gets into a state where Advanced Recovery Companion cannot recognize the device, and it does not boot, try forcing the device into Flashing Mode and recovering it with Advanced Recovery Companion:
+
+1. Connect the HoloLens 2 to a PC with Advanced Recovery Companion installed.
+1. Press and hold the **Volume Up and Power buttons** until the device reboots. Release the Power button, but continue to hold the Volume Up button until the third LED is lit. It will the the only lit LED.
+ 1. The device should be visible in **Device Manager** as a **Microsoft HoloLens Recovery** device:
+1. Launch Advanced Recovery Companion, and follow the on-screen prompts to reflash the OS to the HoloLens 2.
+
+### HoloLens (1st gen)
+
+If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool.
+
+Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time. When you're done, the latest version of the Windows Holographic software approved for your HoloLens will be installed.
+
+To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space. Please note that you can’t run this tool on a virtual machine.
+
+To recover your HoloLens
+
+1. Download and install the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq) on your computer.
+1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the HoloLens (1st gen) isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens-release-notes.md b/devices/hololens/hololens-release-notes.md
new file mode 100644
index 0000000000..aaf200a4b0
--- /dev/null
+++ b/devices/hololens/hololens-release-notes.md
@@ -0,0 +1,108 @@
+---
+title: What's new in Microsoft HoloLens
+description: Learn about updates in each new HoloLens release.
+author: scooley
+ms.author: scooley
+manager: dansimp
+ms.prod: hololens
+ms.sitesec: library
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 12/02/2019
+audience: ITPro
+appliesto:
+- HoloLens 1
+- HoloLens 2
+
+---
+
+# HoloLens Release Notes
+
+## HoloLens 2
+> [!Note]
+> HoloLens Emulator Release Notes can be found [here](https://docs.microsoft.com/windows/mixed-reality/hololens-emulator-archive).
+
+### January Update - build 18362.1043
+
+- Stability improvements for exclusive apps when working with the HoloLens 2 emulator.
+
+### December Update - build 18362.1042
+
+- Introduces LSR (Last Stage Reproduction) fixes. Improves visual rendering of holograms to appear more stable and crisp by more accurately accounting for their depth. This will be more noticeable if apps do not set the depth of holograms correctly, after this update.
+- Fixes stability of exclusive apps and navigation between exclusive apps.
+- Resolves an issue where Mixed Reality Capture couldn't record video after device is left in standby state for multiple days.
+- Improves hologram stability.
+
+### November Update - build 18362.1039
+
+- Fixes for **"Select"** voice commands during initial set-up for en-CA and en-AU.
+- Improvements in visual quality of objects placed far away in latest Unity and MRTK versions.
+- Fixes addressing issues with holographic applications being stuck in a paused state on launch until the pins panel is brought up and dismissed again.
+- OpenXR runtime conformance fixes and improvements for HoloLens 2 and the emulator.
+
+## HoloLens (1st gen)
+
+### Windows 10 Holographic, version 1809
+
+> **Applies to:** Hololens (1st gen)
+
+| Feature | Details |
+|---|---|
+| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.
 |
+| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) |
+| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
+| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). |
+| **HoloLens overlays** (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
+| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. |
+| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. |
+| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
+| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
+
+#### For international customers
+
+| Feature | Details |
+| --- | --- |
+| Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands. [Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md) |
+| Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English. |
+
+#### For administrators
+
+| Feature | Details |
+|---|----|
+| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
+| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
+| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
+| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. **Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in. |
+| Read device hardware info through MDM so devices can be tracked by serial number | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+
+### Windows 10, version 1803 for Microsoft HoloLens
+
+> **Applies to:** Hololens (1st gen)
+
+Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
+
+- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
+
+- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
+- Provisioning a HoloLens device is now easier with the new **Provision HoloLens devices** wizard in the Windows Configuration Designer tool. In the wizard, you can configure the setup experience and network connections, set developer mode, and obtain bulk Azure AD tokens. [Learn how to use the simple provisioning wizard for HoloLens](hololens-provisioning.md#wizard).
+
+ 
+
+- When you create a local account in a provisioning package, the password no longer expires every 42 days.
+
+- You can [configure HoloLens as a single-app or multi-app kiosk](hololens-kiosk.md). Multi-app kiosk mode lets you set up a HoloLens to only run the apps that you specify, and prevents users from making changes.
+
+- Media Transfer Protocol (MTP) is enabled so that you can connect the HoloLens device to a PC by USB and transfer files between HoloLens and the PC. You can also use the File Explorer app to move and delete files from within HoloLens.
+
+- Previously, after you signed in to the device with an Azure Active Directory (Azure AD) account, you then had to **Add work access** in **Settings** to get access to corporate resources. Now, you sign in with an Azure AD account and enrollment happens automatically.
+
+- Before you sign in, you can choose the network icon below the password field to choose a different Wi-Fi network to connect to. You can also connect to a guest network, such as at a hotel, conference center, or business.
+
+- You can now easily [share HoloLens with multiple people](hololens-multiple-users.md) using Azure AD accounts.
+
+- When setup or sign-in fails, choose the new **Collect info** option to get diagnostic logs for troubleshooting.
+
+- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
+
+- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.
diff --git a/devices/hololens/hololens-requirements.md b/devices/hololens/hololens-requirements.md
index 402cb33a40..eb068d6e65 100644
--- a/devices/hololens/hololens-requirements.md
+++ b/devices/hololens/hololens-requirements.md
@@ -1,86 +1,145 @@
---
-title: HoloLens in the enterprise requirements and FAQ (HoloLens)
-description: Requirements and FAQ for general use, Wi-Fi, and device management for HoloLens in the enterprise.
+title: Set up HoloLens in a commercial environment
+description: Learn more about deploying and managing HoloLens in enterprise environments.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+ms.assetid: 88bf50aa-0bac-4142-afa4-20b37c013001
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 06/04/2018
+ms.date: 07/15/2019
---
-# Microsoft HoloLens in the enterprise: requirements and FAQ
+# Deploy HoloLens in a commercial environment
-When you develop for HoloLens, there are [system requirements and tools](https://developer.microsoft.com/windows/mixed-reality/install_the_tools) that you need. In an enterprise environment, there are also a few requirements to use and manage HoloLens which are listed below.
+You can deploy and configure HoloLens at scale in a commercial setting.
-## Requirements
+This article includes:
-### General use
-- Microsoft account or Azure Active Directory (Azure AD) account
-- Wi-Fi network to set up HoloLens
+- Infrastructure requirements and recommendations for HoloLens management
+- Tools for provisioning HoloLens
+- Instructions for remote device management
+- Options for application deployment
->[!NOTE]
->After you set up HoloLens, you can use it offline [with some limitations](https://support.microsoft.com/help/12645/hololens-use-hololens-offline).
+This guide assumes basic familiarity with HoloLens. Follow the [get started guide](hololens1-setup.md) to set up HoloLens for the first time.
+## Infrastructure for managing HoloLens
+
+HoloLens is, at its core, a Windows mobile device integrated with Azure. It works best in commercial environments with wireless network availability (wi-fi) and access to Microsoft services.
+
+Critical cloud services include:
+
+- Azure active directory (AAD)
+- Windows Update (WU)
+
+Commercial customers will need enterprise mobility management (EMM) or mobile device management (MDM) infrastructure to manage HoloLens devices at scale. This guide uses [Microsoft Intune](https://www.microsoft.com/enterprise-mobility-security/microsoft-intune) as an example, though any provider with full support for Microsoft Policy can support HoloLens. Ask your mobile device management provider if they support HoloLens 2.
+
+HoloLens does support a limited set of cloud disconnected experiences.
+
+## Initial set up at scale
+
+The HoloLens out of box experience is great for setting up one or two devices or for experiencing HoloLens for the first time. If you're provisioning many HoloLens devices, however, selecting your language and settings manually for each device gets tedious and limits scale.
+
+This section:
+
+- Introduces Windows provisioning using provisioning packages
+- Walks through applying a provisioning package during first setup
+
+### Create and apply a provisioning package
+
+The best way to configure many new HoloLens device is with Windows provisioning. You can use it to specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in minutes.
+
+A [provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-packages) (.ppkg) is a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device.
+
+### Upgrade to Windows Holographic for Business
+
+- HoloLens Enterprise license XML file
+
+Some of the HoloLens configurations you can apply in a provisioning package:
+
+- Apply certificates to the device
+- Set up a Wi-Fi connection
+- Pre-configure out of box questions like language and locale
+- (HoloLens 2) bulk enroll in mobile device management
+- (HoloLens v1) Apply key to enable Windows Holographic for Business
+
+Follow [this guide](https://docs.microsoft.com/hololens/hololens-provisioning) to create and apply a provisioning package to HoloLens.
+
+### Set up user identity and enroll in device management
+
+The last step in setting up HoloLens for management at scale is to enroll devices with mobile device management infrastructure. There are several ways to enroll:
+
+1. Bulk enrollment with a security token in a provisioning package.
+ Pros: this is the most automated approach
+ Cons: takes initial server-side setup
+1. Auto-enroll on user sign in.
+ Pros: easiest approach
+ Cons: users will need to complete set up after the provisioning package has been applied
+1. _not recommended_ - Manually enroll post-setup.
+ Pros: possible to enroll after set up
+ Cons: most manual approach and devices aren't centrally manageable until they're manually enrolled.
+
+Learn more about MDM enrollment [here](hololens-enroll-mdm.md).
+
+## Ongoing device management
+
+Ongoing device management will depend on your mobile device management infrastructure. Most have the same general functionality but the user interface may vary widely.
+
+This article outlines [policies and capabilities HoloLens supports](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#hololens).
+
+[This article](https://docs.microsoft.com/intune/windows-holographic-for-business) talks about Intune's management tools for HoloLens.
+
+### Push compliance policy via Intune
+
+[Compliance policies](https://docs.microsoft.com/intune/device-compliance-get-started) are rules and settings that devices must meet to be compliant in your corporate infrastructure. Use these policies with Conditional Access to block access to company resources for devices that are non-compliant.
+
+For example, you can create a policy that requires Bitlocker be enabled.
+
+[Create compliance policies with Intune](https://docs.microsoft.com/intune/compliance-policy-create-windows).
+
+### Manage updates
+
+Intune includes a feature called Update rings for Windows 10 devices, including HoloLens 2 and HoloLens v1 (with Holographic for Business). Update rings include a group of settings that determine how and when updates are installed.
+
+For example, you can create a maintenance window to install updates, or choose to restart after updates are installed. You can also choose to pause updates indefinitely until you're ready to update.
+
+Read more about [configuring update rings with Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure).
+
+## Application management
+
+Manage HoloLens applications through:
+
+1. Microsoft Store
+ The Microsoft Store is the best way to distribute and consume applications on HoloLens. There is a great set of core HoloLens applications already available in the store or you can [publish your own](https://docs.microsoft.com/windows/uwp/publish/).
+ All applications in the store are available publicly to everyone, but if it isn't acceptable, checkout the Microsoft Store for Business.
+
+1. [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/)
+ Microsoft Store for Business and Education is a custom store for your corporate environment. It lets you use the Microsoft Store built into Windows 10 and HoloLens to find, acquire, distribute, and manage apps for your organization. It also lets you deploy apps that are specific to your commercial environment but not to the world.
+
+1. Application deployment and management via Intune or another mobile device management solution
+ Most mobile device management solutions, including Intune, provide a way to deploy line of business applications directly to a set of enrolled devices. See this article for [Intune app install](https://docs.microsoft.com/intune/apps-deploy).
+
+1. _not recommended_ Device Portal
+ Applications can also be installed on HoloLens directly using the Windows Device Portal. This isn't recommended since Developer Mode has to be enabled to use the device portal.
+
+Read more about [installing apps on HoloLens](https://docs.microsoft.com/hololens/hololens-install-apps).
+
+## Get support
+
+Get support through the Microsoft support site.
+
+[File a support request](https://support.microsoft.com/supportforbusiness/productselection?sapid=e9391227-fa6d-927b-0fff-f96288631b8f).
+
+## Technical Reference
+
+### Wireless network EAP support
-### Supported wireless network EAP methods
- PEAP-MS-CHAPv2
- PEAP-TLS
-- TLS
+- TLS
- TTLS-CHAP
- TTLS-CHAPv2
- TTLS-MS-CHAPv2
- TTLS-PAP
- TTLS-TLS
-
-### Device management
- - Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4)
- - Wi-Fi network
- - Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
-
-### Upgrade to Windows Holographic for Business
-- HoloLens Enterprise license XML file
-
-
-## FAQ for HoloLens
-
-
-#### Is Windows Hello for Business supported on HoloLens?
-
-Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
-
-1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
-2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
-3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**.
-
->[!NOTE]
->Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
-
-#### Does the type of account change the sign-in behavior?
-
-Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type.
-
-- Microsoft account: signs in automatically
-- Local account: always asks for password, not configurable in **Settings**
-- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password.
-
->[!NOTE]
->Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is respected only when the device goes into StandBy.
-
-
-#### How do I remove a HoloLens device from the Intune dashboard?
-
-You cannot [unenroll](https://docs.microsoft.com/intune-user-help/unenroll-your-device-from-intune-windows) HoloLens from Intune remotely. If the administrator unenrolls the device using MDM, the device will age out of the Intune dashboard.
-
-
-## Related resources
-
-[Getting started with Azure Active Directory Premium](https://azure.microsoft.com/documentation/articles/active-directory-get-started-premium/)
-
-[Get started with Intune](https://docs.microsoft.com/intune/understand-explore/get-started-with-a-30-day-trial-of-microsoft-intune)
-
-[Enroll devices for management in Intune](https://docs.microsoft.com/intune/deploy-use/enroll-devices-in-microsoft-intune#supported-device-platforms)
-
-[Azure AD editions](https://azure.microsoft.com/documentation/articles/active-directory-editions/)
-
diff --git a/devices/hololens/hololens-setup.md b/devices/hololens/hololens-setup.md
deleted file mode 100644
index 0f62fc2e6e..0000000000
--- a/devices/hololens/hololens-setup.md
+++ /dev/null
@@ -1,44 +0,0 @@
----
-title: Set up HoloLens (HoloLens)
-description: The first time you set up HoloLens, you'll need a Wi-Fi network and either a Microsoft or Azure Active Directory account.
-ms.prod: hololens
-ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/27/2017
----
-
-# Set up HoloLens
-
-Before you get started setting up your HoloLens, make sure you have a Wi-Fi network and a Microsoft account or an Azure Active Directory (Azure AD) account.
-
-## Network connectivity requirements
-
-The first time you use your HoloLens, you'll be guided through connecting to a Wi-Fi network. You need to connect HoloLens to a Wi-Fi network with Internet connectivity so that the user account can be authenticated.
-
-- It can be an open Wi-Fi or password-protected Wi-Fi network.
-- The Wi-Fi network cannot require certificates to connect.
-- The Wi-Fi network does not need to provide access to enterprise resources or intranet sites.
-
-## HoloLens setup
-
-The HoloLens setup process combines a quick tutorial on using HoloLens with the steps needed to connect to the network and add an account.
-
-1. Be sure your HoloLens is [charged](https://support.microsoft.com/help/12627), then [adjust it](https://support.microsoft.com/help/12632) for a comfortable fit.
-2. [Turn on HoloLens](https://support.microsoft.com/help/12642). You will be guided through a calibration procedure and how to perform [the gestures](https://support.microsoft.com/help/12644/hololens-use-gestures) that you will use to operate HoloLens.
-3. Next, you'll be guided through connecting to a Wi-Fi network.
-4. After HoloLens connects to the Wi-Fi network, you select between **My work or school owns it** and **I own it**.
- - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens will be enrolled in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
- 1. Enter your organizational account.
- 2. Accept privacy statement.
- 3. Sign in using your Azure AD credentials. This may redirect to your organization's sign-in page.
- 4. Continue with device setup.
- - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [enroll HoloLens in device management manually](hololens-enroll-mdm.md#enroll-through-settings-app).
- 1. Enter your Microsoft account.
- 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process.
-5. The device sets your time zone based on information obtained from the Wi-Fi network.
-6. Next, you learn how to perform the bloom gesture and how to select and place the Start screen. After you place the Start screen, setup is complete and you can begin using HoloLens.
-
-
diff --git a/devices/hololens/hololens-spaces.md b/devices/hololens/hololens-spaces.md
index 19307fdfb6..26790eacca 100644
--- a/devices/hololens/hololens-spaces.md
+++ b/devices/hololens/hololens-spaces.md
@@ -1,69 +1,114 @@
---
-title: How HoloLens stores data for spaces (HoloLens)
-description:
+title: Mapping physical spaces with HoloLens
+description: HoloLens learns what a space looks like over time. Users can facilitate this process by moving the HoloLens in certain ways through the space.
+ms.assetid: bd55ecd1-697a-4b09-8274-48d1499fcb0b
+author: dorreneb
+ms.author: dobrown
+ms.date: 09/16/2019
+keywords: hololens, Windows Mixed Reality, design, spatial mapping, HoloLens, surface reconstruction, mesh, head tracking, mapping
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
ms.topic: article
-ms.localizationpriority: medium
-ms.date: 11/05/2018
+ms.localizationpriority: high
+appliesto:
+- HoloLens 1 (1st gen)
+- HoloLens 2
---
-# How HoloLens stores data for spaces
+# Mapping physical spaces with HoloLens
-In the Windows 10, version 1803 update for Microsoft HoloLens, the mapping data for [spaces](https://support.microsoft.com/help/13760/hololens-spaces-on-hololens) is stored in a local database.
+HoloLens blends holograms with your physical world. To do that, HoloLens has to learn about the physical world around you and remember where you place holograms within that space.
-The map database is not exposed to a user of the device, even when plugged into a PC or when using the File Explorer app. When BitLocker is enabled, the stored map data is also encrypted with the entire volume.
+Over time, the HoloLens builds up a *spatial map* of the environment that it has seen. HoloLens updates the map as the environment changes. As long as you are logged in and the device is turned on, HoloLens creates and updates your spatial maps. If you hold or wear the device with the cameras pointed at a space, the HoloLens tries to map the area. While the HoloLens learns a space naturally over time, there are ways in which you can help HoloLens map your space more quickly and efficiently.
-Holograms that are anchored within the same map section are considered to be “nearby” in the current space.
+> [!NOTE]
+> If your HoloLens can’t map your space or is out of calibration, HoloLens may enter Limited mode. In Limited mode, you won’t be able to place holograms in your surroundings.
+This article explains how HoloLens maps spaces, how to improve spatial mapping, and how to manage the spatial data that HoloLens collects.
-## Frequently asked questions
+## Choosing and setting up and your space
-**How can I remove map data and known spaces from the HoloLens?**
+Features in your environment can make it difficult for the HoloLens to interpret a space. Light levels, materials in the space, the layout of objects, and more can all affect how HoloLens maps an area.
-There are two options for deleting map data in **Settings > System > Holograms**:
+HoloLens works best in certain kinds of environments. To produce the best spatial map, choose a room that has adequate light and plenty of space. Avoid dark spaces and rooms that have a lot of dark, shiny, or translucent surfaces (for instance, mirrors or gauzy curtains).
-- Select **Remove nearby holograms** to delete nearby holograms, clearing the map data and anchored holograms for the current space. A brand new map section would be created and stored in the database for that location while the device is used there. This option can be used to clear the map data for work without affecting any map data from home, for example.
-- Select **Remove all holograms** to delete all holograms, clearing all locally stored map data and anchored holograms. No holograms will be rediscovered and any holograms need to be newly placed.
+HoloLens is optimized for indoor use. Spatial mapping also works best when Wi-Fi is turned on, although it doesn't have to be connected to a network. HoloLens can obtain Wi-Fi access points even if it is not connected or authenticated. HoloLens functionality does not change whether the access points are internet-connected or intranet/local only.
->[!NOTE]
->When you remove nearby or all holograms, HoloLens immediately starts scanning and mapping the current space.
+Only use HoloLens in safe places with no tripping hazards. [More on safety](https://support.microsoft.com/help/4023454/safety-information).
-**How does Wi-Fi data get used by HoloLens and where is the data stored?**
+## Mapping your space
-As long as Wi-Fi is enabled, map data will be correlated with nearby Wi-Fi access points. There is no difference in behavior if a network is connected or just nearby. Network characteristics are not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens.
+Now you're ready to start mapping your spare. When HoloLens starts mapping your surroundings, you'll see a mesh graphic spreading over the space. In mixed reality home, you can trigger the map to show by selecting on a mapped surface.
-Wi-Fi characteristics are stored locally to help correlate hologram locations and map sections stored within HoloLens’ database of known spaces. It’s inaccessible to users, and not sent to Microsoft via the cloud or via telemetry.
+Here are guidelines for building a great spatial map.
+### Understand the scenarios for the area
+It is important to spend the most time where you will be using the HoloLens, so that the map is relevant and complete. For example, if a user scenario for HoloLens involves moving from Point A to Point B, walk that path two to three times, looking in all directions as you move.
-**Does HoloLens need to be connected to the internet?**
+### Walk slowly around the space
-No, internet connectivity is not required. Observed Wi-Fi access points are obtained without being connected or authenticated. It does not change functionality if the access points are internet connected or intranet/local only.
+If you walk too quickly around the area, it's likely that the HoloLens will miss mapping areas. Walk slowly around the space, stopping every 5-8 feet to look around at your surroundings.
+Smooth movements also help the HoloLens map more efficiently.
+### Look in all directions
+Looking around as you map the space gives the HoloLens more data on where points are relative to each other.
+If you don't look up, for example, the HoloLens may not know where the ceiling in a room is.
-**Since HoloLens no longer requires you to select a space when Wi-Fi is disabled, how does it find the space automatically?**
+Don't forget to look down at the floor as you map the space.
-If Wi-Fi is disabled, the space search can still happen; HoloLens will need to search more of the map data within the spaces database, and finding holograms can take longer.
+### Cover key areas multiple times
-HoloLens will sense and remember spaces even when Wi-Fi is disabled, by securely storing the sensor data when holograms are placed. Without the Wi-Fi info, the space and holograms may be slower to recognize at a later time, as the HoloLens needs to compare active scans to all hologram anchors and map sections stored on the device in order to locate the correct portion of the map.
+Moving through an area multiple times will help pick up features you may have missed on the first walkthrough. To build an ideal map, try traversing an area two to three times.
-HoloLens will visually compare the current scanning data from the sensors to locally stored map sections in the entire spaces database. It will locate holograms faster if the Wi-Fi characteristics can be found, to narrow down the number of spaces to compare.
+If possible, while repeating these movements, spend time walking through an area in one direction, then turn around and walk back the way you came.
+### Take your time mapping the area
+It can take between 15 and 20 minutes for the HoloLens to fully map and adjust itself to its surroundings. If you have a space in which you plan to use a HoloLens frequently, taking that time up front to map the space can prevent issues later on.
+## Possible errors in the spatial map
-
+Errors in spatial mapping data fall into a few categories:
+- *Holes*: Real-world surfaces are missing from the spatial mapping data.
+- *Hallucinations*: Surfaces exist in the spatial mapping data that do not exist in the real world.
+- *Wormholes*: HoloLens 'loses' part of the spatial map by thinking it is in a different part of the map than it actually is.
+- *Bias*: Surfaces in the spatial mapping data are imperfectly aligned with real-world surfaces, either pushed in or pulled out.
+If you see any of these errors please use the [FeedbackHub](hololens-feedback.md) to send feedback.
+
+## Security and storage for spatial data
+
+Windows 10 version 1803 update for Microsoft HoloLens and later stores mapping data in a local (on-device) database.
+
+HoloLens users cannot directly access the map database, even when the device is plugged into a PC or when using the File Explorer app. When BitLocker is enabled on HoloLens, the stored map data is also encrypted along with the entire volume.
+
+### Remove map data and known spaces from HoloLens
+
+There are two options for deleting map data in **Settings > System > Holograms**:
+
+- To delete nearby holograms, select **Remove nearby holograms**. This command clears the map data and anchored holograms for the current space. If you continue to use the device in the same space, it creates and stores a brand new map section to replace the deleted information.
+
+ > [!NOTE]
+ > "Nearby" holograms are holograms that are anchored within the same map section in the current space.
+
+ For example, you can use this option to clear work-related map data without affecting any home-related map data.
+
+- To delete all holograms, select **Remove all holograms**. This command clears all map data that is stored on the device as well as all anchored holograms. You will need to explicitly place any holograms. You will not be able to rediscover the previously-placed holograms.
+
+> [!NOTE]
+> After you remove nearby or all holograms, HoloLens immediately starts scanning and mapping the current space.
+
+### Wi-Fi data in spatial maps
+
+HoloLens stores Wi-Fi characteristics to help correlate hologram locations and map sections that are stored within the HoloLens database of known spaces. Information about Wi-Fi characteristics is not accessible to users, and not sent to Microsoft using the cloud or using telemetry.
+
+As long as Wi-Fi is enabled, HoloLens correlates map data with nearby Wi-Fi access points. There is no difference in behavior whether a network is connected or just detected nearby. If Wi-Fi is disabled, HoloLens still searches the space. However, HoloLens has to search more of the map data within the spaces database, and may need more time to find holograms. Without the Wi-Fi info, the HoloLens has to compare active scans to all hologram anchors and map sections that are stored on the device in order to locate the correct portion of the map.
## Related topics
-- [Environment considerations for HoloLens](https://docs.microsoft.com/windows/mixed-reality/environment-considerations-for-hololens)
- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design)
-- [HoloLens and holograms: FAQ](https://support.microsoft.com/help/13456/hololens-and-holograms-faq)
diff --git a/devices/hololens/hololens-status.md b/devices/hololens/hololens-status.md
new file mode 100644
index 0000000000..e6ccdbd207
--- /dev/null
+++ b/devices/hololens/hololens-status.md
@@ -0,0 +1,36 @@
+---
+title: HoloLens status
+description: Shows the status of HoloLens online services.
+author: todmccoy
+ms.author: v-todmc
+ms.reviewer: luoreill
+manager: jarrettr
+audience: Admin
+ms.topic: article
+ms.prod: hololens
+ms.localizationpriority: high
+ms.sitesec: library
+---
+
+# HoloLens status
+
+✔️ **All services are active**
+
+**Key** ✔️ Good, ⓘ Information, ⚠ Warning, ❌ Critical
+
+Area|HoloLens (1st gen)|HoloLens 2
+----|:----:|:----:
+[Azure services](https://status.azure.com/status)|✔️|✔️
+[Store app](https://www.microsoft.com/store/collections/hlgettingstarted/hololens)|✔️|✔️
+[Apps](https://www.microsoft.com/hololens/apps)|✔️|✔️
+[MDM](https://docs.microsoft.com/hololens/hololens-enroll-mdm)|✔️|✔️
+
+## Notes and related topics
+
+[Frequently asked questions about using Skype for HoloLens](https://support.skype.com/faq/FA34641/frequently-asked-questions-about-using-skype-for-hololens)
+
+For more details about the status of the myriad Azure Services that can connect to HoloLens, see [Azure status](https://azure.microsoft.com/status/).
+
+For more details about current known issues, see [HoloLens known issues](hololens-known-issues.md).
+
+Follow HoloLens on [Twitter](https://twitter.com/HoloLens) and subscribe on [Reddit](https://www.reddit.com/r/HoloLens/).
diff --git a/devices/hololens/hololens-troubleshooting.md b/devices/hololens/hololens-troubleshooting.md
new file mode 100644
index 0000000000..7102984f4c
--- /dev/null
+++ b/devices/hololens/hololens-troubleshooting.md
@@ -0,0 +1,94 @@
+---
+title: HoloLens troubleshooting
+description: Solutions for common HoloLens issues.
+author: mattzmsft
+ms.author: mazeller
+ms.date: 12/02/2019
+ms.prod: hololens
+ms.topic: article
+ms.custom: CSSTroubleshooting
+audience: ITPro
+ms.localizationpriority: medium
+keywords: issues, bug, troubleshoot, fix, help, support, HoloLens
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Troubleshooting HoloLens issues
+
+This article describes how to resolve several common HoloLens issues.
+
+## My HoloLens is unresponsive or won’t start
+
+If your HoloLens won't start:
+
+- If the LEDs next to the power button don't light up, or only one LED briefly blinks, you may need to charge your HoloLens.
+- If the LEDs light up when you press the power button but you can't see anything on the displays, hold the power button until all five of the LEDs turn off.
+
+If your HoloLens becomes frozen or unresponsive:
+
+- Turn off your HoloLens by pressing the power button until all five of the LEDs turn themselves off, or for 10 seconds if the LEDs are unresponsive. To start your HoloLens, press the power button again.
+
+If these steps don't work, you can try [recovering your device](hololens-recovery.md).
+
+## Holograms don't look good
+
+If your holograms are unstable, jumpy, or don’t look right, try:
+
+- Cleaning your device visor and sensor bar on the front of your HoloLens.
+- Increasing the light in your room.
+- Walking around and looking at your surroundings so that HoloLens can scan them more completely.
+- Calibrating your HoloLens for your eyes. Go to **Settings** > **System** > **Utilities**. Under **Calibration**, select **Open Calibration**.
+
+## HoloLens doesn’t respond to gestures
+
+To make sure that HoloLens can see your gestures. Keep your hand in the gesture frame - when HoloLens can see your hand, the cursor changes from a dot to a ring.
+
+Learn more about using gestures on [HoloLens (1st gen)](hololens1-basic-usage.md#use-hololens-with-your-hands) or [HoloLens 2](hololens2-basic-usage.md#the-hand-tracking-frame).
+
+If your environment is too dark, HoloLens might not see your hand, so make sure that there’s enough light.
+
+If your visor has fingerprints or smudges, use the microfiber cleaning cloth that came with the HoloLens to clean your visor gently.
+
+## HoloLens doesn’t respond to my voice commands
+
+If Cortana isn’t responding to your voice commands, make sure Cortana is turned on. On the All apps list, select **Cortana** > **Menu** > **Notebook** > **Settings** to make changes. To learn more about what you can say, see [Use your voice with HoloLens](hololens-cortana.md).
+
+## I can’t place holograms or see holograms that I previously placed
+
+If HoloLens can’t map or load your space, it enters Limited mode and you won’t be able to place holograms or see holograms that you’ve placed. Here are some things to try:
+
+- Make sure that there’s enough light in your environment so HoloLens can see and map the space.
+- Make sure that you’re connected to a Wi-Fi network. If you’re not connected to Wi-Fi, HoloLens can’t identify and load a known space.
+- If you need to create a new space, connect to Wi-Fi, then restart your HoloLens.
+- To see if the correct space is active, or to manually load a space, go to **Settings** > **System** > **Spaces**.
+- If the correct space is loaded and you’re still having problems, the space may be corrupt. To fix this issue, select the space, then select **Remove**. After you remove the space, HoloLens starts to map your surroundings and create a new space.
+
+## My HoloLens can’t tell what space I’m in
+
+If your HoloLens can’t identify and load the space you’re in automatically, check the following factors:
+
+- Make sure that you’re connected to Wi-Fi
+- Make sure that there’s plenty of light in the room
+- Make sure that there haven’t been any major changes to the surroundings.
+
+You can also load a space manually or manage your spaces by going to **Settings** > **System** > **Spaces**.
+
+## I’m getting a “low disk space” error
+
+You’ll need to free up some storage space by doing one or more of the following:
+
+- Delete some unused spaces. Go to **Settings** > **System** > **Spaces**, select a space that you no longer need, and then select **Remove**.
+- Remove some of the holograms that you’ve placed.
+- Delete some pictures and videos from the Photos app.
+- Uninstall some apps from your HoloLens. In the **All apps** list, tap and hold the app you want to uninstall, and then select **Uninstall**.
+
+## My HoloLens can’t create a new space
+
+The most likely problem is that you’re running low on storage space. Try one of the [previous tips](#im-getting-a-low-disk-space-error) to free up some disk space.
+
+## The HoloLens emulators isn't working
+
+Information about the HoloLens emulator is located in our developer documentation. Read more about [troubleshooting the HoloLens emulator](https://docs.microsoft.com/windows/mixed-reality/using-the-hololens-emulator#troubleshooting).
diff --git a/devices/hololens/hololens-update-hololens.md b/devices/hololens/hololens-update-hololens.md
new file mode 100644
index 0000000000..14d8993c95
--- /dev/null
+++ b/devices/hololens/hololens-update-hololens.md
@@ -0,0 +1,92 @@
+---
+title: Update HoloLens
+description: Check your HoloLens' build number, update, and roll back updates.
+keywords: how-to, update, roll back, HoloLens, check build, build number
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 11/27/2019
+audience: ITPro
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# Update HoloLens
+
+HoloLens uses Windows Update, just like other Windows 10 devices. Your HoloLens will automatically download and install system updates whenever it is plugged-in to power and connected to the Internet, even when it is in standby.
+
+This article will walk through HoloLens tools for:
+
+- viewing your current operating system version (build number)
+- checking for updates
+- manually updating HoloLens
+- rolling back to an older update
+
+## Check your operating system version (build number)
+
+You can verify the system version number, (build number) by opening the Settings app and selecting **System** > **About**.
+
+## Check for updates and manually update
+
+You can check for updates any time in settings. To see available updates and check for new updates:
+
+1. Open the **Settings** app.
+1. Navigate to **Update & Security** > **Windows Update**.
+1. Select **Check for updates**.
+
+If an update is available, it will start downloading the new version. After the download is complete, select the **Restart Now** button to trigger the installation. If your device is below 40% and not plugged in, restarting will not start installing the update.
+
+While your HoloLens is installing the update, it will display spinning gears and a progress indicator. Do not turn off your HoloLens during this time. It will restart automatically once it has completed the installation.
+
+HoloLens applies one update at a time. If your HoloLens is more than one version behind the latest you may need to run through the update process multiple times to get it fully up to date.
+
+## Go back to a previous version - HoloLens 2
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 2, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
+1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
+1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using a USB-A to USB-C cable. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+## Go back to a previous version - HoloLens (1st Gen)
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 1, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
+1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+> [!NOTE]
+> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+
+## Windows Insider Program on HoloLens
+
+Want to see the latest features in HoloLens? If so, join the Windows Insider Program; you'll get access to preview builds of HoloLens software updates before they're available to the general public.
+
+[Get Windows Insider preview for Microsoft HoloLens](hololens-insider.md).
diff --git a/devices/hololens/hololens-updates.md b/devices/hololens/hololens-updates.md
index 9ea1e9de34..e0b662bd3d 100644
--- a/devices/hololens/hololens-updates.md
+++ b/devices/hololens/hololens-updates.md
@@ -1,43 +1,97 @@
---
-title: Manage updates to HoloLens (HoloLens)
+title: Managing updates to HoloLens
description: Administrators can use mobile device management to manage updates to HoloLens devices.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: Teresa-Motiv
+ms.author: v-tea
+audience: ITPro
ms.topic: article
-ms.localizationpriority: medium
-ms.date: 04/30/2018
+ms.localizationpriority: high
+ms.date: 11/7/2019
+ms.reviewer: jarrettr
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
---
-# Manage updates to HoloLens
+# Managing HoloLens updates
->**Looking for how to get the latest update? See [Update HoloLens](https://support.microsoft.com/help/12643/hololens-update-hololens).**
+HoloLens uses Windows Update, just like other Windows 10 devices. When an update is available, it will be automatically downloaded and installed the next time your device is plugged in and connected to the Internet.
+
+This article will walk through all of the way to manage updates on HoloLens.
+
+## Manually check for updates
+
+While HoloLens periodically checks for system updates so you don't have to, there may be circumstances in which you want to manually check.
+
+To manually check for updates, go to **Settings** > **Update & Security** > **Check for updates**. If the Settings app says your device is up to date, you have all the updates that are currently available.
+
+## Go back to a previous version (HoloLens 2)
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Advanced Recovery Companion to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens 2, follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from the Microsoft Store.
+1. Download the [most recent HoloLens 2 release](https://aka.ms/hololens2download).
+1. When you have finished these downloads, open **File explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using a USB-A to USB-C cable . (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The Advanced Recovery Companion automatically detects your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and then select the installation file contained in the folder that you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+## Go back to a previous version (HoloLens (1st gen))
+
+In some cases, you might want to go back to a previous version of the HoloLens software. You can do this by using the Windows Device Recovery Tool to reset your HoloLens to the earlier version.
+
+> [!NOTE]
+> Going back to an earlier version deletes your personal files and settings.
+
+To go back to a previous version of HoloLens (1st gen), follow these steps:
+
+1. Make sure that you don't have any phones or Windows devices plugged in to your PC.
+1. On your PC, download the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the [HoloLens Anniversary Update recovery package](https://aka.ms/hololensrecovery).
+1. When the downloads finish, open **File explorer** > **Downloads**. Right-click the zipped folder you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using the micro-USB cable that it came with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. The WDRT will automatically detect your HoloLens. Select the **Microsoft HoloLens** tile.
+1. On the next screen, select **Manual package selection** and choose the installation file contained in the folder you unzipped in step 4. (Look for a file with the .ffu extension.)
+1. Select **Install software**, and follow the instructions.
+
+> [!NOTE]
+> If the WDRT doesn't detect your HoloLens, try restarting your PC. If that doesn't work, select **My device was not detected**, select **Microsoft HoloLens**, and then follow the instructions.
+
+# Use policies to manage updates to HoloLens
>[!NOTE]
->HoloLens devices must be [upgraded to Windows Holographic for Business](hololens-upgrade-enterprise.md) to manage updates.
-
-For a complete list of Update policies, see [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business).
+>HoloLens (1st gen) devices must be [upgraded to Windows Holographic for Business](hololens1-upgrade-enterprise.md) to manage updates.
To configure how and when updates are applied, use the following policies:
-- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
-- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
-- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
+
+- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
+- [Update/ScheduledInstallDay](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstallday)
+- [Update/ScheduledInstallTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-scheduledinstalltime)
To turn off the automatic check for updates, set the following policy to value **5** – Turn off Automatic Updates:
+
- [Update/AllowAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowautoupdate)
In Microsoft Intune, you can use **Automatic Update Behavior** to change this policy. (See [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure))
-For devices on Windows 10, version 1607 only: You can use the following update policies to configure devices to get updates from Windows Server Update Service (WSUS) instead of Windows Update:
+For devices on Windows 10, version 1607 only: You can use the following update policies to configure devices and get updates from the Windows Server Update Service (WSUS), instead of Windows Update:
-- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice)
-- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
-- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl)
+- [Update/AllowUpdateService](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-allowupdateservice)
+- [Update/RequireUpdateApproval](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-requireupdateapproval)
+- [Update/UpdateServiceUrl](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update#update-updateserviceurl)
+For more information about using policies to manage HoloLens, see the following articles:
-
-## Related topics
-
+- [Policies supported by HoloLens 2](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#policies-supported-by-hololens-2)
- [Policies supported by Windows Holographic for Business](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#a-href-idhololenspoliciesapolicies-supported-by-windows-holographic-for-business)
- [Manage software updates in Microsoft Intune](https://docs.microsoft.com/intune/windows-update-for-business-configure)
diff --git a/devices/hololens/hololens-upgrade-enterprise.md b/devices/hololens/hololens-upgrade-enterprise.md
deleted file mode 100644
index f7da9a892b..0000000000
--- a/devices/hololens/hololens-upgrade-enterprise.md
+++ /dev/null
@@ -1,100 +0,0 @@
----
-title: Unlock Windows Holographic for Business features (HoloLens)
-description: HoloLens provides extra features designed for business when you upgrade to Windows Holographic for Business.
-ms.prod: hololens
-ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
-ms.topic: article
-ms.localizationpriority: medium
-ms.date: 07/09/2018
----
-
-# Unlock Windows Holographic for Business features
-
-
-
-Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the [Commercial Suite](https://docs.microsoft.com/windows/mixed-reality/commercial-features), which provides extra features designed for business.
-
-When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. This license can be applied to the device either through the organization's [mobile device management (MDM) provider](#edition-upgrade-using-mdm) or a [provisioning package](#edition-upgrade-using-a-provisioning-package).
-
->[!TIP]
->In Windows 10, version 1803, you can tell that the HoloLens has been upgraded to the business edition in **Settings** > **System**.
-
-
-
-## Edition upgrade using MDM
-
-The enterprise license can be applied by any MDM provider that supports the [WindowsLicensing configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904983.aspx). The latest version of the Microsoft MDM API will support WindowsLicensing CSP.
-
-For step-by-step instructions for upgrading HoloLens using Microsoft Intune, see [Upgrade devices running Windows Holographic to Windows Holographic for Business](https://docs.microsoft.com/intune/holographic-upgrade).
-
- On other MDM providers, the specific steps for setting up and deploying the policy might vary.
-
-
-
-## Edition upgrade using a provisioning package
-
-Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device.
-
-### Create a provisioning package that upgrades the Windows Holographic edition
-
-1. [Create a provisioning package for HoloLens.](hololens-provisioning.md)
-
-2. Go to **Runtime settings** > **EditionUpgrade**, and select **EditionUpgradeWithLicense**.
-
- 
-
-2. Browse to and select the XML license file that was provided when you purchased the Commercial Suite.
-
- >[!NOTE]
- >You can configure [additional settings in the provisioning package](hololens-provisioning.md).
-
-3. On the **File** menu, click **Save**.
-
-4. Read the warning that project files may contain sensitive information, and click **OK**.
-
- >[!IMPORTANT]
- >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-3. On the **Export** menu, click **Provisioning package**.
-
-4. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next**.
-
-5. Set a value for **Package Version**.
-
- >[!TIP]
- >You can make changes to existing packages and change the version number to update previously applied packages.
-
-6. On the **Select security details for the provisioning package**, click **Next**.
-
-7. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
-
- Optionally, you can click **Browse** to change the default output location.
-
-8. Click **Next**.
-
-9. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
-
-10. When the build completes, click **Finish**.
-
-
-### Apply the provisioning package to HoloLens
-
-1. Connect the device via USB to a PC and start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box). HoloLens will show up as a device in File Explorer on the PC.
-
- >[!NOTE]
- >If the HoloLens device is running Windows 10, version 1607 or earlier, briefly press and release the **Volume Down** and **Power** buttons simultaneously to open File Explorer.
-
-4. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
-
-5. Briefly press and release the **Volume Down** and **Power** buttons simultaneously again while on the **fit** page.
-
-6. The device will ask you if you trust the package and would like to apply it. Confirm that you trust the package.
-
-7. You will see whether the package was applied successfully or not. If it failed, you can fix your package and try again. If it succeeded, proceed with device setup.
-
-
-
-
-
diff --git a/devices/hololens/hololens-whats-new.md b/devices/hololens/hololens-whats-new.md
index 0e17d81790..59c777fdec 100644
--- a/devices/hololens/hololens-whats-new.md
+++ b/devices/hololens/hololens-whats-new.md
@@ -3,44 +3,45 @@ title: What's new in Microsoft HoloLens (HoloLens)
description: Windows Holographic for Business gets new features in Windows 10, version 1809.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/13/2018
+ms.reviewer:
+manager: dansimp
---
# What's new in Microsoft HoloLens
## Windows 10, version 1809 for Microsoft HoloLens
-### For everyone
-
-Feature | Details
---- | ---
-Quick actions menu | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.
-Stop video capture from the Start or quick actions menu | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.)
-Project to a Miracast-enabled device | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode.
-New notifications | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture).
-HoloLens overlays (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps.
-Visual feedback overlay UI for volume change | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level.
-New UI for device boot | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo.
-Share UX: Nearby Sharing | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with.
-Share from Microsoft Edge | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content.
+> **Applies to:** Hololens (1st gen)
+### For everyone
+| Feature | Details |
+|---|---|
+| **Quick actions menu** | When you're in an app, the Bloom gesture will now open a Quick actions menu to give you quick access to commonly used system features without having to leave the app. See [Set up HoloLens in kiosk mode](hololens-kiosk.md) for information about the Quick actions menu in kiosk mode.
 |
+| **Stop video capture from the Start or quick actions menu** | If you start video capture from the Start menu or quick actions menu, you’ll be able to stop recording from the same place. (Don’t forget, you can always do this with voice commands too.) |
+| **Project to a Miracast-enabled device** | Project your HoloLens content to a nearby Surface device or TV/Monitor if using Microsoft Display adapter. On **Start**, select **Connect**, and then select the device you want to project to. **Note:** You can deploy HoloLens to use Miracast projection without enabling developer mode. |
+| **New notifications** | View and respond to notification toasts on HoloLens, just like you do on a PC. Gaze to respond to or dismiss them (or if you’re in an immersive experience, use the bloom gesture). |
+| **HoloLens overlays** (file picker, keyboard, dialogs, etc.) | You’ll now see overlays such as the keyboard, dialogs, file picker, etc. when using immersive apps. |
+| **Visual feedback overlay UI for volume change** | When you use the volume up/down buttons on your HoloLens you’ll see a visual display of the volume level. |
+| **New UI for device boot** | A loading indicator was added during the boot process to provide visual feedback that the system is loading. Reboot your device to see the new loading indicator—it’s between the "Hello" message and the Windows boot logo. |
+| **Nearby sharing** | Addition of the Windows Nearby Sharing experience, allowing you to share a capture with a nearby Windows device. When you capture a photo or video on HoloLens (or use the share button from an app such as Microsoft Edge), select a nearby Windows device to share with. |
+| **Share from Microsoft Edge** | Share button is now available on Microsoft Edge windows on HoloLens. In Microsoft Edge, select **Share**. Use the HoloLens share picker to share web content. |
-### For administrators
+### For administrators
-
-Feature | Details
---- | ---
-[Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**.
-Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration.
-PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. | When signing in as **Other User**, the PIN option is now available under **Sign-In options**.
-Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. **Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in.
-Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions.
-Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions.
+| Feature | Details |
+|---|----|
+| [Enable post-setup provisioning](hololens-provisioning.md) | You can now apply a runtime provisioning package at any time using **Settings**. |
+| Assigned access with Azure AD groups | You can now use Azure AD groups for configuration of Windows assigned access to set up single or multi-app kiosk configuration. |
+| PIN sign-in on profile switch from sign-in screen | PIN sign-in is now available for **Other User**. |
+| Sign in with Web Credential Provider using password | You can now select the Globe sign-in option to launch web sign-in with your password. From the sign-in screen, select **Sign-In options** and select the Globe option to launch web sign-in. Enter your user name if needed, then your password. **Note:** You can choose to bypass any PIN/Smartcard options when prompted during web sign-in. |
+| Read device hardware info through MDM so devices can be tracked by serial # | IT administrators can see and track HoloLens by device serial number in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
+| Set HoloLens device name through MDM (rename) | IT administrators can see and rename HoloLens devices in their MDM console. Refer to your MDM documentation for feature availability and instructions. |
### For international customers
@@ -50,15 +51,16 @@ Feature | Details
Localized Chinese and Japanese builds | Use HoloLens with localized user interface for Simplified Chinese or Japanese, including localized Pinyin keyboard, dictation, and voice commands.
Speech Synthesis (TTS) | Speech synthesis feature now supports Chinese, Japanese, and English.
-[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens-install-localized.md)
+[Learn how to install the Chinese and Japanese versions of HoloLens.](hololens1-install-localized.md)
-
## Windows 10, version 1803 for Microsoft HoloLens
+> **Applies to:** Hololens (1st gen)
+
Windows 10, version 1803, is the first feature update to Windows Holographic for Business since its release in Windows 10, version 1607. This update introduces the following changes:
-- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md).
+- Previously, you could only verify that upgrade license for Commercial Suite had been applied to your HoloLens device by checking to see if VPN was an available option on the device. Now, **Settings** > **System** will display **Windows Holographic for Business** after the upgrade license is applied. [Learn how to unlock Windows Holographic for Business features](hololens1-upgrade-enterprise.md).
- You can view the operating system build number in device properties in the File Explorer app and in the [Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq).
@@ -83,14 +85,3 @@ Windows 10, version 1803, is the first feature update to Windows Holographic for
- Individual users can sync their corporate email without enrolling their device in mobile device management (MDM). You can use the device with a Microsoft Account, download and install the Mail app, and add an email account directly.
- You can check the MDM sync status for a device in **Settings** > **Accounts** > **Access Work or School** > **Info**. In the **Device sync status** section, you can start a sync, see areas managed by MDM, and create and export an advanced diagnostics report.
-
-
-
-
-
-## Additional resources
-
-- [Reset or recover your HoloLens](https://developer.microsoft.com/windows/mixed-reality/reset_or_recover_your_hololens)
-- [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens)
-- [Manage devices running Windows Holographic with Microsoft Intune](https://docs.microsoft.com/intune/windows-holographic-for-business)
-
diff --git a/devices/hololens/hololens1-basic-usage.md b/devices/hololens/hololens1-basic-usage.md
new file mode 100644
index 0000000000..282eaada0a
--- /dev/null
+++ b/devices/hololens/hololens1-basic-usage.md
@@ -0,0 +1,138 @@
+---
+title: Getting around HoloLens (1st gen)
+description: A brief tour of the HoloLens (1st gen) interface
+ms.assetid: 064f7eb0-190e-4643-abeb-ed3b09312042
+ms.date: 9/16/2019
+ms.reviewer: jarrettr
+manager: jarrettr
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+---
+
+# Getting around HoloLens (1st gen)
+
+Ready to step into the world of holograms? Here's some information to get started.
+
+This guide provides an intro to mixed reality, gestures for interacting with holograms, and an intro to Windows Holographic.
+
+## Discover mixed reality
+
+On HoloLens, holograms blend with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can still see your surroundings, move freely, and interact with other people and objects. We call this experience "mixed reality."
+
+The holographic frame positions your holograms where your eyes are most sensitive to detail, and the see-through lenses leave your peripheral vision unobscured. With spatial sound, you can pinpoint a hologram even if it’s behind you. And because HoloLens learns and understands your environment, you can place holograms on and around real objects—and so can your apps and games. So a character in a game might sit down on your sofa, or [space robots could bust out of your walls](https://www.microsoft.com/store/apps/9nblggh5fv3j).
+
+## Use HoloLens with your hands
+
+Getting around HoloLens is a lot like using your smart phone. You can use your hands to manipulate holographic windows, menus, and buttons. Instead of pointing, clicking, or tapping, you'll use your gaze, your [voice](hololens-cortana.md), and gestures to select apps and holograms and to get around HoloLens.
+
+When you know these basic interactions, getting around on HoloLens will be a snap.
+
+We'll walk you through the basics the first time you use your HoloLens. You'll also find a gesture tutorial on your **Start** menu—look for the Learn Gestures app.
+
+### The hand-tracking frame
+
+HoloLens has sensors that can see a few feet to either side of you. When you use your hands, you'll need to keep them inside that frame, or HoloLens won't see them. As you move around, the frame moves with you.
+
+
+
+### Open the Start menu with bloom
+
+To open the **Start** menu:
+
+1. Hold your hand in front of you so it's in the gesture frame.
+1. Bloom: bring all of your fingers together then open your hand.
+ 
+
+### Select holograms with gaze and air tap
+
+To select an app or other hologram, air tap it while looking directly at the hologram you're selecting. To do this, follow these steps:
+
+1. Gaze at the hologram you want to select.
+1. Point your index finger straight up toward the ceiling.
+1. Air tap: lower your finger, then quickly raise it.
+ 
+
+### Select a hologram by using your voice
+
+1. The gaze cursor is a dot that you move around by moving your head. You can use it to target voice commands with precision.
+1. Gaze at the hologram that you want to select.
+1. To select the hologram, say "Select."
+
+## Holograms and apps
+
+Now it's time to put gestures to the test!
+
+You'll find your installed apps in the [Start menu](holographic-home.md) and there are more apps for HoloLens (1st gen) in the Microsoft Store.
+
+Open the **Start** menu and select an app!
+
+Using apps on HoloLens is a little different from on a PC: Some apps use a 2D view and look like other Windows applications. Other apps (immersive apps) use a 3D view and when you launch them, they become the only app you see.
+
+When you place an app window or app launcher, it will stay put until you remove it. You can move or resize these holograms in your mixed reality home at any time.
+
+## Move, resize, and rotate apps
+
+Moving and resizing apps on HoloLens works a bit differently than it does on a PC. Instead of dragging the app, you'll use your gaze, along with a [gesture](https://support.microsoft.com/help/12644/hololens-use-gestures) or the [clicker](hololens1-clicker.md). You can also rotate an app window in 3D space.
+
+> [!TIP]
+> Rearrange apps using your voice - gaze at an app and say "Face me," "Bigger," or "Smaller." Or have Cortana move an app for you: say "Hey Cortana, move \**app name\** here."
+
+### Move an app
+
+Gaze at the app (at the title bar of an app window), and then do one of the following.
+
+- Tap and hold to select the app. Move your hand to position the app, and raise your finger to place it.
+- Select **Adjust**, tap and hold, and move your hand to position the app. Raise your finger to place it, then select **Done**.
+- Select **Adjust**, click and hold the clicker, and move your hand to position the app. Release the clicker, then select **Done**.
+
+> [!TIP]
+> If you drop apps when you move them, make sure to keep your hand in the gesture frame by following it with your gaze.
+
+### Resize an app
+
+Gaze at the app, and then do one of the following.
+
+- Gaze at a corner or edge of an app window, and tap and hold. Move your hand to change the app's size, and raise your finger when you're done.
+- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, tap and hold, then move your hand to resize the app. Raise your finger to release it, then select **Done**.
+- Select **Adjust**. Gaze at one of the blue squares at the corners of the app, click and hold the clicker, then move your hand to resize the app. Release the clicker, then select **Done**.
+
+> [!TIP]
+> In Adjust mode, you can move or resize any hologram.
+
+### Rotate an app
+
+Gaze at the app, and tap and hold with both hands to select it. Rotate the app by keeping one hand steady and moving your other hand around it. When you're done, raise both index fingers.
+
+### Scroll content in an app window
+
+Gaze at the content of the app window. Tap and hold and then move your hand slightly upwards or downwards to scroll the content.
+
+## Meet the HoloLens (1st gen) Clicker
+
+The [HoloLens (1st Gen) clicker](hololens1-clicker.md) gives you another way to interact with holograms. [Pair it](hololens-connect-devices.md) with your HoloLens and then use it along with your gaze to select, scroll, and more.
+
+## Next steps
+
+Congratulations! you're ready to use HoloLens (1st gen).
+
+Now you can configure your HoloLens (1st gen) to meet your specific needs.
+
+[Connect bluetooth devices like mouse and keyboard](hololens-connect-devices.md)
+
+[Learn more about Voice and Cortana](hololens-cortana.md)
+
+### Help! I don't see my holograms
+
+If you don’t see holograms that you’ve placed while using HoloLens, here are some things to try:
+
+- Make sure that you’re looking in the right area—remember, holograms stay where you left them!
+- Make sure that you're in a well-lit room without a lot of direct sunlight.
+- Wait. When HoloLens has trouble recognizing your space, previously placed holograms can take up to a minute to reappear.
+- If issue persists, you may want to clear out your Holograms storage data in **Settings** > **System** > **Holograms**, then place holograms in mixed reality home again.
diff --git a/devices/hololens/hololens1-clicker.md b/devices/hololens/hololens1-clicker.md
new file mode 100644
index 0000000000..9da6a40ba5
--- /dev/null
+++ b/devices/hololens/hololens1-clicker.md
@@ -0,0 +1,97 @@
+---
+title: Use the HoloLens clicker
+description: This article outlines how to use the HoloLens clicker, including clicker pairing, charging, and recovery.
+ms.assetid: 7d4a30fd-cf1d-4c9a-8eb1-1968ccecbe59
+ms.date: 09/16/2019
+manager: jarrettr
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+---
+
+# Use the HoloLens (1st gen) clicker
+
+The clicker was designed specifically for HoloLens (1st gen) and gives you another way to interact with holograms. It comes with HoloLens (1st gen), in a separate box.
+
+Use it in place of hand gestures to select, scroll, move, and resize apps.
+
+## Clicker hardware and pairing
+
+The HoloLens (1st gen) clicker has a finger loop to make it easier to hold, and an indicator light.
+
+
+
+### Clicker indicator lights
+
+Here's what the lights on the clicker mean.
+
+- **Blinking white**. The clicker is in pairing mode.
+- **Fast-blinking white**. Pairing was successful.
+- **Solid white**. The clicker is charging.
+- **Blinking amber**. The battery is low.
+- **Solid amber**. The clicker ran into an error and you'll need to restart it. While pressing the pairing button, click and hold for 15 seconds.
+
+### Pair the clicker with your HoloLens (1st gen)
+
+1. Use the bloom gesture to go to **Start**, then select **Settings** > **Devices** and verify that Bluetooth is on.
+1. On the clicker, press and hold the pairing button until the status light blinks white.
+1. On the pairing screen, select **Clicker** > **Pair**.
+
+### Charge the clicker
+
+When the clicker battery is low, the battery indicator will blink amber. Plug the Micro USB cable into a USB power supply to charge the device.
+
+## Use the clicker with HoloLens (1st gen)
+
+### Hold the clicker
+
+To put on the clicker, slide the loop over your ring or middle finger so that the Micro USB port faces toward your wrist. Rest your thumb in the indentation.
+
+
+
+### Clicker gestures
+
+Clicker gestures are small wrist rotations, not the larger movements used for HoloLens hand gestures. And HoloLens recognizes your gestures and clicks even if the clicker is outside the [gesture frame](hololens1-basic-usage.md), so you can hold the clicker in the position that's most comfortable for you.
+
+- **Select**. To select a hologram, button, or other element, gaze at it, then click.
+
+- **Click and hold**. Click and hold your thumb down on the button to do some of the same things you would with tap and hold, such as move or resize a hologram.
+
+- **Scroll**. On the app bar, select **Scroll Tool**. Click and hold, then rotate the clicker up, down, left, or right. To scroll faster, move your hand farther from the center of the scroll tool.
+
+- **Zoom**. On the app bar, select **Zoom Tool**. Click and hold, then rotate the clicker up to zoom in, or down to zoom out.
+
+> [!TIP]
+> To zoom in or out when using Microsoft Edge, gaze at a page and double-click.
+
+## Restart or recover the clicker
+
+Here are some things to try if the HoloLens clicker is unresponsive or isn’t working well.
+
+### Restart the clicker
+
+Use the tip of a pen to press and hold the pairing button. At the same time, click and hold the clicker for 15 seconds. If the clicker was already paired with your HoloLens, it will stay paired after it restarts.
+
+If the clicker won't turn on or restart, try charging it by using the HoloLens charger. If the battery is very low, it might take a few minutes for the white indicator light to turn on.
+
+### Re-pair the clicker
+
+Select **Settings** > **Devices** and select the clicker. Select **Remove**, wait a few seconds, then pair the clicker again.
+
+### Recover the clicker
+
+If restarting and re-pairing the clicker don’t fix the problem, the Windows Device Recovery Tool can help you recover it. The recovery process may take some time, and it will install the latest version of the clicker software. To use the tool, you’ll need a computer running Windows 10 or later that has at least 4 GB of free storage space.
+
+To recover the clicker:
+
+1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
+1. Connect the clicker to your computer by using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.
diff --git a/devices/hololens/hololens1-fit-comfort-faq.md b/devices/hololens/hololens1-fit-comfort-faq.md
new file mode 100644
index 0000000000..d76375918c
--- /dev/null
+++ b/devices/hololens/hololens1-fit-comfort-faq.md
@@ -0,0 +1,64 @@
+---
+title: HoloLens (1st gen) fit and comfort frequently asked questions
+description: Answers to frequently asked questions about how to fit your HoloLens (1st gen).
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 10/09/2019
+ms.reviewer: jarrettr
+audience: ITPro
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+---
+
+# HoloLens (1st gen) fit and comfort frequently asked questions
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens (1st gen) ready to use](hololens1-setup.md).
+
+> [!NOTE]
+> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun!
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+## I'm experiencing discomfort when I use my device. What should I do?
+
+If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first.
+
+For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661).
+
+## I can't see the whole holographic frame, or my holograms are cut off
+
+To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead.
+
+## I need to look up or down to see holograms
+
+Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how:
+
+- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame.
+- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame.
+
+## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure
+
+The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens1-setup.md#adjust-fit).
+
+You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead.
+
+## My HoloLens feels heavy on my nose
+
+If your HoloLens is adjusted correctly, the nose pad should rest lightly on your nose. If it feels heavy on your nose, try rotating the visor up or adjusting the angle of the headband. You can also slide the device visor out—grasp the device arms just behind the visor and pull forward gently.
+
+## How can I adjust HoloLens to fit with my glasses?
+
+The device visor can slide in and out to accommodate eyewear. Grasp the device arms just behind the visor and pull forward gently to adjust it.
+
+## My arm gets tired when I use gestures. What can I do?
+
+When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. [Learn more about gestures](hololens1-basic-usage.md#use-hololens-with-your-hands).
+
+And be sure to try out [voice commands](hololens-cortana.md) and the [HoloLens clicker](hololens1-clicker.md).
diff --git a/devices/hololens/hololens1-hardware.md b/devices/hololens/hololens1-hardware.md
new file mode 100644
index 0000000000..285f44dd6a
--- /dev/null
+++ b/devices/hololens/hololens1-hardware.md
@@ -0,0 +1,166 @@
+---
+title: HoloLens (1st gen) hardware
+description: An outline of the components that make up Microsoft HoloLens (1st gen), the world's first fully untethered holographic computer running Windows.
+ms.assetid: 527d494e-2ab6-46ca-bd5a-bfc6b43cc833
+ms.date: 09/16/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: mattzmsft
+ms.author: mazeller
+ms.topic: article
+manager: jarrettr
+ms.localizationpriority: medium
+appliesto:
+- HoloLens (1st gen)
+---
+
+# HoloLens (1st gen) hardware
+
+
+
+Microsoft HoloLens (1st gen) is the world's first fully untethered holographic computer. HoloLens redefines personal computing through holographic experiences to empower you in new ways. HoloLens blends cutting-edge optics and sensors to deliver 3D holograms pinned to the real world around you.
+
+## HoloLens components
+
+
+
+Your HoloLens includes the following features:
+
+- **Visor**. Contains the HoloLens sensors and displays. You can rotate the visor up while you are wearing the HoloLens.
+- **Headband**. To put the HoloLens on, use the adjustment wheel to expand the headband. With the HoloLens in place, tighten the adjustment wheel until the headband is comfortable.
+- **Brightness buttons**. When you're wearing the HoloLens, the brightness buttons are on the left side of the device.
+- **Volume buttons**. When you're wearing the HoloLens, the volume buttons are on the right side of the device.
+- **Device arms**. When you pick up, put on, or take off your HoloLens, always grasp or hold it by the device arms.
+
+## In the box
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/c7ceb904-9d5f-4194-9e10-e8a949dbad7d]
+
+The HoloLens box contains the following items:
+
+- **Nose pads**. Select a nose pad that fits the shape of your nose and accommodates your eyewear.
+- **Overhead strap**. When you're wearing the HoloLens while you move around, use the overhead strap to help keep the device in place. Additionally, if you're wearing the HoloLens for extended periods, using the overhead strap may make the device more comfortable to wear.
+- **Micro USB cable**. Use the micro-USB cable to connect your HoloLens to the power supply for charging, or use it to connect your HoloLens to your computer.
+- **Power supply**. Plugs into a power outlet.
+- **Microfiber cloth**. Use the cloth to clean your HoloLens visor.
+
+>[!TIP]
+>The [clicker](hololens1-clicker.md) ships with HoloLens (1st Gen), in a separate box.
+
+### Power Supply details
+
+The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It supplies 9V at 2A.
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
+In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger.
+
+## Device specifications
+
+### Display
+
+
+
+| | |
+| - | - |
+| Optics | See-through holographic lenses (waveguides) |
+| Holographic resolution | 2 HD 16:9 light engines producing 2.3M total light points |
+| Holographic density | \>2.5k radiants (light points per radian) |
+| Eye-based rendering | Automatic pupillary distance calibration |
+
+### Sensors
+
+
+
+- 1 inertial measurement unit (IMU)
+- 4 environment understanding cameras
+- 1 depth camera
+- 1 2MP photo / HD video camera
+- Mixed reality capture
+- 4 microphones
+- 1 ambient light sensor
+
+### Input, output, and connectivity
+
+- Built-in speakers
+- Audio 3.5mm jack
+- Volume up/down
+- Brightness up/down
+- Power button
+- Battery status LEDs
+- Wi-Fi 802.11ac
+- Micro USB 2.0
+- Bluetooth 4.1 LE
+
+### Power
+
+- Battery Life
+- 2-3 hours of active use
+- Up to 2 weeks of standby time
+- Fully functional when charging
+- Passively cooled (no fans)
+
+### Processors
+
+
+
+- Intel 32-bit architecture with TPM 2.0 support
+- Custom-built Microsoft Holographic Processing Unit (HPU 1.0)
+
+### Memory
+
+- 64 GB Flash
+- 2 GB RAM
+
+### Fit
+
+| | |
+| - | - |
+| Sizing | Single size with adjustable band. Fits over glasses |
+| Weight | 579 grams |
+
+## Device capabilities
+
+Using the following to understand user actions:
+
+- Gaze tracking
+- Gesture input
+- Voice support
+
+Using the following to understand the environment:
+
+- Spatial sound
+
+## Pre-installed software
+
+- Windows 10
+- Windows Store
+- Holograms
+- Microsoft Edge
+- Photos
+- Settings
+- Windows Feedback
+- Calibration
+- Learn Gestures
+
+## Device certifications
+
+### Safety
+
+HoloLens has been tested and found to conform to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
+
+## Care and cleaning
+
+Handle your HoloLens carefully. To lift, carry, and adjust your HoloLens, use the device arms—not the overhead strap. To keep the visor free of dust and fingerprints and avoid touching it. Repeated cleaning could damage the visor, so try to keep your device clean.
+
+Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it.
+
+To clean the visor, remove any dust using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion.
+
+To clean the rest of the device, including the headband and device arms, use a lint-free cloth moistened with mild soap and water. Let your HoloLens dry completely before using it again.
+
+
+
+> [!div class="nextstepaction"]
+> [Set up and start your HoloLens (1st gen)](hololens1-setup.md)
diff --git a/devices/hololens/hololens1-install-localized.md b/devices/hololens/hololens1-install-localized.md
new file mode 100644
index 0000000000..52e4862bbe
--- /dev/null
+++ b/devices/hololens/hololens1-install-localized.md
@@ -0,0 +1,39 @@
+---
+title: Install localized versions of HoloLens
+description: Learn how to install the Chinese or Japanese versions of HoloLens
+ms.prod: hololens
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 9/16/2019
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+---
+
+# Install localized versions of HoloLens (1st gen)
+
+In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to use the Windows Device Recovery Tool (WDRT) to download the build for the language on a PC and then install it on your HoloLens.
+
+> [!IMPORTANT]
+> Using WDRT to install the Chinese or Japanese builds of HoloLens deletes existing data, such as personal files and settings, from your HoloLens.
+
+1. On your PC, download and install [the Windows Device Recovery Tool (WDRT)](https://support.microsoft.com/help/12379).
+1. Download the package for the language you want to your PC: [Simplified Chinese](https://aka.ms/hololensdownload-ch) or [Japanese](https://aka.ms/hololensdownload-jp).
+1. When the download finishes, select **File Explorer** > **Downloads**. Right-click the zipped folder that you just downloaded, and select **Extract all** > **Extract** to unzip it.
+1. Connect your HoloLens to your PC using the micro-USB cable that it shipped with. (Even if you've been using other cables to connect your HoloLens, this one works best.)
+1. After the tool automatically detects your HoloLens, select the Microsoft HoloLens tile.
+1. On the next screen, select **Manual package selection** and select the installation file that resides in the folder that you unzipped in step 4. (Look for a file that has the extension “.ffu”.)
+1. Select **Install software** and follow the instructions.
+1. After the build installs, HoloLens setup automatically starts. Put on the device and follow the setup directions.
+
+When you’re done with setup, go to **Settings** > **Update & Security** > **Windows Insider Program**, and check that you’re configured to receive the latest preview builds. Like the English preview builds, the Windows Insider Program keeps the Chinese and Japanese versions of HoloLens up-to-date with the latest preview builds.
+
+> [!NOTE]
+>
+> - You can’t use the Settings app to change the system language between English, Japanese, and Chinese. Flashing a new build is the only supported way to change the device system language.
+> - While you can use the on-screen Pinyin keyboard to enter Simplified Chinese or Japanese text, using a Bluetooth hardware keyboard to type Simplified Chinese or Japanese text is not supported at this time. However, on Chinese or Japanese HoloLens, you can continue to use a Bluetooth keyboard to type in English (to toggle a hardware keyboard to type in English, press the ~ key).
diff --git a/devices/hololens/hololens1-setup.md b/devices/hololens/hololens1-setup.md
new file mode 100644
index 0000000000..cbbc2315b7
--- /dev/null
+++ b/devices/hololens/hololens1-setup.md
@@ -0,0 +1,106 @@
+---
+title: Prepare a new HoloLens
+description: This guide walks through first time set up.
+ms.prod: hololens
+ms.sitesec: library
+author: JesseMcCulloch
+ms.author: jemccull
+ms.topic: article
+ms.localizationpriority: high
+ms.date: 8/12/2019
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- Hololens (1st gen)
+---
+
+# Get your HoloLens (1st gen) ready to use
+
+Follow along to set up a HoloLens (1st gen) for the first time.
+
+## Charge your HoloLens (1st gen)
+
+To charge your HoloLens, connect the power supply to the charging port by using the included Micro USB cable. Then plug the power supply into a power outlet. When the device is charging, the battery indicator will light up in a wave pattern.
+
+
+
+When your HoloLens is on, the battery indicator shows the battery level in increments. When only one of the five lights is on, the battery level is below 20 percent. If the battery level is critically low and you try to turn on the device, one light will blink briefly, then go out.
+
+> [!TIP]
+> To get an estimate of your current battery level, say "Hey Cortana, how much battery do I have left?"
+
+The power supply and USB cable that come with the device are the best way to charge your HoloLens (1st gen). The power supply provides 18W of power (9V 2A).
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
+## Adjust fit
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/be3cb527-f2f1-4f85-b4f7-a34fbaba980d]
+
+| | |
+|:--- |:--- |
+|1. Rotate the headband up to about 20-30 degrees.||
+|2. Push the headband back. Do not pull it back, or manipulate the band behind the hinge, because over time this can break the band.||
+|3. Turn the adjustment wheel to extend the headband all the way out. ||
+|4. Hold the device by the device arms, and place it on your head. Make sure that the headband sits at the top of your forehead, and then tighten the adjustment wheel.||
+|5. Slide the visor back, and then check the fit of the device. The headband should sit at the top of the forehead, just below your hairline, with the speakers above your ears. The lenses should be centered over your eyes.||
+
+## Turn on your HoloLens
+
+Use the power button to turn HoloLens on and off or to put it in standby mode.
+
+
+
+If your device doesn't respond or won't start, see [Restart, reset, or recover HoloLens](hololens-restart-recover.md).
+
+When your HoloLens is off or in standby, turn it on by pressing the power button for one second. If it doesn't turn on, plug it in and charge it for at least 30 minutes.
+
+> [!TIP]
+> To restart HoloLens, say "Hey Cortana, reboot the device."
+
+### Put HoloLens in standby
+
+To put your HoloLens in standby while it's turned on, press the power button once. The battery indicators blink off. To wake it from standby, press the power button again.
+
+HoloLens automatically goes into standby after 3 minutes of inactivity. When it's in standby, it automatically shuts down after 4 hours, or after the battery level drops by 10 percent.
+
+### Shut down HoloLens
+
+To shut down (turn off) HoloLens, hold the power button down for four seconds. The battery indicators turn off one by one and the device shuts down.
+
+HoloLens automatically shuts down when the battery level drops to one percent, even if it's plugged in. After you've recharged the battery to three percent, you'll be able to turn HoloLens on again.
+
+## Adjust volume and brightness
+
+The brightness and volume buttons are on top of the device arms—volume to your right and brightness to your left.
+
+
+
+## HoloLens indicator lights
+
+
+
+Not sure what the indicator lights on your HoloLens mean? Here's some help.
+
+|When the lights do this |It means |
+| - | - |
+|Scroll from the center outward. |HoloLens is starting up. |
+|Stay lit (all or some). |HoloLens is on and ready to use. Battery life is shown in 20 percent increments. |
+|Scroll, then light up, then scroll. |HoloLens is on and charging. Battery life is shown in 20 percent increments. |
+|Turn off one by one. |HoloLens is shutting down. |
+|Turn off all at once. |HoloLens is going into standby. |
+|All light up, then one blinks briefly, then all turn off. |Battery is critically low. HoloLens needs to charge. |
+|All scroll, then one blinks, then all scroll. |Battery is critically low. HoloLens is charging. |
+
+## Safety and comfort
+
+### Use in safe surroundings
+
+Use your HoloLens in a safe space that’s free of obstructions and tripping hazards. Don’t use it when you need a clear field of view and your full attention, such as while you’re operating a vehicle or doing other potentially hazardous activities.
+
+### Stay comfortable
+
+Keep your first few sessions with HoloLens brief and be sure to take breaks. If you experience discomfort, stop and rest until you feel better. This might include temporary feelings of nausea, motion sickness, dizziness, disorientation, headache, fatigue, eye strain, or dry eyes.
+
+> [!div class="nextstepaction"]
+> [Start and configure your HoloLens (1st gen)](hololens1-start.md)
diff --git a/devices/hololens/hololens1-start.md b/devices/hololens/hololens1-start.md
new file mode 100644
index 0000000000..466fc431b2
--- /dev/null
+++ b/devices/hololens/hololens1-start.md
@@ -0,0 +1,75 @@
+---
+title: Set up HoloLens (1st gen)
+description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (Azure AD) account.
+ms.assetid: 0136188e-1305-43be-906e-151d70292e87
+ms.prod: hololens
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.date: 8/12/19
+manager: jarrettr
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens (1st gen)
+---
+
+# Set up your HoloLens (1st gen)
+
+The first time you turn on your HoloLens, you'll be guided through calibrating your device, setting up your device, and signing in. This article walks through the HoloLens (1st gen) first start and setup experience.
+
+In the next section, you'll learn how to work with HoloLens and interact with holograms. To skip ahead to that article, see [Get started with HoloLens (1st gen)](hololens1-basic-usage.md).
+
+## Before you start
+
+Before you get started, make sure you have the following available:
+
+**A Wi-Fi connection**. You'll need to connect your HoloLens to a Wi-Fi network to set it up. The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md).
+
+**A Microsoft account or a work account**. You'll also need to use a Microsoft account (or a work account, if your organization owns the device) to sign in to HoloLens. If you don't have a Microsoft account, go to [account.microsoft.com](http://account.microsoft.com) and set one up for free.
+
+**A safe, well-lit space with no tripping hazards**. [Health and safety info](http://go.microsoft.com/fwlink/p/?LinkId=746661).
+
+**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](https://support.microsoft.com/help/12632/hololens-fit-your-hololens).
+
+> [!NOTE]
+>
+> - The first time that you use your HoloLens, [Cortana](hololens-cortana.md) is already on and ready to guide you (though she won't be able to respond to your questions until after you set up your device). You can turn Cortana off at any time in Cortana's settings.
+> - In order to switch to the Chinese or Japanese version of HoloLens, you’ll need to download the build for the language on a PC and then install it on your HoloLens. For more information, see [Install localized versions of HoloLens (1st gen)](hololens1-install-localized.md).
+
+## Start your Hololens and set up Windows
+
+The first time you start your HoloLens, your first task is to set up Windows Holographic on your device.
+
+1. Connect to the internet (HoloLens guides you to select Wi-Fi network).
+
+1. Sign in to your user account. Choose between **My work or school owns it** and **I own it**.
+ - When you choose **My work or school owns it**, you sign in by using an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available, so you will need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app). To sign in to your device the first time by using a work or school account, follow these steps:
+ 1. Enter your organizational account information.
+ 1. Accept the privacy statement.
+ 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page.
+ 1. Continue setting up the device.
+ - When you choose **I own it**, you sign in by using a Microsoft account. After setup is complete, you can [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app).
+ 1. Enter your Microsoft account information.
+ 1. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process.
+
+1. The device sets your time zone based on information that it obtains from the Wi-Fi network.
+
+## Calibration
+
+After Cortana introduces herself, the next setup step is calibration. For the best HoloLens experience, you should complete the calibration process during setup.
+
+HoloLens (1st gen) uses the distance between your pupils (IPD or [interpupillary distance](https://en.wikipedia.org/wiki/Interpupillary_distance)) to make holograms clear and easy to interact with. If the IPD is not correct, holograms may appear to be unstable or at an incorrect distance.
+
+During calibration, HoloLens asks you to align your finger with a series of six targets per eye. HoloLens uses this process to set the correct IPD for your eyes. If the calibration needs to be updated or adjusted for a new user, the new user can run the Calibration app outside of setup.
+
+
+
+*IPD finger-alignment screen at second step*
+
+Congratulations! Setup is complete and you can begin using HoloLens.
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Get started with HoloLens (1st gen)](hololens1-basic-usage.md)
diff --git a/devices/hololens/hololens1-upgrade-enterprise.md b/devices/hololens/hololens1-upgrade-enterprise.md
new file mode 100644
index 0000000000..5e535af10d
--- /dev/null
+++ b/devices/hololens/hololens1-upgrade-enterprise.md
@@ -0,0 +1,91 @@
+---
+title: Unlock Windows Holographic for Business features
+description: When you upgrade to Windows Holographic for Business, HoloLens provides extra features that are designed for business.
+ms.prod: hololens
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 9/16/2019
+ms.reviewer:
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+---
+
+# Unlock Windows Holographic for Business features
+
+Microsoft HoloLens is available in the *Development Edition*, which runs Windows Holographic (an edition of Windows 10 that is designed for HoloLens), and in the [Commercial Suite](hololens-commercial-features.md), which provides extra features designed for business.
+
+When you purchase the Commercial Suite, you receive a license that upgrades Windows Holographic to Windows Holographic for Business. You can apply this license to the device either by using the organization's [mobile device management (MDM) provider](#edition-upgrade-by-using-mdm) or a [provisioning package](#edition-upgrade-by-using-a-provisioning-package).
+
+> [!TIP]
+> In Windows 10, version 1803, you can check that the HoloLens has been upgraded to the business edition by selecting **Settings** > **System**.
+
+## Edition upgrade by using MDM
+
+The enterprise license can be applied by any MDM provider that supports the [WindowsLicensing configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/dn904983.aspx). The latest version of the Microsoft MDM API will support WindowsLicensing CSP.
+
+For step-by-step instructions for upgrading HoloLens by using Microsoft Intune, see [Upgrade devices running Windows Holographic to Windows Holographic for Business](https://docs.microsoft.com/intune/holographic-upgrade).
+
+ On other MDM providers, the specific steps for setting up and deploying the policy might vary.
+
+## Edition upgrade by using a provisioning package
+
+Provisioning packages are files created by the Windows Configuration Designer tool that apply a specified configuration to a device.
+
+### Create a provisioning package that upgrades the Windows Holographic edition
+
+1. [Create a provisioning package for HoloLens.](hololens-provisioning.md)
+1. Go to **Runtime settings** > **EditionUpgrade**, and select **EditionUpgradeWithLicense**.
+
+ 
+
+1. Find the XML license file that was provided when you purchased the Commercial Suite.
+
+ > [!NOTE]
+ > You can configure [additional settings in the provisioning package](hololens-provisioning.md).
+
+1. On the **File** menu, select **Save**.
+
+1. Read the warning that project files may contain sensitive information and click **OK**.
+
+ > [!IMPORTANT]
+ > When you build a provisioning package, you may include sensitive information in the project files and provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when no longer needed.
+
+1. On the **Export** menu, select **Provisioning package**.
+
+1. Change **Owner** to **IT Admin**, which sets the precedence of this provisioning package to be higher than others applied to this device from different sources, and then select **Next**.
+
+1. Set a value for **Package Version**.
+
+ > [!TIP]
+ > You can make changes to existing packages and change the version number to update previously applied packages.
+
+1. On **Select security details for the provisioning package**, select **Next**.
+
+1. Select **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
+
+ Optionally, you can select **Browse** to change the default output location.
+
+1. Select **Next**.
+
+1. Select **Build** to start building the package. The build page displays the project information, and the progress bar indicates the build status.
+
+1. When the build completes, select **Finish**.
+
+### Apply the provisioning package to HoloLens
+
+1. Using the USB cable, connect the device to a PC. Start the device, but do not continue past the **fit** page of the initial setup experience (the first page with the blue box). On the PC, HoloLens shows up as a device in File Explorer.
+
+ > [!NOTE]
+ > If the HoloLens device is running Windows 10, version 1607 or earlier, open File Explorer by briefly pressing and releasing the **Volume Down** and **Power** buttons simultaneously on the device.
+
+1. In File Explorer, drag and drop the provisioning package (.ppkg) onto the device storage.
+
+1. While HoloLens is still on the **fit** page, briefly press and release the **Volume Down** and **Power** buttons simultaneously again.
+
+1. HoloLens asks you if you trust the package and would like to apply it. Confirm that you trust the package.
+
+1. You will see whether the package was applied successfully or not. If it was not applied successfully, you can fix your package and try again. If successful, proceed with device setup.
diff --git a/devices/hololens/hololens2-basic-usage.md b/devices/hololens/hololens2-basic-usage.md
new file mode 100644
index 0000000000..59426de18e
--- /dev/null
+++ b/devices/hololens/hololens2-basic-usage.md
@@ -0,0 +1,192 @@
+---
+title: Getting around HoloLens 2
+description: A guide to using HoloLens 2 with your hands
+ms.assetid: 5f791a5c-bdb2-4c5d-bf46-4a198de68f21
+ms.date: 9/17/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens 2
+---
+
+# Getting around HoloLens 2
+
+Ready to explore the world of holograms?
+
+This guide provides an intro to:
+
+- Interacting with mixed reality
+- Using your hands and voice for interacting with holograms on HoloLens 2
+- Navigating Windows 10 on HoloLens (Windows Holographic)
+
+## Discover mixed reality
+
+On HoloLens, holograms blend the digital world with your physical environment to look and sound like they're part of your world. Even when holograms are all around you, you can always see your surroundings, move freely, and interact with people and objects. We call this experience "mixed reality".
+
+The holographic frame positions your holograms where your eyes are most sensitive to detail and the see-through lenses leave your peripheral vision clear. With spatial sound, you can pinpoint a hologram by listening, even if it’s behind you. And, because HoloLens understands your physical environment, you can place holograms on and around real objects such as tables and walls.
+
+Getting around HoloLens is a lot like using your smart phone. You can use your hands to touch and manipulate holographic windows, menus, and buttons.
+
+Once you know these basic interactions, getting around on HoloLens will be a snap.
+
+> [!TIP]
+> If you have a HoloLens near you right now, the **Tips** app provides literal hands-on tutorials for hand interactions on HoloLens.
+> Use the start gesture to go to **Start** or say "Go to Start" and select **Tips**.
+
+## The hand-tracking frame
+
+HoloLens has sensors that can see a few feet to either side of you. When you use your hands, you'll need to keep them inside that frame, or HoloLens won't see them. However, the frame moves with you as you move around.
+
+
+
+## Touch holograms near you
+
+When a hologram is near you, bring your hand close to it and a white ring should appear on the tip of your index finger. This is the **touch cursor** which helps you touch and interact with holograms with precision. To **select** something, simply **tap** it with the touch cursor. **Scroll** content by **swiping** on the surface of the content with your finger, just like you're using a touch screen.
+
+To **grab** a hologram near you, pinch your **thumb** and **index finger** together on the hologram and hold. To let go, release your fingers. Use this **grab gesture** to move, resize, and rotate 3D objects and app windows in mixed reality home.
+
+To bring up a **context menu**, like the ones you'll find on an app tile in the Start menu, **tap and hold** like you do on a touch screen.
+
+## Use hand ray for holograms out of reach
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZOum]
+
+When there are no holograms near your hands, the **touch cursor** will hide automatically and **hand rays** will appear from the palm of your hands. Hand rays allow you to interact with holograms from a distance.
+
+> [!TIP]
+> If you find hand rays distracting, you can hide them by saying “Hide hand rays”. To make them reappear, say "Show hand rays."
+
+### Select using air tap
+
+To select something using **hand ray**, follow these steps:
+
+1. Use a hand ray from your palm to target the item. You don't need to raise your entire arm, you can keep your elbow low and comfortable.
+1. Point your index finger straight up toward the ceiling.
+1. To perform the **air tap** gesture, pinch your thumb and index finger together and then quickly release them.
+
+ 
+
+### Grab using air tap and hold
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxnh]
+
+To grab a hologram or scroll app window content using **hand ray**, start with an **air tap**, but keep your fingers together instead of releasing them.
+
+Use **air tap and hold** to perform the following actions with hand ray:
+
+- **Scroll**. To scroll app window content, air tap and hold on the content and then move your hand ray up and down or side to side.
+- **Grab**. To grab an app window or hologram, target the app title bar or hologram with your hand ray and then air tap and hold.
+- **Open context menus**. To open context menus, air tap and hold with your hand ray.
+
+## Start gesture
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3Wxng]
+
+The Start gesture opens the **Start menu**. To perform the Start gesture, hold out your hand with your palm facing you. You’ll see a **Start icon** appear over your inner wrist. Tap this icon using your other hand. The Start menu will open **where you’re looking**.
+
+> [!TIP]
+>
+> - You can use the Start gesture as long as your hands are inside the hand-tracking frame. You do not need to be looking down at the Start icon. Keep your elbow low and comfortable, and look in the direction where you want the Start menu to open.
+> - If the Start menu didn't open at the position you want, simply move your head around to reposition it.
+> - If you have trouble reading the smaller text on the Start menu, step closer to it after it opens.
+> - If your hand is slightly off to the side of the frame, you may still be able to view the Start menu by tapping your inner wrist, even if you don't see the icon.
+
+
+
+To **close** the Start menu, do the Start gesture when the Start menu is open. You can also look at the Start menu and say "Close".
+
+### One-handed Start gesture
+
+> [!IMPORTANT]
+> For the one-handed Start gesture to work:
+>
+> 1. You must update to the November 2019 update (build 18363.1039) or later.
+> 1. Your eyes must be calibrated on the device so that eye tracking functions correctly. If you do not see orbiting dots around the Start icon when you look at it, your eyes are not [calibrated](https://docs.microsoft.com/hololens/hololens-calibration#calibrating-your-hololens-2) on the device.
+
+You can also perform the Start gesture with only one hand. To do this, hold out your hand with your palm facing you and look at the **Start icon** on your inner wrist. **While keeping your eye on the icon**, pinch your thumb and index finger together.
+
+
+
+## Start menu, mixed reality home, and apps
+
+Ready to put all these hand interactions to the test?!
+
+You'll find your installed apps in the [Start menu](holographic-home.md) and you can find additional apps for HoloLens in the [Microsoft Store](holographic-store-apps.md).
+
+Just as Windows PC always starts its experience at the desktop, HoloLens always starts in **mixed reality home** when turned on. Using the Start menu, you can open and place app windows, as well as app launchers and 3D content in mixed reality home. Their placements in your physical space will be remembered by HoloLens.
+
+Open the **Start menu**, then select the **Settings** app tile. An app window will open in front of you.
+
+Settings is an example of a HoloLens app that uses a 2D **app window**. It's very similar to a Windows application on PC.
+
+Now you can open the **Start menu** again and select the **Tips** app tile. A 3D **app launcher** for the app will appear in front of you. To open the app, you need to select the **play** button on the launcher.
+
+Tips is an example of an **immersive app**. An immersive app takes you away from mixed reality home when it runs and becomes the only app you see. To exit, you need to bring up the Start menu and select the **mixed reality home** button at the bottom.
+
+[Go here to learn more](holographic-home.md) about Start menu and mixed reality home, including info on how to use and manage apps on HoloLens 2.
+
+## Move, resize, and rotate holograms
+
+In mixed reality home you can move, resize, and rotate app windows and 3D objects using your hands, hand ray and voice commands.
+
+### Moving holograms
+
+Move a hologram or app by following these steps:
+
+1. Grab the hologram by pinching your index finger and thumb on the hologram or face your hand down and then close your fist over it. Grab a 3D hologram anywhere inside its blue bounding box. For an app window, grab its title bar.
+1. Without letting go, move your hand to position the hologram. When moving an app window this way, the app window automatically turns to face you as it moves, making it easier to use at its new position.
+1. Release your fingers to place it.
+
+### Resizing holograms
+
+> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE3ZYIb]
+
+Grab and use the **resize handles** that appear on the corners of 3D holograms and app windows to resize them.
+
+For an app window, when resized this way the window content correspondingly increases in size and becomes easier to read.
+
+If you want to resize an app window so that **more content** appears in the window, use the resize handles located on the sides and bottom edges of the app window.
+
+There are two ways to resize a hologram that's further away from you. You can either grab two corners of the hologram, or use the resize controls.
+
+### Rotating holograms
+
+For 3D holograms, grab and use the rotate handles that appear on the vertical edges of the bounding box.
+
+For app windows, moving an app window will cause it to automatically rotate and face you.
+
+You can also grab a 3D hologram or app window with **both hands** (or hand ray) at once and then:
+
+- Move your hands closer together or further apart to resize the hologram.
+- Move your hands closer and further away from your body to rotate the hologram.
+
+### Follow me, stop following
+
+Holograms and app windows stay where you placed them in the world. That's not always convenient if you need to move around and you want an application to stay visible. To ask an app to start or stop following you, select **Follow me** in the top right corner of the app window (next to the **Close** button). An app window that is following you will also follow you into, an out of, an immersive app.
+
+## Use HoloLens with your voice
+
+You can use your voice to do most of the same things you do with hands on HoloLens, like taking a quick photo or opening an app.
+
+| To do this | Say this |
+| - | - |
+| Open the Start menu | "Go to Start" |
+| Select | Say "select" to bring up the gaze cursor. Then, turn your head to position the cursor on the thing you want to select, and say “select” again. |
+| See available speech commands | "What can I say?" |
+
+ [See more voice commands and ways to use speech with HoloLens](hololens-cortana.md)
+
+## Next steps
+
+Congratulations! You're ready to use HoloLens 2!
+
+Now you can configure your HoloLens 2 to meet your specific needs. Other things you may want to try include:
+
+- [Connecting bluetooth devices like a mouse and keyboard](hololens-connect-devices.md)
+- [Installing apps from the store](holographic-store-apps.md)
+- [Sharing your HoloLens with other people](hololens-multiple-users.md)
diff --git a/devices/hololens/hololens2-fit-comfort-faq.md b/devices/hololens/hololens2-fit-comfort-faq.md
new file mode 100644
index 0000000000..e97e03f502
--- /dev/null
+++ b/devices/hololens/hololens2-fit-comfort-faq.md
@@ -0,0 +1,69 @@
+---
+title: HoloLens 2 fit and comfort FAQ
+description: Answers to frequently asked questions about how to fit your HoloLens 2.
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+audience: ItPro
+ms.localizationpriority: high
+ms.date: 11/07/2019
+ms.reviewer: jarrettr
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# HoloLens 2 fit and comfort frequently asked questions
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+For step-by-step instructions and a video about putting on and adjusting your device, see [Get your HoloLens 2 ready to use](hololens2-setup.md).
+
+> [!NOTE]
+> The fit and comfort tips in this topic are meant only as general guidance—they don't replace any laws or regulations, or your good judgment when using HoloLens. Stay safe, and have fun!
+
+Here are some tips on how to stay comfortable and have the best experience using your HoloLens.
+
+## I'm experiencing discomfort when I use my device. What should I do?
+
+If you experience discomfort, take a break until you feel better. Try sitting in a well-lit room and relaxing for a bit. The next time your use your HoloLens, try using it for a shorter period of time at first.
+
+For more information, see [Health and safety on HoloLens](https://go.microsoft.com/fwlink/p/?LinkId=746661).
+
+## I can't see the whole holographic frame, or my holograms are cut off
+
+To see the top edge of the holographic frame, move the device so it sits higher on your head, or angle the headband up slightly in front. To see the bottom edge, move the device to sit lower on your head, or angle the headband down slightly in front. If the left or right edge of the view frame isn't visible, make sure the HoloLens visor is centered on your forehead.
+
+## I need to look up or down to see holograms
+
+Try adjusting the position of your device visor so the holographic frame matches your natural gaze. Here's how:
+
+- **If you need to look up to see holograms**. First, shift the back of the headband a bit higher on your head. Then use one hand to hold the headband in place and the other to gently rotate the visor so you have a good view of the holographic frame.
+- **If you need to look down to see holograms**. First, shift the back of the headband a bit lower on your head. Then place your thumbs under the device arms and your index fingers on top of the headband, and gently squeeze with your thumbs to rotate the visor so you have a good view of the holographic frame.
+
+## Hologram image color or brightness does not look right
+
+For HoloLens 2, take the following steps to ensure the highest visual quality of holograms presented in displays:
+
+- **Increase brightness of the display.** Holograms look best when the display is at its brightest level.
+- **Bring visor closer to your eyes.** Swing the visor down to the closest position to your eyes.
+- **Shift visor down.** Try moving the brow pad on your forehead down, which will result in the visor moving down closer to your nose.
+- **Run eye calibration.** The display uses your IPD and eye gaze to optimize images on the display. If you don't run eye calibration, the image quality may be made worse.
+
+## The device slides down when I'm using it, or I need to make the headband too tight to keep it secure
+
+The overhead strap can help keep your HoloLens secure on your head, particularly if you're moving around a lot. The strap may also let you loosen the headband a bit. [Learn how to use it](hololens2-setup.md#adjust-fit).
+
+You can also experiment with the positioning of the headband—depending on your head size and shape, you may need to slide it up or down to reposition it on your forehead.
+
+## How can I adjust HoloLens to fit with my glasses?
+
+To accommodate eyewear, you can tilt the visor.
+
+## My arm gets tired when I use gestures. What can I do?
+
+When using gestures, there's no need to extend your arm out far from your body. Keep it closer to your side, where it's more comfortable and will get less tired. You can also use hand rays to interact with holograms without raising your arms [Learn more about gestures and hand rays](hololens2-basic-usage.md#the-hand-tracking-frame).
+
+And be sure to try out [voice commands](hololens-cortana.md).
diff --git a/devices/hololens/hololens2-hardware.md b/devices/hololens/hololens2-hardware.md
new file mode 100644
index 0000000000..ca62dbf852
--- /dev/null
+++ b/devices/hololens/hololens2-hardware.md
@@ -0,0 +1,162 @@
+---
+title: HoloLens 2 hardware
+description: An outline of the components that make up Microsoft HoloLens 2, the latest evolution of Microsoft's fully untethered holographic computer running Windows 10.
+ms.assetid: 651d0430-bfbc-4685-a4fd-db7c33ce9325
+ms.date: 9/17/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens 2
+---
+
+# HoloLens 2 hardware
+
+
+
+Microsoft HoloLens 2 is an untethered holographic computer. It refines the holographic computing journey started by HoloLens (1st gen) to provide a more comfortable and immersive experience paired with more options for collaborating in mixed reality.
+
+## HoloLens components
+
+- **Visor**. Contains the HoloLens sensors and displays. You can rotate the visor up while wearing the HoloLens.
+- **Headband**. To put the HoloLens on, use the adjustment wheel to expand the headband. With the HoloLens in place, tighten the adjustment wheel by turning to the right, until the headband is comfortable.
+- **Brightness buttons**. When wearing the HoloLens, the brightness buttons are on the left side of the device.
+- **Volume buttons**. When wearing the HoloLens, the volume buttons are on the right side of the device.
+
+## In the box
+
+- **Brow pad**. You can remove and replace the brow pad, as needed.
+- **Overhead strap**. When you're wearing the HoloLens while moving around, use the overhead strap to help keep the device in place. When wearing the HoloLens for extended periods, the overhead strap may make the device more comfortable to wear.
+- **USB-C cable**. Use the USB-C cable to connect your HoloLens to the power supply for charging, or to connect your HoloLens to your computer.
+- **Power supply**. Plugs into a power outlet.
+- **Microfiber cloth**. Use to clean your HoloLens visor.
+
+### Power Supply details
+
+The power supply and the USB cable that come with the device are the best supported mechanism for charging. The power supply is an 18W charger. It's supplies 9V at 2A.
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
+In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger.
+
+## Device specifications
+
+### Display
+
+| | |
+| - | - |
+| Optics | See-through holographic lenses (waveguides) |
+| Holographic resolution | 2k 3:2 light engines |
+| Holographic density | >2.5k radiants (light points per radian) |
+| Eye-based rendering | Display optimization for 3D eye position |
+
+### Sensors
+
+| | |
+| - | - |
+| Head tracking | 4 visible light cameras |
+| Eye tracking | 2 Infrared (IR) cameras |
+| Depth | 1-MP Time-of-Flight depth sensor |
+| Inertial measurement unit (IMU) | Accelerometer, gyroscope, magnetometer |
+| Camera | 8-MP stills, 1080p30 video |
+
+### Audio and speech
+
+| | |
+| - | - |
+| Microphone array | 5 channels |
+| Speakers | Built-in spatial sound |
+
+### Compute and connectivity
+
+| | |
+| - | - |
+| System on chip | Qualcomm Snapdragon 850 Compute Platform [details](https://www.qualcomm.com/products/snapdragon-850-mobile-compute-platform) |
+| Holographic processing unit | Second-generation custom-built holographic processing unit |
+| Memory | 4-GB LPDDR4x system DRAM |
+| Storage | 64-GB UFS 2.1 |
+| WiFi | 802.11ac 2x2 |
+| Bluetooth | 5.0 |
+| USB | USB Type-C |
+
+### Power
+
+| | |
+| - | - |
+| Battery Life | 2-3 hours of active use. Up to 2 weeks of standby time. |
+| Battery technology | [Lithium batteries](https://www.microsoft.com/download/details.aspx?id=43388) |
+| Charging behavior | Fully functional when charging |
+| Cooling type | Passively cooled (no fans) |
+| Power draw | In order to maintain/advance Internal Battery Charge Percentage while the device is on, it must be connected minimum to a 15W charger. |
+
+### Fit
+
+| | |
+| - | - |
+| Sizing | Single size with adjustable band. Fits over eyeglasses |
+| Weight | 566 grams |
+
+## Device capabilities
+
+### Human understanding
+
+| | |
+| - | - |
+| Hand tracking | Two-handed fully articulated model, direct manipulation |
+| Eye tracking | Real-time tracking |
+| Voice | Command and control on-device; Cortana natural language with internet connectivity |
+
+### Environment understanding
+
+| | |
+| - | - |
+| Six Degrees of Freedom (6DoF) tracking | World-scale positional tracking |
+| Spatial mapping | Real-time environment mesh |
+| Mixed reality capture | Mixed hologram and physical environment photos and videos |
+
+## Pre-installed software
+
+- Windows Holographic Operating System
+- Microsoft Edge
+- Dynamics 365 Remote Assist
+- Dynamics 365 Layout
+- Dynamics 365 Guides
+- 3D Viewer
+- OneDrive for Business
+- HoloLens Tips
+- Cortana
+
+## Device certifications
+
+### Safety
+
+HoloLens 2 has been tested and conforms to the basic impact protection requirements of ANSI Z87.1, CSA Z94.3 and EN 166.
+
+## Care and cleaning
+
+Handle your HoloLens carefully. Use the headband to lift and carry the HoloLens 2.
+
+As you would for eyeglasses or protective eye-wear, try to keep the HoloLens visor free of dust and fingerprints. When possible, avoid touching the visor. Repeated cleaning could damage the visor, so keep your device clean!
+
+Don't use any cleaners or solvents on your HoloLens, and don't submerge it in water or apply water directly to it.
+
+To clean the visor, remove any dust by using a camel or goat hair lens brush or a bulb-style lens blower. Lightly moisten the microfiber cloth with a small amount of distilled water, then use it to wipe the visor gently in a circular motion.
+
+Clean the rest of the device, including the headband and device arms, with a lint-free microfiber cloth moistened with mild soap and water. Let your HoloLens dry completely before reuse.
+
+
+
+### Replace the brow pad
+
+The brow pad is magnetically attached to the device. To detach it, pull gently away. To replace it, snap it back into place.
+
+
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Set up and start your HoloLens 2](hololens2-setup.md)
diff --git a/devices/hololens/hololens2-language-support.md b/devices/hololens/hololens2-language-support.md
new file mode 100644
index 0000000000..9c56ec9d8c
--- /dev/null
+++ b/devices/hololens/hololens2-language-support.md
@@ -0,0 +1,73 @@
+---
+title: Supported languages for HoloLens 2
+description:
+ms.prod: hololens
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+ms.date: 9/12/2019
+audience: ITPro
+ms.reviewer: jarrettr
+manager: jarrettr
+appliesto:
+- HoloLens 2
+---
+
+# Supported languages for HoloLens 2
+
+HoloLens 2 supports the following languages, including voice commands and dictation features, keyboard layouts, and OCR recognition within apps.
+
+- Chinese Simplified (China)
+- English (Australia)
+- English (Canada)
+- English (Great Britain)
+- English (United States)
+- French (Canada)
+- French (France)
+- German (Germany)
+- Italian (Italy)
+- Japanese (Japan)
+- Spanish (Spain)
+
+HoloLens 2 is also available in the following languages. However, this support does not include speech commands or dictation features.
+
+- Chinese Traditional (Taiwan and Hong Kong)
+- Dutch (Netherlands)
+- Korean (Korea)
+
+## Changing language or keyboard
+
+The setup process configures your HoloLens for a region and language. You can change this configuration by using the **Time & language** section of **Settings**.
+
+> [!NOTE]
+> Your speech and dictation language depends on the Windows display language.
+
+## To change the Windows display language
+
+1. Go to the **Start** menu, and then select **Settings** > **Time and language** > **Language**.
+2. Select **Windows display language**, and then select a language.
+
+If the supported language you’re looking for is not in the menu, follow these steps:
+
+1. Under **Preferred languages** select **Add a language**.
+2. Search for and add the language.
+3. Select the **Windows display language** menu again and choose the language you added.
+
+The Windows display language affects the following settings for Windows and for apps that support localization:
+
+- The user interface text language.
+- The speech language.
+- The default layout of the on-screen keyboard.
+
+## To change the keyboard layout
+
+To add or remove a keyboard layout, open the **Start** menu and then select **Settings** > **Time & language** > **Keyboard**.
+
+If your HoloLens has more than one keyboard layout, use the **Layout** key to switch between them. The **Layout** key is in the lower right corner of the on-screen keyboard.
+
+> [!NOTE]
+> The on-screen keyboard can use Input Method Editor (IME) to enter characters in languages such as Chinese. However, HoloLens does not support external Bluetooth keyboards that use IME.
+>
+> While you use IME with the on-screen keyboard, you can continue to use a Bluetooth keyboard to type in English. To switch between keyboards, press ~.
diff --git a/devices/hololens/hololens2-setup.md b/devices/hololens/hololens2-setup.md
new file mode 100644
index 0000000000..79189a7cf6
--- /dev/null
+++ b/devices/hololens/hololens2-setup.md
@@ -0,0 +1,120 @@
+---
+title: Prepare a new HoloLens 2
+description: This guide walks through first time set up and hardware guide.
+keywords: hololens, lights, fit, comfort, parts
+ms.assetid: 02692dcf-aa22-4d1e-bd00-f89f51048e32
+ms.date: 9/17/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens 2
+---
+
+# Get your HoloLens 2 ready to use
+
+The procedures below will help you set up a HoloLens 2 for the first time.
+
+## Charge your HoloLens
+
+Connect the power supply to the charging port by using the USB-C cable (included). Plug the power supply into a power outlet. The power supply and USB-C-to-C cable that come with the device are the best way to charge your HoloLens 2. The charger supplies 18W of power (9V at 2A).
+
+Charging rate and speed may vary depending on the environment in which the device is running.
+
+- When the device is charging, the battery indicator lights up to indicate the current level of charge. The last light will fade in and out to indicate active charging.
+- When your HoloLens is on, the battery indicator displays the battery level in increments.
+- When only one of the five lights is on, the battery level is below 20 percent.
+- If the battery level is critically low and you try to turn on the device, one light will blink briefly, then go out.
+
+## Adjust fit
+
+Place the HoloLens 2 on your head. If you wear eyeglasses, leave them on. The brow pad should sit comfortably on your forehead and the back band should sit in the middle-back of your head.
+
+If necessary, extend the headband by turning the adjustment wheel, and then loosen the overhead strap.
+
+
+
+### Attach and detach the overhead strap
+
+The overhead strap isn't required, but it can make wearing HoloLens 2 more comfortable during long periods of use.
+
+To detach the front of the overhead strap, unhook the strap and slide it through the retractable loop on the brow pad. To reattach it, pull out the loop and slide the strap back through.
+
+To detach the back of the overhead strap, press the button below each connection tab and pull gently. To reattach it, push the connection tabs back into the slots until they click.
+
+
+
+## Turn on the HoloLens 2
+
+To turn on your HoloLens 2, press the Power button. The LED lights below the Power button display the battery level.
+
+> [!NOTE]
+> To power on HoloLens 2 for the very first time, after unboxing, press and hold the power button for at least 4 seconds to turn it on. Next time you power on HoloLens 2, it’ll start after a short power button press.
+
+### Power button actions for different power transitions
+
+| To do this | Perform this action | The HoloLens 2 will do this |
+| - | - | - |
+| To turn on | Single button press. | All five lights turn on, then change to indicate the battery level. After four seconds, a sound plays. |
+| To sleep | Single button press. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
+| To wake from sleep | Single button press. | All five lights turn on, then change to indicate the battery level. A sound immediately plays. |
+| To turn off | Press and hold for 5s. | All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
+| To force the Hololens to restart if it is unresponsive | Press and hold for 10s. | All five lights turn on, then fade off one at a time. After the lights turn off. |
+
+## HoloLens behavior reference
+
+Not sure what the indicator lights on your HoloLens mean? Want to know how HoloLens should behave while charging? Here's some help!
+
+### Charging behavior
+
+| State of the Device | Action | HoloLens 2 will do this |
+| - | - | - |
+| OFF | Plug in USB Cable | Device transitions to ON with indicator lights showing battery level and device starts charging.
+| ON | Remove USB Cable | Device stops charging
+| ON | Plug in USB Cable | Device starts charging
+| SLEEP | Plug in USB Cable | Device starts charging
+| SLEEP | Remove USB Cable | Device stops charging
+| ON with USB cable plugged in | Turn off Device | Device transitions to ON with indicator lights showing battery level and device will start charging |
+
+### Lights that indicate the battery level
+
+| Number of lights | Battery level |
+| - | - |
+| Four solid lights, one light fading in and out | Between 100% and 81% (fully charged) |
+| Three solid lights, one light fading in and out | Between 80% and 61% |
+| Two solid lights, one light fading in and out | Between 60% and 41% |
+| One solid light, one light fading in and out | Between 40% and 21% |
+| One light fading in and out | Between 20% and 5% or lower (critical battery) |
+
+### Sleep Behavior
+
+| State of the Device | Action | HoloLens 2 will do this |
+| - | - | - |
+| ON | Single Power button press | Device transitions to SLEEP and turns off all indicator lights |
+| ON | No movement for 3 minutes | Device transition to SLEEP and turns off all indicator lights |
+| SLEEP | Single Power button Press | Device transitions to ON and turns on indicator lights |
+
+### Lights to indicate problems
+
+| When you do this | The lights do this | It means this |
+| - | - | - |
+| You press the Power button. | One light flashes five times, then turns off. | The HoloLens battery is critically low. Charge your HoloLens. |
+| You press the Power button. | All five lights flash five times, then turn off. | HoloLens cannot start correctly and is in an error state. [Reinstall the operating system](hololens-recovery.md) to recover your device. |
+| You press the Power button. | The 1st, 3rd, and 5th lights flash together continually. | HoloLens may have a hardware failure. To be sure, [reinstall the OS](hololens-recovery.md#hololens-2), and try again. After reinstalling the OS, if the light-flash pattern persists, contact [support](https://support.microsoft.com/en-us/supportforbusiness/productselection?sapid=3ec35c62-022f-466b-3a1e-dbbb7b9a55fb). |
+
+## Safety and comfort
+
+### Use HoloLens in safe surroundings
+
+Use your HoloLens in a safe space, free of obstructions and tripping hazards. Don’t use it when you need a clear field of view or can't commit your full attention, such as while you’re operating a vehicle or doing other potentially hazardous activities.
+
+### Stay comfortable
+
+Keep your first few sessions with HoloLens brief and be sure to take breaks. If you experience discomfort, stop and rest until you feel better. This might include temporary feelings of nausea, motion sickness, dizziness, disorientation, headache, fatigue, eye strain, or dry eyes.
+
+> [!div class="nextstepaction"]
+> [Start and configure your HoloLens 2](hololens2-start.md)
diff --git a/devices/hololens/hololens2-start.md b/devices/hololens/hololens2-start.md
new file mode 100644
index 0000000000..78d3697f03
--- /dev/null
+++ b/devices/hololens/hololens2-start.md
@@ -0,0 +1,93 @@
+---
+title: Set up your HoloLens 2
+description: This guide walks through first time set up. You'll need a Wi-Fi network and either a Microsoft (MSA) or Azure Active Directory (AAD) account.
+ms.assetid: 507305f4-e85a-47c5-a055-a3400ae8a10e
+ms.date: 9/17/2019
+keywords: hololens
+ms.prod: hololens
+ms.sitesec: library
+author: scooley
+ms.author: scooley
+ms.topic: article
+ms.localizationpriority: high
+appliesto:
+- HoloLens 2
+---
+
+# Set up your HoloLens 2
+
+The first time you turn on your HoloLens, you'll be guided through setting up your device, signing in with a user account, and calibrating the HoloLens to your eyes. This section walks through the HoloLens 2 initial setup experience.
+
+In the next section, you'll learn how to work with HoloLens and interact with holograms. To skip ahead to that article, see [Get started with HoloLens 2](hololens2-basic-usage.md).
+
+## Before you start
+
+Before you get started, make sure you have the following available:
+
+**A network connection**. You'll need to connect your HoloLens to a network to set it up. With HoloLens 2, you can connect with Wi-Fi or by using ethernet (you'll need a USB-C-to-Ethernet adapter). The first time you connect, you'll need an open or password-protected network that doesn't require navigating to a website or using certificates to connect. [Learn more about the websites that HoloLens uses](hololens-offline.md).
+
+**A Microsoft account**. You'll also need to sign in to HoloLens with a Microsoft account (or with your work account, if your organization owns the device). If you don't have a Microsoft account, go to [account.microsoft.com](https://account.microsoft.com) and set one up for free.
+
+**A safe, well-lit space with no tripping hazards**. [Health and safety info](https://go.microsoft.com/fwlink/p/?LinkId=746661).
+
+**The optional comfort accessories** that came with your HoloLens, to help you get the most comfortable fit. [More on fit and comfort](hololens2-setup.md#adjust-fit).
+
+## Set up Windows
+
+The first time you start your HoloLens 2, your first task is to set up Windows Holographic. When you start your HoloLens, you will hear music and see a Windows logo.
+
+
+
+HoloLens 2 will walk you through the following steps:
+
+1. Select your language.
+ 
+
+1. Select your region.
+ 
+
+1. Calibrate HoloLens to your eyes. If you choose to skip calibration, you'll be prompted the next time you log in.
+
+ To calibrate, you'll look at a set of targets (referred to as gems). It's fine if you blink or close your eyes during calibration, but try not to stare at other objects in the room or physical space. HoloLens uses this process to learn about your eye position so that it can better render your holographic world. After calibration, holograms will appear correctly even as the visor shifts on your head.
+
+ Calibration information is stored locally on the device and is not associated with any account information. For more information, see [Calibration data and security](hololens-calibration.md#calibration-data-and-security).
+
+ 
+
+1. Connect to the internet (select Wi-Fi or your ethernet connection).
+ HoloLens sets your time zone automatically based on information obtained from the Wi-Fi network. After setup finishes, you can change the time zone by using the Settings app.
+
+ 
+> [!NOTE]
+> If you progress past the Wi-Fi step and later need to switch to a different network while still in setup, you can press the **Volume Down** and **Power** buttons simultaneously to return to this step if you are running an OS version from October 2019 or later. For earlier versions, you may need to [reset the device](hololens-recovery.md) or restart it in a location where the Wi-Fi network is not available to prevent it from automatically connecting.
+>
+> Also note that during HoloLens Setup, there is a credential timeout of two minutes. The username/password needs to be entered within two minutes otherwise the username field will be automatically cleared.
+
+1. Sign in to your user account. You'll choose between **My work or school owns it** and **I own it**.
+ - When you choose **My work or school owns it**, you sign in with an Azure AD account. If your organization uses Azure AD Premium and has configured automatic MDM enrollment, HoloLens automatically enrolls in MDM. If your organization does not use Azure AD Premium, automatic MDM enrollment isn't available. In that case, you need to [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app).
+ 1. Enter your organizational account information.
+ 1. Accept the privacy statement and the end user license agreement.
+ 1. Sign in by using your Azure AD credentials. This may redirect to your organization's sign-in page.
+ 1. Continue setting up the device.
+ - When you choose **I own it**, you sign in with a Microsoft account. After setup is complete, you can [manually enroll HoloLens in device management](hololens-enroll-mdm.md#enroll-through-settings-app).
+ 1. Enter your Microsoft account information.
+ 2. Enter your password. If your Microsoft account requires [two-step verification (2FA)](https://blogs.technet.microsoft.com/microsoft_blog/2013/04/17/microsoft-account-gets-more-secure/), complete the verification process.
+
+ 
+
+1. Select whether to enable speech on HoloLens 2, and whether to send diagnostic telemetry.
+ 
+
+1. Select your telemetry level. If you can, please enable Full telemetry. This information really helps the HoloLens engineering team.
+ 
+
+1. Learn how to use the start gesture on HoloLens 2.
+ 
+ 
+
+Congratulations! Setup is complete and you're ready to use HoloLens!
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Get started with HoloLens 2](hololens2-basic-usage.md)
diff --git a/devices/hololens/images/01-magic-moment.png b/devices/hololens/images/01-magic-moment.png
new file mode 100644
index 0000000000..0d55443b55
Binary files /dev/null and b/devices/hololens/images/01-magic-moment.png differ
diff --git a/devices/hololens/images/02-00-magic-moment.png b/devices/hololens/images/02-00-magic-moment.png
new file mode 100644
index 0000000000..ae76fb70ea
Binary files /dev/null and b/devices/hololens/images/02-00-magic-moment.png differ
diff --git a/devices/hololens/images/02-01-magic-moment-bird-intro.png b/devices/hololens/images/02-01-magic-moment-bird-intro.png
new file mode 100644
index 0000000000..ae76fb70ea
Binary files /dev/null and b/devices/hololens/images/02-01-magic-moment-bird-intro.png differ
diff --git a/devices/hololens/images/02-02-bird-palm.png b/devices/hololens/images/02-02-bird-palm.png
new file mode 100644
index 0000000000..fda1f3dcdd
Binary files /dev/null and b/devices/hololens/images/02-02-bird-palm.png differ
diff --git a/devices/hololens/images/02-03-bird-button.png b/devices/hololens/images/02-03-bird-button.png
new file mode 100644
index 0000000000..749a1ab6fc
Binary files /dev/null and b/devices/hololens/images/02-03-bird-button.png differ
diff --git a/devices/hololens/images/04-language.png b/devices/hololens/images/04-language.png
new file mode 100644
index 0000000000..1106322c29
Binary files /dev/null and b/devices/hololens/images/04-language.png differ
diff --git a/devices/hololens/images/05-region.png b/devices/hololens/images/05-region.png
new file mode 100644
index 0000000000..f350298813
Binary files /dev/null and b/devices/hololens/images/05-region.png differ
diff --git a/devices/hololens/images/06-et-corners.png b/devices/hololens/images/06-et-corners.png
new file mode 100644
index 0000000000..af48472f60
Binary files /dev/null and b/devices/hololens/images/06-et-corners.png differ
diff --git a/devices/hololens/images/07-et-adjust-for-your-eyes.png b/devices/hololens/images/07-et-adjust-for-your-eyes.png
new file mode 100644
index 0000000000..e127ba9a9d
Binary files /dev/null and b/devices/hololens/images/07-et-adjust-for-your-eyes.png differ
diff --git a/devices/hololens/images/07-et-hold-head-still.png b/devices/hololens/images/07-et-hold-head-still.png
new file mode 100644
index 0000000000..a4952767bf
Binary files /dev/null and b/devices/hololens/images/07-et-hold-head-still.png differ
diff --git a/devices/hololens/images/08-et-gems.png b/devices/hololens/images/08-et-gems.png
new file mode 100644
index 0000000000..8eaba193f0
Binary files /dev/null and b/devices/hololens/images/08-et-gems.png differ
diff --git a/devices/hololens/images/09-et-adjusting.png b/devices/hololens/images/09-et-adjusting.png
new file mode 100644
index 0000000000..038dcab588
Binary files /dev/null and b/devices/hololens/images/09-et-adjusting.png differ
diff --git a/devices/hololens/images/10-et-failure1.png b/devices/hololens/images/10-et-failure1.png
new file mode 100644
index 0000000000..249abff7f6
Binary files /dev/null and b/devices/hololens/images/10-et-failure1.png differ
diff --git a/devices/hololens/images/10-et-failure2.png b/devices/hololens/images/10-et-failure2.png
new file mode 100644
index 0000000000..f4b2f34334
Binary files /dev/null and b/devices/hololens/images/10-et-failure2.png differ
diff --git a/devices/hololens/images/10-et-success.png b/devices/hololens/images/10-et-success.png
new file mode 100644
index 0000000000..c74c89056e
Binary files /dev/null and b/devices/hololens/images/10-et-success.png differ
diff --git a/devices/hololens/images/11-network.png b/devices/hololens/images/11-network.png
new file mode 100644
index 0000000000..1fc3884721
Binary files /dev/null and b/devices/hololens/images/11-network.png differ
diff --git a/devices/hololens/images/12-agreement.png b/devices/hololens/images/12-agreement.png
new file mode 100644
index 0000000000..96695c1888
Binary files /dev/null and b/devices/hololens/images/12-agreement.png differ
diff --git a/devices/hololens/images/13-device-owner.png b/devices/hololens/images/13-device-owner.png
new file mode 100644
index 0000000000..fe66cd5386
Binary files /dev/null and b/devices/hololens/images/13-device-owner.png differ
diff --git a/devices/hololens/images/14-sign-in-msa.png b/devices/hololens/images/14-sign-in-msa.png
new file mode 100644
index 0000000000..c0e3aa4d9e
Binary files /dev/null and b/devices/hololens/images/14-sign-in-msa.png differ
diff --git a/devices/hololens/images/15-iris-enrollment.png b/devices/hololens/images/15-iris-enrollment.png
new file mode 100644
index 0000000000..6bda392726
Binary files /dev/null and b/devices/hololens/images/15-iris-enrollment.png differ
diff --git a/devices/hololens/images/16-iris-hold-head-still.png b/devices/hololens/images/16-iris-hold-head-still.png
new file mode 100644
index 0000000000..09205015c0
Binary files /dev/null and b/devices/hololens/images/16-iris-hold-head-still.png differ
diff --git a/devices/hololens/images/17-iris-dots.png b/devices/hololens/images/17-iris-dots.png
new file mode 100644
index 0000000000..2ac6119b89
Binary files /dev/null and b/devices/hololens/images/17-iris-dots.png differ
diff --git a/devices/hololens/images/18-iris-enrollment-done.png b/devices/hololens/images/18-iris-enrollment-done.png
new file mode 100644
index 0000000000..6405ab8581
Binary files /dev/null and b/devices/hololens/images/18-iris-enrollment-done.png differ
diff --git a/devices/hololens/images/19-pin-create.png b/devices/hololens/images/19-pin-create.png
new file mode 100644
index 0000000000..fd0c1ee5e8
Binary files /dev/null and b/devices/hololens/images/19-pin-create.png differ
diff --git a/devices/hololens/images/20-pin-setup.png b/devices/hololens/images/20-pin-setup.png
new file mode 100644
index 0000000000..752fc54e5c
Binary files /dev/null and b/devices/hololens/images/20-pin-setup.png differ
diff --git a/devices/hololens/images/201608-enterprisemanagement-400px.png b/devices/hololens/images/201608-enterprisemanagement-400px.png
new file mode 100644
index 0000000000..11c204f0f6
Binary files /dev/null and b/devices/hololens/images/201608-enterprisemanagement-400px.png differ
diff --git a/devices/hololens/images/201608-kioskmode-400px.png b/devices/hololens/images/201608-kioskmode-400px.png
new file mode 100644
index 0000000000..8d21453b8f
Binary files /dev/null and b/devices/hololens/images/201608-kioskmode-400px.png differ
diff --git a/devices/hololens/images/20190322-DevicePortal.png b/devices/hololens/images/20190322-DevicePortal.png
new file mode 100644
index 0000000000..7fdd2e34b3
Binary files /dev/null and b/devices/hololens/images/20190322-DevicePortal.png differ
diff --git a/devices/hololens/images/22-do-more-with-voice.png b/devices/hololens/images/22-do-more-with-voice.png
new file mode 100644
index 0000000000..2bf874c80d
Binary files /dev/null and b/devices/hololens/images/22-do-more-with-voice.png differ
diff --git a/devices/hololens/images/23-do-more-with-voice-learn.png b/devices/hololens/images/23-do-more-with-voice-learn.png
new file mode 100644
index 0000000000..b805befc49
Binary files /dev/null and b/devices/hololens/images/23-do-more-with-voice-learn.png differ
diff --git a/devices/hololens/images/24-telemetry.png b/devices/hololens/images/24-telemetry.png
new file mode 100644
index 0000000000..004d1d5dff
Binary files /dev/null and b/devices/hololens/images/24-telemetry.png differ
diff --git a/devices/hololens/images/25-telemetry-info.png b/devices/hololens/images/25-telemetry-info.png
new file mode 100644
index 0000000000..4c4075a68f
Binary files /dev/null and b/devices/hololens/images/25-telemetry-info.png differ
diff --git a/devices/hololens/images/26-01-startmenu-learning.png b/devices/hololens/images/26-01-startmenu-learning.png
new file mode 100644
index 0000000000..e24da1b854
Binary files /dev/null and b/devices/hololens/images/26-01-startmenu-learning.png differ
diff --git a/devices/hololens/images/26-02-startmenu-learning.png b/devices/hololens/images/26-02-startmenu-learning.png
new file mode 100644
index 0000000000..1a81a79178
Binary files /dev/null and b/devices/hololens/images/26-02-startmenu-learning.png differ
diff --git a/devices/hololens/images/26-03-startmenu-learning.png b/devices/hololens/images/26-03-startmenu-learning.png
new file mode 100644
index 0000000000..55d59d18f5
Binary files /dev/null and b/devices/hololens/images/26-03-startmenu-learning.png differ
diff --git a/devices/hololens/images/26-04-startmenu-learning.png b/devices/hololens/images/26-04-startmenu-learning.png
new file mode 100644
index 0000000000..b7d62f5650
Binary files /dev/null and b/devices/hololens/images/26-04-startmenu-learning.png differ
diff --git a/devices/hololens/images/B-Calibration-4-Gem.png b/devices/hololens/images/B-Calibration-4-Gem.png
new file mode 100644
index 0000000000..fbfd95cb32
Binary files /dev/null and b/devices/hololens/images/B-Calibration-4-Gem.png differ
diff --git a/devices/hololens/images/C-Settings.Calibration.png b/devices/hololens/images/C-Settings.Calibration.png
new file mode 100644
index 0000000000..d27f3d754c
Binary files /dev/null and b/devices/hololens/images/C-Settings.Calibration.png differ
diff --git a/devices/hololens/images/D-CheckThisOut-Prompt.png b/devices/hololens/images/D-CheckThisOut-Prompt.png
new file mode 100644
index 0000000000..a81a75a153
Binary files /dev/null and b/devices/hololens/images/D-CheckThisOut-Prompt.png differ
diff --git a/devices/hololens/images/FitGuideSetep5.png b/devices/hololens/images/FitGuideSetep5.png
new file mode 100644
index 0000000000..9529fe69b0
Binary files /dev/null and b/devices/hololens/images/FitGuideSetep5.png differ
diff --git a/devices/hololens/images/FitGuideStep1.png b/devices/hololens/images/FitGuideStep1.png
new file mode 100644
index 0000000000..846ef9fc0b
Binary files /dev/null and b/devices/hololens/images/FitGuideStep1.png differ
diff --git a/devices/hololens/images/FitGuideStep2.png b/devices/hololens/images/FitGuideStep2.png
new file mode 100644
index 0000000000..6ac59ff43b
Binary files /dev/null and b/devices/hololens/images/FitGuideStep2.png differ
diff --git a/devices/hololens/images/FitGuideStep3.png b/devices/hololens/images/FitGuideStep3.png
new file mode 100644
index 0000000000..e255da8f15
Binary files /dev/null and b/devices/hololens/images/FitGuideStep3.png differ
diff --git a/devices/hololens/images/FitGuideStep4.png b/devices/hololens/images/FitGuideStep4.png
new file mode 100644
index 0000000000..77e99f3d55
Binary files /dev/null and b/devices/hololens/images/FitGuideStep4.png differ
diff --git a/devices/hololens/images/HoloLens2_AppBarFollowing.gif b/devices/hololens/images/HoloLens2_AppBarFollowing.gif
new file mode 100644
index 0000000000..84d7f2589e
Binary files /dev/null and b/devices/hololens/images/HoloLens2_AppBarFollowing.gif differ
diff --git a/devices/hololens/images/HoloLens2_BoundingBox.gif b/devices/hololens/images/HoloLens2_BoundingBox.gif
new file mode 100644
index 0000000000..451bcae997
Binary files /dev/null and b/devices/hololens/images/HoloLens2_BoundingBox.gif differ
diff --git a/devices/hololens/images/HoloLens2_BoundingBox_Rotate.gif b/devices/hololens/images/HoloLens2_BoundingBox_Rotate.gif
new file mode 100644
index 0000000000..43a764a954
Binary files /dev/null and b/devices/hololens/images/HoloLens2_BoundingBox_Rotate.gif differ
diff --git a/devices/hololens/images/HoloLens2_Loader.gif b/devices/hololens/images/HoloLens2_Loader.gif
new file mode 100644
index 0000000000..81d8232494
Binary files /dev/null and b/devices/hololens/images/HoloLens2_Loader.gif differ
diff --git a/devices/hololens/images/HoloLens2_Proximity.gif b/devices/hololens/images/HoloLens2_Proximity.gif
new file mode 100644
index 0000000000..f39f326ea7
Binary files /dev/null and b/devices/hololens/images/HoloLens2_Proximity.gif differ
diff --git a/devices/hololens/images/aad-kioskmode.PNG b/devices/hololens/images/aad-kioskmode.PNG
new file mode 100644
index 0000000000..c058f25241
Binary files /dev/null and b/devices/hololens/images/aad-kioskmode.PNG differ
diff --git a/devices/hololens/images/addnewfeedback-500px.jpg b/devices/hololens/images/addnewfeedback-500px.jpg
new file mode 100644
index 0000000000..8948dd2dae
Binary files /dev/null and b/devices/hololens/images/addnewfeedback-500px.jpg differ
diff --git a/devices/hololens/images/azure-ad-image.PNG b/devices/hololens/images/azure-ad-image.PNG
new file mode 100644
index 0000000000..e0215265f6
Binary files /dev/null and b/devices/hololens/images/azure-ad-image.PNG differ
diff --git a/devices/hololens/images/calibration-livecube-200px.png b/devices/hololens/images/calibration-livecube-200px.png
new file mode 100644
index 0000000000..44b0142e40
Binary files /dev/null and b/devices/hololens/images/calibration-livecube-200px.png differ
diff --git a/devices/hololens/images/calibration-settings-500px.jpg b/devices/hololens/images/calibration-settings-500px.jpg
new file mode 100644
index 0000000000..0419f0307f
Binary files /dev/null and b/devices/hololens/images/calibration-settings-500px.jpg differ
diff --git a/devices/hololens/images/calibration-shell.png b/devices/hololens/images/calibration-shell.png
new file mode 100644
index 0000000000..f833452cc5
Binary files /dev/null and b/devices/hololens/images/calibration-shell.png differ
diff --git a/devices/hololens/images/cortana-on-hololens.png b/devices/hololens/images/cortana-on-hololens.png
new file mode 100644
index 0000000000..6205d3d2fd
Binary files /dev/null and b/devices/hololens/images/cortana-on-hololens.png differ
diff --git a/devices/hololens/images/deviceportal-appmanager.jpg b/devices/hololens/images/deviceportal-appmanager.jpg
new file mode 100644
index 0000000000..68576fcfc7
Binary files /dev/null and b/devices/hololens/images/deviceportal-appmanager.jpg differ
diff --git a/devices/hololens/images/displays-400px.jpg b/devices/hololens/images/displays-400px.jpg
new file mode 100644
index 0000000000..0ed5558bdc
Binary files /dev/null and b/devices/hololens/images/displays-400px.jpg differ
diff --git a/devices/hololens/images/feedback1-600px.png b/devices/hololens/images/feedback1-600px.png
new file mode 100644
index 0000000000..ba7cec37da
Binary files /dev/null and b/devices/hololens/images/feedback1-600px.png differ
diff --git a/devices/hololens/images/feedback2-600px.png b/devices/hololens/images/feedback2-600px.png
new file mode 100644
index 0000000000..89d44622a6
Binary files /dev/null and b/devices/hololens/images/feedback2-600px.png differ
diff --git a/devices/hololens/images/feedback3-600px.png b/devices/hololens/images/feedback3-600px.png
new file mode 100644
index 0000000000..0431687b55
Binary files /dev/null and b/devices/hololens/images/feedback3-600px.png differ
diff --git a/devices/hololens/images/feedback4-600px.png b/devices/hololens/images/feedback4-600px.png
new file mode 100644
index 0000000000..35594f2ca8
Binary files /dev/null and b/devices/hololens/images/feedback4-600px.png differ
diff --git a/devices/hololens/images/feedback5-600px.png b/devices/hololens/images/feedback5-600px.png
new file mode 100644
index 0000000000..967987d6ae
Binary files /dev/null and b/devices/hololens/images/feedback5-600px.png differ
diff --git a/devices/hololens/images/feedback6-600px.png b/devices/hololens/images/feedback6-600px.png
new file mode 100644
index 0000000000..431a4da9da
Binary files /dev/null and b/devices/hololens/images/feedback6-600px.png differ
diff --git a/devices/hololens/images/hololens-2-air-tap.gif b/devices/hololens/images/hololens-2-air-tap.gif
new file mode 100644
index 0000000000..9139718cdb
Binary files /dev/null and b/devices/hololens/images/hololens-2-air-tap.gif differ
diff --git a/devices/hololens/images/hololens-2-button-sleep.png b/devices/hololens/images/hololens-2-button-sleep.png
new file mode 100644
index 0000000000..29f75da34f
Binary files /dev/null and b/devices/hololens/images/hololens-2-button-sleep.png differ
diff --git a/devices/hololens/images/hololens-2-button-turn-off.png b/devices/hololens/images/hololens-2-button-turn-off.png
new file mode 100644
index 0000000000..8e3f4a2c72
Binary files /dev/null and b/devices/hololens/images/hololens-2-button-turn-off.png differ
diff --git a/devices/hololens/images/hololens-2-button-turn-on.png b/devices/hololens/images/hololens-2-button-turn-on.png
new file mode 100644
index 0000000000..25ce3fcc58
Binary files /dev/null and b/devices/hololens/images/hololens-2-button-turn-on.png differ
diff --git a/devices/hololens/images/hololens-2-button-wake.png b/devices/hololens/images/hololens-2-button-wake.png
new file mode 100644
index 0000000000..135b1e3a04
Binary files /dev/null and b/devices/hololens/images/hololens-2-button-wake.png differ
diff --git a/devices/hololens/images/hololens-2-gesture-frame.png b/devices/hololens/images/hololens-2-gesture-frame.png
new file mode 100644
index 0000000000..cc1a9f667d
Binary files /dev/null and b/devices/hololens/images/hololens-2-gesture-frame.png differ
diff --git a/devices/hololens/images/hololens-2-screenshot-with-callouts.png b/devices/hololens/images/hololens-2-screenshot-with-callouts.png
new file mode 100644
index 0000000000..769310e749
Binary files /dev/null and b/devices/hololens/images/hololens-2-screenshot-with-callouts.png differ
diff --git a/devices/hololens/images/hololens-2-start-alternative.png b/devices/hololens/images/hololens-2-start-alternative.png
new file mode 100644
index 0000000000..763cd8600e
Binary files /dev/null and b/devices/hololens/images/hololens-2-start-alternative.png differ
diff --git a/devices/hololens/images/hololens-2-start-gesture.png b/devices/hololens/images/hololens-2-start-gesture.png
new file mode 100644
index 0000000000..109c6235bb
Binary files /dev/null and b/devices/hololens/images/hololens-2-start-gesture.png differ
diff --git a/devices/hololens/images/hololens-air-tap.gif b/devices/hololens/images/hololens-air-tap.gif
new file mode 100644
index 0000000000..9139718cdb
Binary files /dev/null and b/devices/hololens/images/hololens-air-tap.gif differ
diff --git a/devices/hololens/images/hololens-bloom.gif b/devices/hololens/images/hololens-bloom.gif
new file mode 100644
index 0000000000..db7d8378e5
Binary files /dev/null and b/devices/hololens/images/hololens-bloom.gif differ
diff --git a/devices/hololens/images/hololens-box-contents.png b/devices/hololens/images/hololens-box-contents.png
new file mode 100644
index 0000000000..51b4b5e163
Binary files /dev/null and b/devices/hololens/images/hololens-box-contents.png differ
diff --git a/devices/hololens/images/hololens-buttons.jpg b/devices/hololens/images/hololens-buttons.jpg
new file mode 100644
index 0000000000..868487b0bf
Binary files /dev/null and b/devices/hololens/images/hololens-buttons.jpg differ
diff --git a/devices/hololens/images/hololens-charging.png b/devices/hololens/images/hololens-charging.png
new file mode 100644
index 0000000000..a5dd4d7dcd
Binary files /dev/null and b/devices/hololens/images/hololens-charging.png differ
diff --git a/devices/hololens/images/hololens-cleaning-visor.png b/devices/hololens/images/hololens-cleaning-visor.png
new file mode 100644
index 0000000000..68f990d43b
Binary files /dev/null and b/devices/hololens/images/hololens-cleaning-visor.png differ
diff --git a/devices/hololens/images/hololens-clicker-500px.jpg b/devices/hololens/images/hololens-clicker-500px.jpg
new file mode 100644
index 0000000000..4dd7d954f4
Binary files /dev/null and b/devices/hololens/images/hololens-clicker-500px.jpg differ
diff --git a/devices/hololens/images/hololens-frame.png b/devices/hololens/images/hololens-frame.png
new file mode 100644
index 0000000000..5789f1b8c8
Binary files /dev/null and b/devices/hololens/images/hololens-frame.png differ
diff --git a/devices/hololens/images/hololens-gaze.png b/devices/hololens/images/hololens-gaze.png
new file mode 100644
index 0000000000..d21ffef0b2
Binary files /dev/null and b/devices/hololens/images/hololens-gaze.png differ
diff --git a/devices/hololens/images/hololens-lights.png b/devices/hololens/images/hololens-lights.png
new file mode 100644
index 0000000000..f3a19b84a3
Binary files /dev/null and b/devices/hololens/images/hololens-lights.png differ
diff --git a/devices/hololens/images/hololens-power.png b/devices/hololens/images/hololens-power.png
new file mode 100644
index 0000000000..80c3e7c215
Binary files /dev/null and b/devices/hololens/images/hololens-power.png differ
diff --git a/devices/hololens/images/hololens-vector-white.png b/devices/hololens/images/hololens-vector-white.png
new file mode 100644
index 0000000000..583a307449
Binary files /dev/null and b/devices/hololens/images/hololens-vector-white.png differ
diff --git a/devices/hololens/images/hololens2-exploded-large.png b/devices/hololens/images/hololens2-exploded-large.png
new file mode 100644
index 0000000000..fc639a0f62
Binary files /dev/null and b/devices/hololens/images/hololens2-exploded-large.png differ
diff --git a/devices/hololens/images/hololens2-exploded-medium.png b/devices/hololens/images/hololens2-exploded-medium.png
new file mode 100644
index 0000000000..3e1fbea7de
Binary files /dev/null and b/devices/hololens/images/hololens2-exploded-medium.png differ
diff --git a/devices/hololens/images/hololens2-fit.png b/devices/hololens/images/hololens2-fit.png
new file mode 100644
index 0000000000..dacaf4cbd7
Binary files /dev/null and b/devices/hololens/images/hololens2-fit.png differ
diff --git a/devices/hololens/images/hololens2-headstrap.png b/devices/hololens/images/hololens2-headstrap.png
new file mode 100644
index 0000000000..805637214b
Binary files /dev/null and b/devices/hololens/images/hololens2-headstrap.png differ
diff --git a/devices/hololens/images/hololens2-lift-visor.png b/devices/hololens/images/hololens2-lift-visor.png
new file mode 100644
index 0000000000..4d83f2c730
Binary files /dev/null and b/devices/hololens/images/hololens2-lift-visor.png differ
diff --git a/devices/hololens/images/hololens2-remove-browpad.png b/devices/hololens/images/hololens2-remove-browpad.png
new file mode 100644
index 0000000000..619f14e4fd
Binary files /dev/null and b/devices/hololens/images/hololens2-remove-browpad.png differ
diff --git a/devices/hololens/images/hololens2-side-render-medium.png b/devices/hololens/images/hololens2-side-render-medium.png
new file mode 100644
index 0000000000..d4650c05e2
Binary files /dev/null and b/devices/hololens/images/hololens2-side-render-medium.png differ
diff --git a/devices/hololens/images/hololens2-side-render-small.png b/devices/hololens/images/hololens2-side-render-small.png
new file mode 100644
index 0000000000..a1a612e05a
Binary files /dev/null and b/devices/hololens/images/hololens2-side-render-small.png differ
diff --git a/devices/hololens/images/hololens2-side-render-xs.png b/devices/hololens/images/hololens2-side-render-xs.png
new file mode 100644
index 0000000000..08d5f966cd
Binary files /dev/null and b/devices/hololens/images/hololens2-side-render-xs.png differ
diff --git a/devices/hololens/images/hololens2-side-render.png b/devices/hololens/images/hololens2-side-render.png
new file mode 100644
index 0000000000..143fb8fc50
Binary files /dev/null and b/devices/hololens/images/hololens2-side-render.png differ
diff --git a/devices/hololens/images/ipd-finger-alignment-300px.jpg b/devices/hololens/images/ipd-finger-alignment-300px.jpg
new file mode 100644
index 0000000000..7a4c929867
Binary files /dev/null and b/devices/hololens/images/ipd-finger-alignment-300px.jpg differ
diff --git a/devices/hololens/images/keyboard.png b/devices/hololens/images/keyboard.png
new file mode 100644
index 0000000000..6962567b83
Binary files /dev/null and b/devices/hololens/images/keyboard.png differ
diff --git a/devices/hololens/images/motherboard-400px.jpg b/devices/hololens/images/motherboard-400px.jpg
new file mode 100644
index 0000000000..5a2a085477
Binary files /dev/null and b/devices/hololens/images/motherboard-400px.jpg differ
diff --git a/devices/hololens/images/recover-clicker-1.png b/devices/hololens/images/recover-clicker-1.png
new file mode 100644
index 0000000000..ad54e6ee09
Binary files /dev/null and b/devices/hololens/images/recover-clicker-1.png differ
diff --git a/devices/hololens/images/recover-clicker-2.png b/devices/hololens/images/recover-clicker-2.png
new file mode 100644
index 0000000000..d7a9d6fd0d
Binary files /dev/null and b/devices/hololens/images/recover-clicker-2.png differ
diff --git a/devices/hololens/images/searchfeedback-500px.jpg b/devices/hololens/images/searchfeedback-500px.jpg
new file mode 100644
index 0000000000..952e29a6ec
Binary files /dev/null and b/devices/hololens/images/searchfeedback-500px.jpg differ
diff --git a/devices/hololens/images/see-through-400px.jpg b/devices/hololens/images/see-through-400px.jpg
new file mode 100644
index 0000000000..d9fba1c9e0
Binary files /dev/null and b/devices/hololens/images/see-through-400px.jpg differ
diff --git a/devices/hololens/images/sensor-bar-400px.jpg b/devices/hololens/images/sensor-bar-400px.jpg
new file mode 100644
index 0000000000..bf0b8f7f21
Binary files /dev/null and b/devices/hololens/images/sensor-bar-400px.jpg differ
diff --git a/devices/hololens/images/startmenu.jpg b/devices/hololens/images/startmenu.jpg
new file mode 100644
index 0000000000..b685db51ee
Binary files /dev/null and b/devices/hololens/images/startmenu.jpg differ
diff --git a/devices/hololens/images/upvotefeedback-500px.jpg b/devices/hololens/images/upvotefeedback-500px.jpg
new file mode 100644
index 0000000000..f1eda89efa
Binary files /dev/null and b/devices/hololens/images/upvotefeedback-500px.jpg differ
diff --git a/devices/hololens/images/use-hololens-clicker-1.png b/devices/hololens/images/use-hololens-clicker-1.png
new file mode 100644
index 0000000000..ad54e6ee09
Binary files /dev/null and b/devices/hololens/images/use-hololens-clicker-1.png differ
diff --git a/devices/hololens/images/use-hololens-clicker-2.png b/devices/hololens/images/use-hololens-clicker-2.png
new file mode 100644
index 0000000000..d7a9d6fd0d
Binary files /dev/null and b/devices/hololens/images/use-hololens-clicker-2.png differ
diff --git a/devices/hololens/images/vs2015-remotedeployment.jpg b/devices/hololens/images/vs2015-remotedeployment.jpg
new file mode 100644
index 0000000000..a7d6b43dc3
Binary files /dev/null and b/devices/hololens/images/vs2015-remotedeployment.jpg differ
diff --git a/devices/hololens/images/wifi-hololens-600px.jpg b/devices/hololens/images/wifi-hololens-600px.jpg
new file mode 100644
index 0000000000..eb6930a29f
Binary files /dev/null and b/devices/hololens/images/wifi-hololens-600px.jpg differ
diff --git a/devices/hololens/images/wifi-hololens-hwdetails.jpg b/devices/hololens/images/wifi-hololens-hwdetails.jpg
new file mode 100644
index 0000000000..e4b45047cf
Binary files /dev/null and b/devices/hololens/images/wifi-hololens-hwdetails.jpg differ
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
index 9b7ed69845..98835e4ce5 100644
--- a/devices/hololens/index.md
+++ b/devices/hololens/index.md
@@ -1,46 +1,58 @@
---
-title: Microsoft HoloLens (HoloLens)
-description: HoloLens provides extra features designed for business in the Commercial Suite.
+title: Microsoft HoloLens
+description: Landing page Microsoft HoloLens.
ms.prod: hololens
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+ms.assetid: 0947f5b3-8f0f-42f0-aa27-6d2cad51d040
+author: scooley
+ms.author: scooley
ms.topic: article
ms.localizationpriority: medium
-ms.date: 07/27/2018
+ms.date: 10/14/2019
+audience: ITPro
+appliesto:
+- HoloLens 1
+- HoloLens 2
+
---
# Microsoft HoloLens
-
-
Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.
Microsoft HoloLens is available in the **Development Edition**, which runs Windows Holographic (an edition of Windows 10 designed for HoloLens), and in the **Commercial Suite**, which runs Windows Holographic for Business when you apply the Enterprise license file to the device.
+
+
Microsoft HoloLens is the first fully self-contained holographic computer running Windows 10.
+
+
Now, with the introduction of HoloLens 2, every device provides commercial ready management enhanced by the reliability, security, and scalability of cloud and AI services from Microsoft.
-## In this section
+## Guides in this section
+
+| Guide | Description |
+| --- | --- |
+| [Get started with HoloLens 2](hololens2-setup.md) | Set up HoloLens 2 for the first time. |
+| [Get started with HoloLens (1st gen)](hololens1-setup.md) | Set up HoloLens (1st gen) for the first time. |
+| [Get started with HoloLens in a commercial or classroom environment](hololens-requirements.md) | Plan for a multi-device HoloLens deployment and create a strategy for ongoing device management.This section is tailored to IT professionals managing devices with existing device management infrastructure. |
+
+## Quick reference by topic
| Topic | Description |
| --- | --- |
-| [What's new in Microsoft HoloLens](hololens-whats-new.md) | Discover the new features in the latest update. |
-| [HoloLens in the enterprise: requirements](hololens-requirements.md) | Lists requirements for general use, Wi-Fi, and device management |
-| [Set up HoloLens](hololens-setup.md) | How to set up HoloLens for the first time |
-[Install localized version of HoloLens](hololens-install-localized.md) | Install the Chinese or Japanese version of HoloLens
-| [Unlock Windows Holographic for Business features](hololens-upgrade-enterprise.md) | How to upgrade your Development Edition HoloLens to Windows Holographic for Business |
-| [Enroll HoloLens in MDM](hololens-enroll-mdm.md) | Manage multiple HoloLens devices simultaneously using solutions like Microsoft Intune |
-| [Manage updates to HoloLens](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
-| [Set up HoloLens in kiosk mode](hololens-kiosk.md) | Enable kiosk mode for HoloLens, which limits the user's ability to launch new apps or change the running app |
-[Share HoloLens with multiple people](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
-| [Configure HoloLens using a provisioning package](hololens-provisioning.md) | Provisioning packages make it easy for IT administrators to configure HoloLens devices without imaging |
-| [Install apps on HoloLens](hololens-install-apps.md) | Use Microsoft Store for Business, mobile device management (MDM), or the Windows Device Portal to install apps on HoloLens |
-| [Enable Bitlocker device encryption for HoloLens](hololens-encryption.md) | Learn how to use Bitlocker device encryption to protect files and information stored on the HoloLens |
-| [Change history for Microsoft HoloLens documentation](change-history-hololens.md) | See new and updated topics in the HoloLens documentation library. |
+| [What's new in HoloLens](hololens-whats-new.md) | Discover new features in the latest updates via HoloLens release notes. |
+| [Install and manage applications on HoloLens](hololens-install-apps.md) | Install and manage important applications on HoloLens at scale. |
+| [HoloLens update management](hololens-updates.md) | Use mobile device management (MDM) policies to configure settings for updates. |
+| [HoloLens user management](hololens-multiple-users.md) | Multiple users can shared a HoloLens device by using their Azure Active Directory accounts. |
+| [HoloLens application access management](hololens-kiosk.md) | Manage application access for different user groups. |
+| [Recover and troubleshoot HoloLens issues](https://support.microsoft.com/products/hololens) | Learn how to gather logs from HoloLens, recover a misbehaving device, or reset HoloLens when necessary. |
+| [Get support](https://support.microsoft.com/products/hololens) | Connect with Microsoft support resources for HoloLens in enterprise. |
## Related resources
-- [Help for using HoloLens](https://support.microsoft.com/products/hololens)
-
-- [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
-
-- [HoloLens Commercial Suite](https://www.microsoft.com/microsoft-hololens/hololens-commercial)
-
-- [HoloLens release notes](https://developer.microsoft.com/en-us/windows/mixed-reality/release_notes)
+* [Documentation for Holographic app development](https://developer.microsoft.com/windows/mixed-reality/development)
+* [HoloLens release notes](https://docs.microsoft.com/hololens/hololens-release-notes)
diff --git a/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
new file mode 100644
index 0000000000..e499178078
--- /dev/null
+++ b/devices/surface-hub/General-Data-Privacy-Regulation-and-Surface-Hub.md
@@ -0,0 +1,25 @@
+---
+title: General Data Privacy Regulation and Surface Hub
+description: Informs users who are subject to EU data protection laws of their options regarding how to delete or restrict diagnostic data produced by Surface Hub.
+ms.assetid: 087713CF-631D-477B-9CC6-EFF939DE0186
+keywords: GDPR
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-MOTIV
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# General Data Privacy Regulation and Surface Hub
+
+In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), took effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents.
+
+Surface Hub customers concerned about privacy under the new GDPR regulations can manage their device privacy with the following options that are provided by Microsoft:
+
+* **Option 1:** Surface Hub devices in regions enforcing GDPR regulations will install KB4284830 when publicly available to automatically reduce diagnostic data emission to basic. Customers opting to provide a higher level of diagnostic data can use the Surface Hub Settings application or Mobile Device Management to override the default basic setting.
+
+* **Option 2:** Surface Hub customers who want to remove any existing diagnostic data can download the **Surface Hub Delete Diagnostic Data** application from the Microsoft Store. This app will allow customers to request deletion of associated diagnostic data directly from their Surface Hub device.
+
+Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.
+
diff --git a/devices/surface-hub/TOC.md b/devices/surface-hub/TOC.md
index d24333f170..59d2d76a0d 100644
--- a/devices/surface-hub/TOC.md
+++ b/devices/surface-hub/TOC.md
@@ -1,8 +1,72 @@
# [Microsoft Surface Hub](index.md)
-## [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
-## [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md)
-## [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)
-### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
+
+# Surface Hub 2S
+
+## Overview
+### [What's new in Surface Hub 2S for IT admins](surface-hub-2s-whats-new.md)
+### [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md)
+### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
+### [Adjust Surface Hub 2S brightness, volume, and input](surface-hub-2s-onscreen-display.md)
+### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
+
+## Plan
+### [Surface Hub 2S Site Readiness Guide](surface-hub-2s-site-readiness-guide.md)
+#### [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md)
+#### [Surface Hub 2S quick start](surface-hub-2s-quick-start.md)
+#### [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md)
+#### [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md)
+#### [Setup worksheet](setup-worksheet-surface-hub.md)
+#### [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md)
+#### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md)
+### [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md)
+### [Configure Easy Authentication for Surface Hub 2S](surface-hub-2s-phone-authenticate.md)
+
+## Deploy
+### [Surface Hub 2S adoption and training](surface-hub-2s-adoption-kit.md)
+### [Surface Hub 2S adoption videos](surface-hub-2s-adoption-videos.md)
+
+### [First time setup for Surface Hub 2S](surface-hub-2s-setup.md)
+### [Connect devices to Surface Hub 2S](surface-hub-2s-connect.md)
+### [Surface Hub 2S deployment checklist](surface-hub-2s-deploy-checklist.md)
+### [Create Surface Hub 2S device account](surface-hub-2s-account.md)
+### [Create provisioning packages for Surface Hub 2S](surface-hub-2s-deploy.md)
+### [Deploy apps to Surface Hub 2S using Intune](surface-hub-2s-deploy-apps-intune.md)
+### [Create Surface Hub 2S on-premises accounts with PowerShell](surface-hub-2s-onprem-powershell.md)
+
+## Manage
+### [Manage Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)
+### [Local management for Surface Hub 2S settings](local-management-surface-hub-settings.md)
+### [Manage device account password rotation](surface-hub-2s-manage-passwords.md)
+### [Manage Windows updates](manage-windows-updates-for-surface-hub.md)
+### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md)
+### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
+### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
+### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md)
+
+## Secure
+### [Secure and manage Surface Hub 2S with SEMM and UEFI](surface-hub-2s-secure-with-uefi-semm.md)
+### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
+
+## Troubleshoot
+### [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md)
+### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
+### [How to pack and ship your Surface Hub 2S for service](surface-hub-2s-pack-components.md)
+### [Change history](surface-hub-2s-change-history.md)
+
+# Surface Hub
+## Overview
+### [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md)
+### [Operating system essentials (Surface Hub)](differences-between-surface-hub-and-windows-10-enterprise.md)
+### [Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md)
+### [Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md)
+### [Use Microsoft Whiteboard on a Surface Hub](https://support.office.com/article/use-microsoft-whiteboard-on-a-surface-hub-5c594985-129d-43f9-ace5-7dee96f7621d)
+
+## Plan
+### [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)
+### [Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md)
+### [Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)
+
+## Deploy
### [Create and test a device account](create-and-test-a-device-account-surface-hub.md)
#### [Online deployment](online-deployment-surface-hub-device-accounts.md)
#### [On-premises deployment (single forest)](on-premises-deployment-surface-hub-device-accounts.md)
@@ -13,12 +77,15 @@
#### [Microsoft Exchange properties](exchange-properties-for-surface-hub-device-accounts.md)
#### [Applying ActiveSync policies to device accounts](apply-activesync-policies-for-surface-hub-device-accounts.md)
#### [Password management](password-management-for-surface-hub-device-accounts.md)
-### [Create provisioning packages](provisioning-packages-for-surface-hub.md)
-### [Admin group management](admin-group-management-for-surface-hub.md)
-## [Set up Microsoft Surface Hub](set-up-your-surface-hub.md)
-### [Setup worksheet](setup-worksheet-surface-hub.md)
-### [First-run program](first-run-program-surface-hub.md)
-## [Manage Microsoft Surface Hub](manage-surface-hub.md)
+#### [Create provisioning packages](provisioning-packages-for-surface-hub.md)
+#### [Admin group management](admin-group-management-for-surface-hub.md)
+### [Set up Microsoft Surface Hub](set-up-your-surface-hub.md)
+#### [Setup worksheet](setup-worksheet-surface-hub.md)
+#### [First-run program](first-run-program-surface-hub.md)
+
+## Manage
+### [Manage Microsoft Surface Hub](manage-surface-hub.md)
+### [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)
### [Remote Surface Hub management](remote-surface-hub-management.md)
#### [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md)
#### [Monitor your Surface Hub](monitor-surface-hub.md)
@@ -30,21 +97,34 @@
#### [Device reset](device-reset-surface-hub.md)
#### [Use fully qualified domain name with Surface Hub](use-fully-qualified-domain-name-surface-hub.md)
#### [Wireless network management](wireless-network-management-for-surface-hub.md)
+### [Implement Quality of Service on Surface Hub](surface-hub-qos.md)
### [Install apps on your Surface Hub](install-apps-on-surface-hub.md)
### [Configure Surface Hub Start menu](surface-hub-start-menu.md)
### [Set up and use Microsoft Whiteboard](whiteboard-collaboration.md)
### [End a Surface Hub meeting with End session](i-am-done-finishing-your-surface-hub-meeting.md)
-### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md)
-### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
### [Connect other devices and display with Surface Hub](connect-and-display-with-surface-hub.md)
### [Miracast on existing wireless network or LAN](miracast-over-infrastructure.md)
### [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md)
### [Using a room control system](use-room-control-system-with-surface-hub.md)
+
+## Secure
+### [Sign in to Surface Hub with Microsoft Authenticator](surface-hub-authenticator-app.md)
+### [Save your BitLocker key](save-bitlocker-key-surface-hub.md)
+### [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
+
+## Troubleshoot
### [Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md)
-## [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md)
-## [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md)
-## [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
-## [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
-## [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
-## [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
-## [Change history for Surface Hub](change-history-surface-hub.md)
\ No newline at end of file
+### [Surface Hub SSD replacement](surface-hub-ssd-replacement.md)
+### [Top support solutions for Surface Hub](support-solutions-surface-hub.md)
+### [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md)
+### [Surface Hub Update History](surface-hub-update-history.md)
+### [Known issues and additional information about Microsoft Surface Hub](known-issues-and-additional-info-about-surface-hub.md)
+### [How to use cloud recovery for BitLocker on a Surface Hub](use-cloud-recovery-for-bitlocker-on-surfacehub.md)
+### [Using the Surface Hub Hardware Diagnostic Tool to test a device account](use-surface-hub-diagnostic-test-device-account.md)
+### [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md)
+### [Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel](surfacehub-miracast-not-supported-europe-japan-israel.md)
+### [What to do if the Connect app in Surface Hub exits unexpectedly](connect-app-in-surface-hub-unexpectedly-exits.md)
+### [Surface Hub may install updates and restart outside maintenance hours](surface-hub-installs-updates-and-restarts-outside-maintenance-hours.md)
+### [General Data Privacy Regulation and Surface Hub](general-data-privacy-regulation-and-surface-hub.md)
+### [Useful downloads for Surface Hub administrators](surface-hub-downloads.md)
+### [Change history for Surface Hub](change-history-surface-hub.md)
diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md
index 634261a1e3..031501c2b4 100644
--- a/devices/surface-hub/accessibility-surface-hub.md
+++ b/devices/surface-hub/accessibility-surface-hub.md
@@ -2,13 +2,14 @@
title: Accessibility (Surface Hub)
description: Accessibility settings for the Microsoft Surface Hub can be changed by using the Settings app. You'll find them under Ease of Access. Your Surface Hub has the same accessibility options as Windows 10.
ms.assetid: 1D44723B-1162-4DF6-99A2-8A3F24443442
+ms.reviewer:
+manager: dansimp
keywords: Accessibility settings, Settings app, Ease of Access
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 08/16/2017
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md
index 5771b3f3c5..8125113887 100644
--- a/devices/surface-hub/admin-group-management-for-surface-hub.md
+++ b/devices/surface-hub/admin-group-management-for-surface-hub.md
@@ -2,11 +2,13 @@
title: Admin group management (Surface Hub)
description: Every Microsoft Surface Hub can be configured individually by opening the Settings app on the device.
ms.assetid: FA67209E-B355-4333-B903-482C4A3BDCCE
+ms.reviewer:
+manager: dansimp
keywords: admin group management, Settings app, configure Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -35,7 +37,7 @@ Note that the local admin account information is not backed by any directory ser
### Domain join the device to Active Directory (AD)
-You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#a-href-iduse-active-directoryause-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
+You can domain join the Surface Hub to your AD domain to allow users from a specified security group to configure settings. During first run, choose to use [Active Directory Domain Services](first-run-program-surface-hub.md#use-active-directory-domain-services). You'll need to provide credentials that are capable of joining the domain of your choice, and the name of an existing security group. Anyone who is a member of that security group can enter their credentials and unlock Settings.
#### What happens when you domain join your Surface Hub?
Surface Hubs use domain join to:
@@ -51,7 +53,7 @@ Surface Hub does not support applying group policies or certificates from the do
### Azure Active Directory (Azure AD) join the device
-You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#a-href-iduse-microsoft-azureause-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
+You can Azure AD join the Surface Hub to allow IT pros from your Azure AD tenant to configure settings. During first run, choose to use [Microsoft Azure Active Directory](first-run-program-surface-hub.md#use-microsoft-azure-active-directory). You will need to provide credentials that are capable of joining the Azure AD tenant of your choice. After you successfully Azure AD join, the appropriate people will be granted admin rights on the device.
By default, all **global administrators** will be given admin rights on an Azure AD joined Surface Hub. With **Azure AD Premium** or **Enterprise Mobility Suite (EMS)**, you can add additional administrators:
1. In the [Azure classic portal](https://manage.windowsazure.com/), click **Active Directory**, and then click the name of your organization's directory.
@@ -64,8 +66,11 @@ Surface Hubs use Azure AD join to:
- Grant admin rights to the appropriate users in your Azure AD tenant.
- Backup the device's BitLocker recovery key by storing it under the account that was used to Azure AD join the device. See [Save your BitLocker key](save-bitlocker-key-surface-hub.md) for details.
-> [!IMPORTANT]
-> Surface Hub does not currently support automatic enrollment to Microsoft Intune through Azure AD join. If your organization automatically enrolls Azure AD joined devices into Intune, you must disable this policy for Surface Hub before joining the device to Azure AD.
+### Automatic enrollment via Azure Active Directory join
+
+Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory.
+
+For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
### Which should I choose?
diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
index f037f97ecb..8196982606 100644
--- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
+++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
@@ -2,11 +2,13 @@
title: PowerShell for Surface Hub (Surface Hub)
description: PowerShell scripts to help set up and manage your Microsoft Surface Hub.
ms.assetid: 3EF48F63-8E4C-4D74-ACD5-461F1C653784
+ms.reviewer:
+manager: dansimp
keywords: PowerShell, set up Surface Hub, manage Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 01/10/2018
ms.localizationpriority: medium
@@ -496,7 +498,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
$strRegPool = $strRegPoolEntry
}
-# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory
+# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
PrintAction "Enabling Skype for Business..."
Start-Sleep -s 10
$Error.Clear()
@@ -532,7 +534,7 @@ if ($status.Count -gt 0)
elseif ($v[0] -eq "F")
{
$color = "red"
- $v += " Go to http://aka.ms/shubtshoot"
+ $v += " Go to https://aka.ms/shubtshoot"
}
Write-Host -NoNewline $k -ForegroundColor $color
@@ -609,7 +611,7 @@ function ExitIfError($strMsg)
## Check dependencies ##
try {
- Import-Module LyncOnlineConnector
+ Import-Module SkypeOnlineConnector
Import-Module MSOnline
}
catch
@@ -876,7 +878,7 @@ if (![System.String]::IsNullOrEmpty($strRegPoolEntry))
}
#>
-# Try to SfB-enable the account. Note that it may not work right away as the account needs to propogate to active directory
+# Try to SfB-enable the account. Note that it may not work right away as the account needs to propagate to active directory
PrintAction "Enabling Skype for Business on $strRegPool"
Start-Sleep -s 10
$Error.Clear()
@@ -976,7 +978,7 @@ if ($status.Count -gt 0)
elseif ($v[0] -eq "F")
{
$color = "red"
- $v += " Go to http://aka.ms/shubtshoot for help"
+ $v += " Go to https://aka.ms/shubtshoot for help"
}
Write-Host -NoNewline $k -ForegroundColor $color
@@ -1098,7 +1100,7 @@ if ($fSfbIsOnline -or $fExIsOnline)
if ($fSfbIsOnline)
{
try {
- Import-Module LyncOnlineConnector
+ Import-Module SkypeOnlineConnector
}
catch
{
@@ -1350,7 +1352,7 @@ Validate -Test "ActiveSync devices are allowed" -Condition ($strDefaultAccessLev
# Check if there exists a device access rule that bans the device type Windows Mail
$blockingRules = Get-ActiveSyncDeviceAccessRule | where {($_.AccessLevel -eq 'Block' -or $_.AccessLevel -eq 'Quarantine') -and $_.Characteristic -eq 'DeviceType'-and $_.QueryString -eq 'WindowsMail'}
-Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quaratined - the surface hub will not be able to send mail or sync its calendar."
+Validate -Test "Windows mail devices are not blocked or quarantined" -Condition ($blockingRules -eq $null -or $blockingRules.Length -eq 0) -FailureMsg "DeviceType Windows Mail is accessible - devices are blocked or quarantined - the surface hub will not be able to send mail or sync its calendar."
## End Exchange ##
@@ -1409,7 +1411,7 @@ if ($fHasOnline)
}
}
-#If there is an on-prem component, we can get the authorative AD user from mailbox
+#If there is an on-prem component, we can get the authoritative AD user from mailbox
if ($fHasOnPrem)
{
$accountOnPrem = $null
@@ -1511,7 +1513,7 @@ else
if ($online)
{
try {
- Import-Module LyncOnlineConnector
+ Import-Module SkypeOnlineConnector
}
catch
{
diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
index f34a48b0b7..7ea2bc584c 100644
--- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
@@ -2,13 +2,15 @@
title: Applying ActiveSync policies to device accounts (Surface Hub)
description: The Microsoft Surface Hub's device account uses ActiveSync to sync mail and calendar. This allows people to join and start scheduled meetings from the Surface Hub, and allows them to email any whiteboards they have made during their meeting.
ms.assetid: FAABBA74-3088-4275-B58E-EC1070F4D110
+ms.reviewer:
+manager: dansimp
keywords: Surface Hub, ActiveSync policies
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index 836ff19136..2d55222b1b 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -1,13 +1,14 @@
---
title: Change history for Surface Hub
+ms.reviewer:
+manager: dansimp
description: This topic lists new and updated topics for Surface Hub.
keywords: change history
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/12/2018
ms.localizationpriority: medium
---
@@ -15,6 +16,16 @@ ms.localizationpriority: medium
This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
+## April 2019
+
+New or changed topic | Description
+--- | ---
+[Surface Hub Site Readiness Guide](surface-hub-site-readiness-guide.md) | New; previously available for download only
+[Technical information for 55” Microsoft Surface Hub](surface-hub-technical-55.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
+[Technical information for 84” Microsoft Surface Hub](surface-hub-technical-84.md) | New; previously available for download and on [Surface Hub Tech Spec](https://support.microsoft.com/help/4483539/surface-hub-tech-spec)
+[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | New; previously available for download only
+[Implement Quality of Service on Surface Hub](surface-hub-qos.md) | New
+
## July 2018
New or changed topic | Description
@@ -181,4 +192,4 @@ The topics in this library have been updated for Windows 10, version 1607 (also
| [Create and test a device account (Surface Hub)](create-and-test-a-device-account-surface-hub.md) | Reorganize and streamline guidance on creating a device account. |
| [Introduction to Surface Hub](intro-to-surface-hub.md) | Move Surface Hub dependencies table to [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md). |
| [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md) | Add dependency table and reorganize topic. |
-| [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | New topic. |
\ No newline at end of file
+| [Local management for Surface Hub settings](local-management-surface-hub-settings.md) | New topic. |
diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md
index bef2ff6610..142af6e80e 100644
--- a/devices/surface-hub/change-surface-hub-device-account.md
+++ b/devices/surface-hub/change-surface-hub-device-account.md
@@ -2,11 +2,13 @@
title: Change the Microsoft Surface Hub device account
description: You can change the device account in Settings to either add an account if one was not already provisioned, or to change any properties of an account that was already provisioned.
ms.assetid: AFC43043-3319-44BC-9310-29B1F375E672
+ms.reviewer:
+manager: dansimp
keywords: change device account, change properties, Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index 241cfc77e6..5fd13d7b95 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -2,10 +2,12 @@
title: Connect other devices and display with Surface Hub
description: You can connect other device to your Surface Hub to display content.
ms.assetid: 8BB80FA3-D364-4A90-B72B-65F0F0FC1F0D
+ms.reviewer:
+manager: dansimp
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -107,17 +109,17 @@ Use these ports on the Surface Hub for Guest Mode.
-
+
### Port locations
These are the port connections used for Guest Mode on the 55" and 84" Surface Hubs.
-
+
Wired port connections on 55" Surface Hub
-
+
Wired port connections on 84" Surface Hub
@@ -222,7 +224,7 @@ Your choice of video cable will be determined by what is available from your sou
-
+
Source audio is provided by DisplayPort and HDMI cables. If you must use VGA, Surface Hub has an audio input port that uses a 3.5 mm plug. Surface Hub also uses a USB cable that provides Touchback and Inkback from the Surface Hub to compatible Windows 10 devices. The USB cable can be used with any video input that is already connected with a cable.
@@ -273,26 +275,26 @@ Check directly with graphics card vendors for the latest drivers.
-
+
### Ports
Replacement PC ports on 55" Surface Hub
-
+
@@ -345,11 +347,11 @@ Replacement PC ports on 55" Surface Hub
-
+
Replacement PC ports on 84" Surface Hub
-
+
@@ -402,7 +404,7 @@ Replacement PC ports on 84" Surface Hub
-
+
### Replacement PC setup instructions
@@ -437,9 +439,9 @@ You can switch the Surface Hub to use the internal PC.
3. Turn on the Surface Hub using the power switch next to the power cable.
-
+
## Video Out
-
+
The Surface Hub includes a Video Out port for mirroring visual content from the Surface Hub to another display.
### Ports
@@ -489,4 +491,4 @@ You can connect the following accessories to Surface Hub using Bluetooth:
- Speakers
>[!NOTE]
->After you connect a Bluetooth headset or speaker, you might need to change the [default microphone and speaker settings](local-management-surface-hub-settings.md).
\ No newline at end of file
+>After you connect a Bluetooth headset or speaker, you might need to change the [default microphone and speaker settings](local-management-surface-hub-settings.md).
diff --git a/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
new file mode 100644
index 0000000000..439d3c68d7
--- /dev/null
+++ b/devices/surface-hub/connect-app-in-surface-hub-unexpectedly-exits.md
@@ -0,0 +1,20 @@
+---
+title: What to do if the Connect app in Surface Hub exits unexpectedly
+description: Describes how to resolve an issue where the Connect app in Surface Hub exits to the Welcome screen after cycling through inputs.
+ms.assetid: 9576f4e4-d936-4235-8a03-d8a6fe9e8fec
+keywords: surface, hub, connect, input, displayport
+ms.prod: surface-hub
+ms.sitesec: library
+author: todmccoy
+ms.author: v-todmc
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# What to do if the Connect app in Surface Hub exits unexpectedly
+
+At times, a wired Connect session that is started from the Welcome screen by connecting a DisplayPort input will exit back to the Welcome screen after using the side keypad or the source button to cycle through all source inputs.
+
+This is an issue in the Connect app and its default full-screen state. By changing the size of the app, or by selecting a DisplayPort input thumbnail in the Connect app, you can prevent input cycling from affecting the app.
+
+The way to resolve this issue is to first launch the Connect app from the Welcome screen, and THEN connect a DisplayPort input. If the input is already connected, manually select the thumbnail.
\ No newline at end of file
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index 2d52e698c0..ff76987746 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -2,11 +2,13 @@
title: Create a device account using UI (Surface Hub)
description: If you prefer to use a graphical user interface, you can create a device account for your Microsoft Surface Hub with either the Office 365 UI or the Exchange Admin Center.
ms.assetid: D11BCDC4-DABA-4B9A-9ECB-58E02CC8218C
-keywords: create device account, Office 365 UI, Exchange Admin center, Office 365 admin center, Skype for Business, mobile device mailbox policy
+ms.reviewer:
+manager: dansimp
+keywords: create device account, Office 365 UI, Exchange Admin center, Microsoft 365 admin center, Skype for Business, mobile device mailbox policy
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 05/04/2018
ms.localizationpriority: medium
@@ -20,22 +22,22 @@ If you prefer to use a graphical user interface, you can create a device account
## Create a device account using Office 365
-1. [Create the account in the Office 365 Admin Center](#create-device-acct-o365-admin-ctr).
+1. [Create the account in the Microsoft 365 Admin Center](#create-device-acct-o365-admin-ctr).
2. [Create a mobile device mailbox (ActiveSync) policy from the Microsoft Exchange Admin Center](#create-device-acct-o365-mbx-policy).
3. [Use PowerShell to complete device account creation](#create-device-acct-o365-complete-acct).
4. [Use PowerShell to configure Exchange properties of the account](#create-device-acct-o365-configure-exch-prop).
5. [Enable the account with Skype for Business](#create-device-acct-o365-skype-for-business).
-### Create the account in the Office 365 Admin Center
+### Create the account in the admin center
-1. Sign in to Office 365 by visiting http://portal.office.com
-2. Provide the admin credentials for your Office 365 tenant. This will take you to your Office 365 Admin Center.
+1. Sign in to Office 365 by visiting https://portal.office.com
+2. Provide the admin credentials for your Office 365 tenant. This will take you to your Microsoft 365 Admin Center.
- 
+ 
-3. In the Office 365 Admin Center, navigate to **Resources** in the left panel, and then click **Rooms & equipment**.
+3. In the admin center, navigate to **Resources** in the left panel, and then click **Rooms & equipment**.
- 
+ 
4. Click **Add** to create a new Room account. Enter a display name and email address for the account, and then click **Add**.
@@ -47,9 +49,9 @@ If you prefer to use a graphical user interface, you can create a device account
### Create a mobile device mailbox (ActiveSync) policy from the Exchange Admin Center
-1. In the Office 365 Admin Center’s left panel, click **ADMIN**, and then click **Exchange**.
+1. In the admin center’s left panel, click **ADMIN**, and then click **Exchange**.
- 
+ 
2. This will open another tab on your browser to take you to the Exchange Admin Center, where you can create and set the Mailbox Setting for Surface Hub.
@@ -75,7 +77,7 @@ From here on, you'll need to finish the account creation process using PowerShel
In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console:
-- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/en-us/download/details.aspx?id=41950)
+- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/download/details.aspx?id=41950)
- [Windows Azure Active Directory Module for Windows PowerShell](https://www.microsoft.com/web/handlers/webpi.ashx/getinstaller/WindowsAzurePowershellGet.3f.3f.3fnew.appids)
- [Skype for Business Online, Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366)
@@ -93,7 +95,7 @@ Install the following module in Powershell
2. Create a Credentials object, then create a new session that connects to Skype for Business Online, and provide the global tenant administrator account, then click **OK**.
- 
+ 
3. To connect to Microsoft Online Services, run:
@@ -217,6 +219,8 @@ In order to enable Skype for Business, your environment will need to meet the fo
## Create a device account using the Exchange Admin Center
+>[!NOTE]
+>This method will only work if you are syncing from an on-premises Active Directory.
You can use the Exchange Admin Center to create a device account:
@@ -241,7 +245,7 @@ You can use the Exchange Admin Center to create a device account:
>[!NOTE]
>If you want to create and assign a policy to the account you created, and are using Exchange 2010, look up the corresponding information regarding policy creation and policy assignment when using the EMC (Exchange management console).
-
+
1. Go to the Exchange Admin Center.
@@ -369,11 +373,11 @@ If you aren't sure what value to use for the `RegistrarPool` parameter in your e
Get-CsOnlineUser -Identity ‘alice@contoso.microsoft.com’| fl *registrarpool*
```
-3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
+3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
- ```PowerShell
- Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
- ```
+ ```PowerShell
+ Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
+ ```
diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
index 3895e5aea7..dc72c7463a 100644
--- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
+++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
@@ -2,14 +2,17 @@
title: Create and test a device account (Surface Hub)
description: This topic introduces how to create and test the device account that Microsoft Surface Hub uses to communicate with Microsoft Exchange and Skype.
ms.assetid: C8605B5F-2178-4C3A-B4E0-CE32C70ECF67
+ms.reviewer: rikot
+manager: dansimp
keywords: create and test device account, device account, Surface Hub and Microsoft Exchange, Surface Hub and Skype
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 03/06/2018
ms.localizationpriority: medium
+ms.audience: itpro
---
# Create and test a device account (Surface Hub)
@@ -20,7 +23,7 @@ This topic introduces how to create and test the device account that Microsoft S
A **device account** is an Exchange resource account that Surface Hub uses to:
- Display its meeting calendar
-- Join Skype for Business calls
+- Join Teams or Skype for Business calls
- Send email (for example, email whiteboard content from a meeting)
Once the device account is provisioned to a Surface Hub, people can add this account to a meeting invitation the same way that they would invite a meeting room.
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index 7fce01ab55..6d7d33415f 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -1,102 +1,123 @@
---
-title: Device reset (Surface Hub)
-description: You may wish to reset your Microsoft Surface Hub.
+title: Reset or recover a Surface Hub
+description: Describes the reset and recovery processes for the Surface Hub, and provides instructions.
ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
-keywords: reset Surface Hub
+ms.reviewer:
+manager: dansimp
+keywords: reset Surface Hub, recover
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 07/31/2019
ms.localizationpriority: medium
---
-# Device reset (Surface Hub)
+# Reset or recover a Surface Hub
+This article describes how to reset or recover a Microsoft Surface Hub.
-You may wish to reset your Microsoft Surface Hub.
+[Resetting the Surface Hub](#reset-a-surface-hub) returns its operating system to the last cumulative Windows update, and removes all local user files and configuration information. The information that is removed includes the following:
-Typical reasons for a reset include:
+- The device account
+- Account information for the device's local administrators
+- Domain-join or Azure AD-join information
+- Mobile Device Management (MDM) enrollment information
+- Configuration information that was set by using MDM or the Settings app
-- The device isn’t running well after installing an update.
-- You’re repurposing the device for a new meeting space and want to reconfigure it.
-- You want to change how you locally manage the device.
+[Recovering a Surface Hub from the cloud](#recover-a-surface-hub-from-the-cloud) also removes this information. In addition, the Surface Hub downloads a new operating system image and installs it. You can specify whether the recovery process preserves other information that is stored on the Surface Hub.
-Initiating a reset will return the device to the last cumulative Windows update, and remove all local user files and configuration, including:
+## Reset a Surface Hub
-- The device account
-- MDM enrollment
-- Domain join or Azure AD join information
-- Local admins on the device
-- Configurations from MDM or the Settings app
+You may have to reset your Surface Hub for reasons such as the following:
-> [!IMPORTANT]
-> Performing a device reset may take up to 6 hours. Do not turn off or unplug the Surface Hub until the process has completed. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
+- You are re-purposing the device for a new meeting space and want to reconfigure it.
+- You want to change how you locally manage the device.
+- The user name or password for the device account or the Administrator account has been lost.
+- After you install an update, the performance of the device decreases.
-After the reset, Surface Hub restarts the [first run program](first-run-program-surface-hub.md) again. If the Surface Hub displays a Welcome screen, that indicates that the reset encountered a problem and rolled back to the previously existing OS image.
+During the reset process, if you see a blank screen for long periods of time, please wait and do not take any action.
-If you see a blank screen for long periods of time during the **Reset device** process, please wait and do not take any action.
+> [!WARNING]
+> The device reset process may take up to six hours. Do not turn off or unplug the Surface Hub until the process has finished. If you interrupt the process, the device becomes inoperable. The device requires warranty service in order to become functional again.
+1. On your Surface Hub, open **Settings**.
-## Reset a Surface Hub from Settings
+ 
-**To reset a Surface Hub**
-1. On your Surface Hub, open **Settings**.
+1. Select **Update & Security**.
- 
+ 
-2. Click **Update & Security**.
+1. Select **Recovery**, and then, under **Reset device**, select **Get started**.
- 
+ 
-3. Click **Recovery**, and then, under **Reset device**, click **Get started**.
-
- 
+ After the reset process finishes, the Surface Hub starts the [first run program](first-run-program-surface-hub.md) again. If the reset process encounters a problem, it rolls the Surface Hub back to the previously-existing operating system image and then displays the Welcome screen.
+
## Recover a Surface Hub from the cloud
-In the Windows Recovery Environment (Windows RE), you can recover your device by downloading a factory build from the cloud and installing it on the Surface Hub. This allows devices in an unusable state to recover without requiring assistance from Microsoft Support.
+If for some reason the Surface Hub becomes unusable, you can still recover it from the cloud without assistance from Microsoft Support. The Surface Hub can download a fresh operating system image from the cloud, and use that image to reinstall its operating system.
->[!NOTE]
->The **Recover from the cloud** process requires an open internet connection (no proxy, or other authentications). An ethernet connection is recommended.
+You may have to use this type of recovery process under the following circumstances:
+
+- [The Surface Hub or its related accounts have entered an unstable state](#recover-a-surface-hub-in-a-bad-state)
+- [The Surface Hub is locked](#recover-a-locked-surface-hub)
+
+>[!IMPORTANT]
+>The **Recover from the cloud** process requires an open internet connection (no proxy or other authentications). An ethernet connection is recommended.
### Recover a Surface Hub in a bad state
-If the device account gets into an unstable state or the Admin account is running into issues, you can use cloud recovery in **Settings**. You should only use cloud recovery when [reset](#reset-a-surface-hub-from-settings) doesn't fix the problem.
+If the device account gets into an unstable state or if the administrator account encounters problems, you can use the Settings app to start the cloud recovery process. You should only use the cloud recovery process when the [device reset](#reset-a-surface-hub) process doesn't fix the problem.
-1. On your Surface Hub, go to **Settings** > **Update & security** > **Recovery**.
+1. On your Surface Hub, select **Settings** > **Update & security** > **Recovery**.
-2. Under **Recover from the cloud**, click **Restart now**.
+1. Under **Recover from the cloud**, select **Restart now**.
- 
+ 
### Recover a locked Surface Hub
-On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device will automatically reboot and try again. But if this operation fails repeatedly, the device will be automatically locked to protect user data. To unlock it, you must reset or recover the device from [Windows RE](https://technet.microsoft.com/library/cc765966.aspx).
+On rare occasions, a Surface Hub may encounter an error while cleaning up user and app data at the end of a session. When this happens, the device automatically restarts and tries the operation again. But if this operation fails repeatedly, the device automatically locks to protect user data. To unlock it, you must [reset the device](#reset-a-surface-hub) or, if that doesn't work, recover it from the cloud.
-1. From the welcome screen, toggle the Surface Hub's power switch 3 times. Wait a few seconds between each toggle. See the [Surface Hub Site Readiness Guide (PDF)](https://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) for help with locating the power switch.
-2. The device should automatically boot into Windows RE.
-3. After the Surface Hub enters Windows RE, select **Recover from the cloud**. (Optionally, you can choose **Reset**, however **Recover from the cloud** is the recommended approach.)
+1. Locate the power switch on the bottom of Surface Hub. The power switch is next to the power cord connection. For more information about the power switch, see the [Surface Hub Site Readiness Guide (PDF)](surface-hub-site-readiness-guide.md).
- 
+1. While the Surface Hub displays the Welcome screen, use the power switch to turn off the Surface Hub.
-4. Enter the Bitlocker key (if prompted).
-5. When prompted, select **Reinstall**.
+1. Use the power switch to turn the Surface Hub back on. The device starts and displays the Surface Hub Logo screen. When you see spinning dots under the Surface Hub Logo, use the power switch to turn the Surface Hub off again.
+
+1. Repeat step 3 three times, or until the Surface Hub displays the “Preparing Automatic Repair” message. After it displays this message, the Surface Hub displays the Windows RE screen.
+
+1. Select **Advanced Options**.
+
+1. Select **Recover from the cloud**. (Optionally, you can select **Reset**. However, **Recover from the cloud** is the recommended approach.)
+
+ 
+1. If you are prompted to enter the Bitlocker key, do one of the following:
+
+ - To preserve the information that Bitlocker protects on the Surface Hub, enter the Bitlocker key.
+ - To discard the protected information, select **Skip this drive**
+
+1. When you are prompted, select **Reinstall**.
-6. Select **Yes** to repartition the disk.
+1. To repartition the disk, select **Yes**.
- 
+ 
-Reset will begin after the image is downloaded from the cloud. You will see progress indicators.
+ First, the recovery process downloads the operating system image from the cloud.
-
+ 
+
+ When the download finishes, the recovery process restores the Surface Hub according to the options that you selected.
## Related topics
[Manage Microsoft Surface Hub](manage-surface-hub.md)
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
\ No newline at end of file
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
index ae478d22b4..73a50f66c9 100644
--- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
+++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
@@ -1,17 +1,19 @@
---
-title: Differences between Surface Hub and Windows 10 Enterprise
-description: This topic explains the differences between Windows 10 Team and Windows 10 Enterprise.
+title: Operating system essentials (Surface Hub)
+description: This topic explains unique aspects of the Windows 10 Team operating system and how it differs from Windows 10 Enterprise.
keywords: change history
ms.prod: surface-hub
ms.sitesec: library
-author: isaiahng
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 11/01/2017
+ms.date: 06/20/2019
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
-# Differences between Surface Hub and Windows 10 Enterprise
+# Operating system essentials (Surface Hub)
The Surface Hub operating system, Windows 10 Team, is based on Windows 10 Enterprise, providing rich support for enterprise management, security, and other features. However, there are important differences between them. While the Enterprise edition is designed for PCs, Windows 10 Team is designed from the ground up for large screens and meeting rooms. When you evaluate security and management requirements for Surface Hub, it's best to consider it as a new operating system. This article is designed to help highlight the key differences between Windows 10 Team on Surface Hub and Windows 10 Enterprise, and what the differences mean for your organization.
@@ -125,13 +127,13 @@ The administrative features in Windows 10 Enterprise, such as the Microsoft Mana
### Remote management and monitoring
-Surface Hub supports remote management through mobile device management (MDM), and monitoring through Operations Management Suite (OMS).
+Surface Hub supports remote management through mobile device management (MDM) solutions such as [Microsoft Intune](https://docs.microsoft.com/intune/) and monitoring through [Azure Monitor](https://azure.microsoft.com/services/monitor/).
*Organization policies that this may affect:* Surface Hub doesn't support installing Win32 agents required by most traditional PC management and monitoring tools, such as System Center Operations Manager.
-### Group policy
+### Group Policy
-Surface Hub does not support group policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
+Surface Hub does not support Windows Group Policy, including auditing. Instead, use MDM to apply policies to your Surface Hub. For more information about MDM, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
*Organization policies that this may affect:* Use MDM to manage Surface Hub rather than group policy.
diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json
index 88d3dc2f7e..8eba3c49b1 100644
--- a/devices/surface-hub/docfx.json
+++ b/devices/surface-hub/docfx.json
@@ -1,42 +1,62 @@
{
"build": {
- "content":
- [
- {
- "files": ["**/**.md", "**/**.yml"],
- "exclude": ["**/obj/**"]
- }
- ],
+ "content": [
+ {
+ "files": [
+ "**/**.md",
+ "**/**.yml"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
+ ],
"resource": [
- {
- "files": ["**/images/**"],
- "exclude": ["**/obj/**"]
+ {
+ "files": [
+ "**/images/**",
+ "**/*.pptx",
+ "**/*.pdf"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
+ ],
+ "globalMetadata": {
+ "breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
+ "ROBOTS": "INDEX, FOLLOW",
+ "ms.technology": "windows",
+ "audience": "ITPro",
+ "ms.topic": "article",
+ "manager": "laurawi",
+ "ms.mktglfcycl": "manage",
+ "ms.sitesec": "library",
+ "ms.date": "05/23/2017",
+ "feedback_system": "GitHub",
+ "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+ "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "_op_documentIdPathDepotMapping": {
+ "./": {
+ "depot_name": "Win.surface-hub",
+ "folder_relative_path_in_docset": "./"
}
- ],
- "globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
- "breadcrumb_path": "/surface-hub/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.technology": "windows",
- "ms.topic": "article",
- "ms.mktglfcycl": "manage",
- "author": "jdeckerms",
- "ms.sitesec": "library",
- "ms.author": "jdecker",
- "ms.date": "05/23/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.surface-hub"
- }
- }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ],
+ "titleSuffix": "Surface Hub"
},
- "externalReference": [
- ],
+ "externalReference": [],
"template": "op.html",
"dest": "devices/surface-hub",
- "markdownEngineName": "dfm"
+ "markdownEngineName": "markdig"
}
-}
\ No newline at end of file
+}
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx
new file mode 100644
index 0000000000..b06a6e8b44
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Navigation.pptx differ
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx
new file mode 100644
index 0000000000..4fa5e3abd9
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Office365.pptx differ
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx
new file mode 100644
index 0000000000..210102de52
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Teams.pptx differ
diff --git a/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx
new file mode 100644
index 0000000000..6d39d374a7
Binary files /dev/null and b/devices/surface-hub/downloads/Guide-SurfaceHub2S-Whiteboard.pptx differ
diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf
new file mode 100644
index 0000000000..6c5b52d377
Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-EndUser.pdf differ
diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf
new file mode 100644
index 0000000000..ae296c8c08
Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-HelpDesk.pdf differ
diff --git a/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf
new file mode 100644
index 0000000000..9f64a7c4f2
Binary files /dev/null and b/devices/surface-hub/downloads/Outline-SurfaceHub2S-PowerUser.pdf differ
diff --git a/devices/surface-hub/downloads/QRCConnectYourPC.pdf b/devices/surface-hub/downloads/QRCConnectYourPC.pdf
new file mode 100644
index 0000000000..fbdb9d9164
Binary files /dev/null and b/devices/surface-hub/downloads/QRCConnectYourPC.pdf differ
diff --git a/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf
new file mode 100644
index 0000000000..62b86d2a00
Binary files /dev/null and b/devices/surface-hub/downloads/QRCJoinTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf
new file mode 100644
index 0000000000..a6af26dcf9
Binary files /dev/null and b/devices/surface-hub/downloads/QRCManageTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCNavigationBasics.pdf b/devices/surface-hub/downloads/QRCNavigationBasics.pdf
new file mode 100644
index 0000000000..6d8eb75ad5
Binary files /dev/null and b/devices/surface-hub/downloads/QRCNavigationBasics.pdf differ
diff --git a/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf
new file mode 100644
index 0000000000..a33cf1b1e1
Binary files /dev/null and b/devices/surface-hub/downloads/QRCScheduleTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCShareSendFile.pdf b/devices/surface-hub/downloads/QRCShareSendFile.pdf
new file mode 100644
index 0000000000..56d5c9f8c2
Binary files /dev/null and b/devices/surface-hub/downloads/QRCShareSendFile.pdf differ
diff --git a/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf
new file mode 100644
index 0000000000..61caa64f94
Binary files /dev/null and b/devices/surface-hub/downloads/QRCSignInToViewMeetingsFiles.pdf differ
diff --git a/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf
new file mode 100644
index 0000000000..d7a7c89268
Binary files /dev/null and b/devices/surface-hub/downloads/QRCStartNewTeamsMeeting.pdf differ
diff --git a/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf
new file mode 100644
index 0000000000..aed2f55671
Binary files /dev/null and b/devices/surface-hub/downloads/QRCWhiteboardAdvanced.pdf differ
diff --git a/devices/surface-hub/downloads/QRCWhiteboardTools.pdf b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf
new file mode 100644
index 0000000000..c6dfcc3523
Binary files /dev/null and b/devices/surface-hub/downloads/QRCWhiteboardTools.pdf differ
diff --git a/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf
new file mode 100644
index 0000000000..79675aaaaa
Binary files /dev/null and b/devices/surface-hub/downloads/SurfaceHubAdoptionToolKit.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf
new file mode 100644
index 0000000000..9fa82b77c5
Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf
new file mode 100644
index 0000000000..36d552a91a
Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf differ
diff --git a/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf
new file mode 100644
index 0000000000..216737e393
Binary files /dev/null and b/devices/surface-hub/downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf differ
diff --git a/devices/surface-hub/enable-8021x-wired-authentication.md b/devices/surface-hub/enable-8021x-wired-authentication.md
index 810dc3d2ce..bf91e2e42c 100644
--- a/devices/surface-hub/enable-8021x-wired-authentication.md
+++ b/devices/surface-hub/enable-8021x-wired-authentication.md
@@ -3,10 +3,12 @@ title: Enable 802.1x wired authentication
description: 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 11/15/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
index 2975a20db0..b6fca3a49e 100644
--- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
@@ -2,13 +2,15 @@
title: Microsoft Exchange properties (Surface Hub)
description: Some Microsoft Exchange properties of the device account must be set to particular values to have the best meeting experience on Microsoft Surface Hub.
ms.assetid: 3E84393B-C425-45BF-95A6-D6502BA1BF29
+ms.reviewer:
+manager: dansimp
keywords: Microsoft Exchange properties, device account, Surface Hub, Windows PowerShell cmdlet
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/finishing-your-surface-hub-meeting.md b/devices/surface-hub/finishing-your-surface-hub-meeting.md
index c56335e042..8776870779 100644
--- a/devices/surface-hub/finishing-your-surface-hub-meeting.md
+++ b/devices/surface-hub/finishing-your-surface-hub-meeting.md
@@ -4,10 +4,12 @@ description: To end a Surface Hub meeting, tap End session. Surface Hub cleans u
keywords: I am Done, end Surface Hub meeting, finish Surface Hub meeting, clean up Surface Hub meeting
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 346d0c8d8a..3d38a356f5 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -2,11 +2,13 @@
title: First-run program (Surface Hub)
description: The term \ 0034;first run \ 0034; refers to the series of steps you'll go through the first time you power up your Microsoft Surface Hub, and means the same thing as \ 0034;out-of-box experience \ 0034; (OOBE). This section will walk you through the process.
ms.assetid: 07C9E84C-1245-4511-B3B3-75939AD57C49
+ms.reviewer:
+manager: dansimp
keywords: first run, Surface Hub, out-of-box experience, OOBE
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -38,7 +40,7 @@ Each of these sections also contains information about paths you might take when
>[!NOTE]
>You should have the separate keyboard that came with your Surface Hub set up and ready before beginning. See the Surface Hub Setup Guide for details.
-
+
## Hi there page
@@ -48,7 +50,7 @@ This is the first screen you'll see when you power up the Surface Hub for the fi
>[!NOTE]
>This is also where you begin the optional process of deploying a provisioning package. See [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md) if that's what you're doing.
- Select a language and the initial setup options are displayed.
+ Select a language and the initial setup options are displayed.
@@ -66,7 +68,7 @@ If the default values shown are correct, then you can click **Next** to go on. O
>[!NOTE]
> Once the settings on this page are entered, you can't come back to this screen unless you reset the device (see [Device reset](device-reset-surface-hub.md)). Make sure that the settings are properly configured before proceeding.
-
+
When the settings are accepted, the device will check for a wired network connection. If the connection is fine, it will display the [Set up for you page](#set-up-for-you). If there is a problem with the wired connection, the device will display the [Network setup page](#network-setup).
@@ -86,9 +88,9 @@ This screen is shown only if the device fails to detect a wired network. If you
- You can select one of the wireless networks shown. If the network is secured, you'll be taken to a login page. See [Wireless network setup](#wireless) for details.
- Click **Skip this step** to skip connecting to a network. You'll be taken to the [Set up for you page](#set-up-for-you).
>[!NOTE]
- >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
+ >If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including system updates and email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
-
+
- You can plug in a network cable while this screen is visible. The device will detect it, and will add **Next** to the screen. Click **Next** to continue with making the wired connection.
@@ -121,9 +123,9 @@ This page will be shown when the device detects a wired connection with limited
- You can select a wireless network to use instead of the limited wired connection.
- You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
- **Note** If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
+ **Note** If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
-
+
- You can select **Enter proxy settings** which will allow you to specify how to use the network proxy. You'll be taken to the next screen.
@@ -147,9 +149,9 @@ When you click **Next**, the device will attempt to connect to the proxy server.
You can skip connecting to a network by selecting **Skip this step**. You'll be taken to the [Set up for you page](#set-up-for-you).
>[!NOTE]
->If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network managment](wireless-network-management-for-surface-hub.md)).
+>If you skip this, the device will not have a network connection, and nothing that requires a network connection will work on your Surface Hub, including things like email and calendar synchronization. You can connect to a wireless network later using Settings (see [Wireless network management](wireless-network-management-for-surface-hub.md)).
-
+
## Set up for you page
@@ -183,12 +185,12 @@ On this page, the Surface Hub will ask for credentials for the device account th
Use either a **user principal name (UPN)** or a **domain\\user name** as the account identifier in the first entry field. Use the format that matches your environment, and enter the password.
-| Environment | Required format for device account|
-| ------------ | ----------------------------------|
-| Device account is hosted only online. | username@domain.com|
-| Device account is hosted only on-prem. | DOMAIN\username|
-| Device account is hosted online and on-prem (hybrid). | DOMAIN\username|
+| Environment | Required format for device account |
+|-------------------------------------------------------|------------------------------------|
+| Device account is hosted only online. | username@domain.com |
+| Device account is hosted only on-prem. | DOMAIN\username |
+| Device account is hosted online and on-prem (hybrid). | DOMAIN\username |
Click **Skip setting up a device account** to skip setting up a device account. However, if you don't set up a device account, the device will not be fully integrated into your infrastructure. For example, people won't be able to:
@@ -201,7 +203,7 @@ If you skip setting it up now, you can add a device account later by using the S
If you click **Skip setting up a device account**, the device will display a dialog box showing what will happen if the device doesn't have a device account. If you choose **Yes, skip this**, you will be sent to the [Name this device page](#name-this-device).
-
+
### What happens?
@@ -317,7 +319,7 @@ Because every Surface Hub can be used by any number of authenticated employees,
>[!NOTE]
>The purpose of this page is primarily to determine who can configure the device from the device’s UI; that is, who can actually visit a device, log in, open up the Settings app, and make changes to the Settings.
-
+
@@ -335,12 +337,12 @@ This is what happens when you choose an option.
- **Use Microsoft Azure Active Directory**
- Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins security group from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization.
+ Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins role from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization.
- >[!IMPORTANT]
- >Administrators added to the Azure Global Admins group after you join the device to Azure AD will be unable to use the Settings app.
+ > [!IMPORTANT]
+ > Administrators added to the Azure Device Administrators role after you join the device to Azure AD will be unable to use the Settings app.
>
- >If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually.
+ > If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually.
- **Use Active Directory Domain Services**
@@ -355,7 +357,7 @@ This is what happens when you choose an option.
>[!NOTE]
>After you finish this process, you won't be able to change the device's admin option unless you reset the device.
-
+
### Use Microsoft Azure Active Directory
@@ -414,7 +416,7 @@ If the join is successful, you'll see the **Enter a security group** page. When
>[!NOTE]
>If you domain join the Surface Hub, you can't unjoin the device without resetting it.
-
+
### Use a local admin
@@ -440,7 +442,7 @@ This page will attempt to create a new admin account using the credentials that
>[!IMPORTANT]
>Before you do the updates, make sure you read [Save your BitLocker key](save-bitlocker-key-surface-hub.md) in order to make sure you have a backup of the key.
-
+
In order to get the latest features and fixes, you should update your Surface Hub as soon as you finish all of the preceding first-run steps.
@@ -449,9 +451,9 @@ In order to get the latest features and fixes, you should update your Surface Hu
3. If updates are available, they will be downloaded. Once downloading is complete, click the **Update now** button to install the updates.
4. Follow the onscreen prompts after the updates are installed. You may need to restart the device.
-
+
-
+
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index fde0bb2f8a..ea543e69f2 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -2,141 +2,144 @@
title: Hybrid deployment (Surface Hub)
description: A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub.
ms.assetid: 7BFBB7BE-F587-422E-9CE4-C9DDF829E4F1
+ms.reviewer:
+manager: dansimp
keywords: hybrid deployment, device account for Surface Hub, Exchange hosted on-prem, Exchange hosted online
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 08/30/2018
ms.localizationpriority: medium
---
# Hybrid deployment (Surface Hub)
-A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-prem), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
->[!NOTE]
->In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-prem). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
+A hybrid deployment requires special processing to set up a device account for your Microsoft Surface Hub. If you’re using a hybrid deployment, in which your organization has a mix of services, with some hosted on-premises and some hosted online, then your configuration will depend on where each service is hosted. This topic covers hybrid deployments for [Exchange hosted on-premises](#exchange-on-premises), [Exchange hosted online](#exchange-online), Skype for Business on-premises, Skype for Business online, and Skype for Business hybrid. Because there are so many different variations in this type of deployment, it's not possible to provide detailed instructions for all of them. The following process will work for many configurations. If the process isn't right for your setup, we recommend that you use PowerShell (see [Appendix: PowerShell](appendix-a-powershell-scripts-for-surface-hub.md)) to achieve the same end result as documented here, and for other deployment options. You should then use the provided Powershell script to verify your Surface Hub setup. (See [Account Verification Script](appendix-a-powershell-scripts-for-surface-hub.md#acct-verification-ps-scripts).)
+
+> [!NOTE]
+> In an Exchange hybrid environment, follow the steps for [Exchange on-premises](#exchange-on-premises). To move Exchange objects to Office 365, use the [New-MoveRequest](https://docs.microsoft.com/powershell/module/exchange/move-and-migration/new-moverequest?view=exchange-ps) cmdlet.
-
## Exchange on-premises
+
Use this procedure if you use Exchange on-premises.
-1. For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. This account will be synced to Office 365.
+1. For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account. This account will be synced to Office 365.
- - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
- - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
-
- 
+- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
+- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
- - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
+
- >**Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
+- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
- 
-
- - Click **Finish** to create the account.
+> **Important** Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
- 
+
+- Click **Finish** to create the account.
+
-2. Enable the remote mailbox.
+2. Enable the remote mailbox.
- Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
+Open your on-premises Exchange Management Shell with administrator permissions, and run this cmdlet.
- ```PowerShell
- Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
- ```
- >[!NOTE]
- >If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account.
- >
- >msExchRemoteRecipientType = 33
- >
- >msExchRecipientDisplayType = -2147481850
- >
- >msExchRecipientTypeDetails = 8589934592
-
-3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Office 365 admin center and verify that the account created in the previous steps has merged to online.
-
-4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
+```PowerShell
+Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
+```
- Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets.
+> [!NOTE]
+> If you don't have an on-premises Exchange environment to run this cmdlet, you can make the same changes directly to the Active Directory object for the account.
+>
+> msExchRemoteRecipientType = 33
+>
+> msExchRecipientDisplayType = -2147481850
+>
+> msExchRecipientTypeDetails = 8589934592
- The next steps will be run on your Office 365 tenant.
+3. After you've created the account, run a directory synchronization. When it's complete, go to the users page in your Microsoft 365 admin center and verify that the account created in the previous steps has merged to online.
- ```PowerShell
- Set-ExecutionPolicy RemoteSigned
- $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
- $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
- Import-PSSession $sess
- ```
+4. Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
-5. Create a new Exchange ActiveSync policy, or use a compatible existing policy.
+Start a remote PowerShell session on a PC and connect to Microsoft Exchange. Be sure you have the right permissions set to run the associated cmdlets.
- After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy.
-
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+The next steps will be run on your Office 365 tenant.
- If you haven’t created a compatible policy yet, use the following cmdlet—-this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+```PowerShell
+Set-ExecutionPolicy RemoteSigned
+$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri 'https://ps.outlook.com/powershell' -Credential $cred -Authentication Basic -AllowRedirection
+Import-PSSession $sess
+```
- ```PowerShell
- $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
- ```
+5. Create a new Exchange ActiveSync policy, or use a compatible existing policy.
- Once you have a compatible policy, then you will need to apply the policy to the device account.
+After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy or use a compatible existing policy.
- ```PowerShell
- Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
- ```
+Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
-6. Set Exchange properties.
+If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
- Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+```PowerShell
+$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+```
- ```PowerShell
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
- ```
+Once you have a compatible policy, you will need to apply the policy to the device account.
-7. Connect to Azure AD.
+```PowerShell
+Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
+```
- You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
- ```PowerShell
- Install-Module -Name AzureAD
- ```
-
- You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+6. Set Exchange properties.
- ```PowerShell
- Import-Module AzureAD
- Connect-AzureAD -Credential $cred
- ```
-8. Assign an Office 365 license.
+Setting Exchange properties on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
- The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
-
- You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+```PowerShell
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse 'This is a Surface Hub room!'
+```
- Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+7. Connect to Azure AD.
- ```PowerShell
- Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-
- Get-AzureADSubscribedSku | Select Sku*,*Units
- $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
- $License.SkuId = SkuId You selected
-
- $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
- $AssignedLicenses.AddLicenses = $License
- $AssignedLicenses.RemoveLicenses = @()
-
- Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
- ```
+You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command:
+
+```PowerShell
+Install-Module -Name AzureAD
+```
+
+You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+
+```PowerShell
+Import-Module AzureAD
+Connect-AzureAD -Credential $cred
+```
+
+8. Assign an Office 365 license.
+
+The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+
+You can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+
+Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+
+```PowerShell
+Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+
+Get-AzureADSubscribedSku | Select Sku*,*Units
+$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+$License.SkuId = SkuId You selected
+
+$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+$AssignedLicenses.AddLicenses = $License
+$AssignedLicenses.RemoveLicenses = @()
+
+Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
+```
Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
-
### Skype for Business Online
To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
@@ -147,7 +150,7 @@ To enable Skype for Business online, your tenant users must have Exchange mailbo
| Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL |
| Initiate an ad-hoc meeting and dial out from a meeting to phone numbers | Skype for Business Standalone Plan 2 with Audio Conferencing**Note** PSTN consumption billing is optional | E1 or E3 with Audio Conferencing, or E5| Skype for Business Server Standard CAL or Enterprise CAL |
| Give the room a phone number and make or receive calls from the room or join a dial-in conference using a phone number | Skype for Business Standalone Plan 2 with Phone System and a PSTN Voice Calling plan | E1 or E3 with Phone System and a PSTN Voice Calling plan, or E5 | Skype for Business Server Standard CAL or Plus CAL |
-
+
The following table lists the Office 365 plans and Skype for Business options.
| O365 Plan | Skype for Business | Phone System | Audio Conferencing | Calling Plans |
@@ -160,42 +163,42 @@ The following table lists the Office 365 plans and Skype for Business options.
1. Start by creating a remote PowerShell session from a PC to the Skype for Business online environment.
- ```PowerShell
- Import-Module SkypeOnlineConnector
- $cssess=New-CsOnlineSession -Credential $cred
- Import-PSSession $cssess -AllowClobber
- ```
-
+```PowerShell
+Import-Module SkypeOnlineConnector
+$cssess=New-CsOnlineSession -Credential $cred
+Import-PSSession $cssess -AllowClobber
+```
+
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
- ```PowerShell
- Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
- ```
-
- If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
+```PowerShell
+Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
+```
- ```PowerShell
- Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
- ```
+If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
+
+```PowerShell
+Get-CsOnlineUser -Identity ‘HUB01@contoso.com’| fl *registrarpool*
+```
3. Assign Skype for Business license to your Surface Hub account.
- Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
-
- - Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
-
- - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
-
- - Click the Surface Hub account, and then click the pen icon to edit the account information.
-
- - Click **Licenses**.
-
- - In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
-
- - Click **Save**.
+ Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device.
- >[!NOTE]
- >You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+- Login as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
+
+- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+
+- Click the Surface Hub account, and then click the pen icon to edit the account information.
+
+- Click **Licenses**.
+
+- In **Assign licenses**, select Skype for Business (Plan 1) or Skype for Business (Plan 2), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 2 license if you want to use Enterprise Voice on your Surface Hub.
+
+- Click **Save**.
+
+> [!NOTE]
+> You can also use the Windows Azure Active Directory Module for Windows Powershell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
For validation, you should be able to use any Skype for Business client (PC, Android, etc.) to sign in to this account.
@@ -203,7 +206,7 @@ For validation, you should be able to use any Skype for Business client (PC, And
To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
-```
+```PowerShell
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName
```
@@ -215,181 +218,181 @@ The Surface Hub requires a Skype account of the type `meetingroom`, while a norm
In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
->[!NOTE]
->To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
+> [!NOTE]
+> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
## Exchange online
+
Use this procedure if you use Exchange online.
-1. Create an email account in Office 365.
+1. Create an email account in Office 365.
- Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
+Start a remote PowerShell session on a PC and connect to Exchange. Be sure you have the right permissions set to run the associated cmdlets.
- ```PowerShell
- Set-ExecutionPolicy RemoteSigned
- $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
- $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
- Import-PSSession $sess
- ```
+```PowerShell
+Set-ExecutionPolicy RemoteSigned
+$cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+$sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+Import-PSSession $sess
+```
-2. Set up mailbox.
+2. Set up a mailbox.
- After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
- If you're changing an existing resource mailbox:
+If you're changing an existing resource mailbox:
- ```PowerShell
- Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+```PowerShell
+Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+```
- If you’re creating a new resource mailbox:
+If you’re creating a new resource mailbox:
- ```PowerShell
- New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+```PowerShell
+New-Mailbox -MicrosoftOnlineServicesID 'HUB01@contoso.com' -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+```
-3. Create Exchange ActiveSync policy.
+3. Create Exchange ActiveSync policy.
- After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, Exchange services on the Surface Hub (mail, calendar, and joining meetings) will not be enabled.
- If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
- ```PowerShell
- $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
- ```
+```PowerShell
+$easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+```
- Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
+Once you have a compatible policy, you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
- ```PowerShell
- Set-Mailbox 'HUB01@contoso.com' -Type Regular
- Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
- Set-Mailbox 'HUB01@contoso.com' -Type Room
- $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
- Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
- ```
+```PowerShell
+Set-Mailbox 'HUB01@contoso.com' -Type Regular
+Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.id
+Set-Mailbox 'HUB01@contoso.com' -Type Room
+$credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
+Set-Mailbox 'HUB01@contoso.com' -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+```
-4. Set Exchange properties.
+4. Set Exchange properties.
- Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
- ```PowerShell
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
- ```
+```PowerShell
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+```
-5. Add email address for your on-premises domain account.
+5. Add an email address for your on-premises domain account.
- For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account.
-
- - In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
- - Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
+For this procedure, you'll be using AD admin tools to add an email address for your on-premises domain account.
- 
+- In **Active Directory Users and Computers** AD tool, right-click on the folder or Organizational Unit that your Surface Hub accounts will be created in, click **New**, and **User**.
+- Type the display name from the previous cmdlet into the **Full name** box, and the alias into the **User logon name** box. Click **Next**.
- - Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
-
- >[!IMPORTANT]
- >Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
-
- 
-
- - Click **Finish** to create the account.
+
- 
+- Type the password for this account. You'll need to retype it for verification. Make sure the **Password never expires** checkbox is the only option selected.
-6. Run directory synchronization.
+> [!IMPORTANT]
+> Selecting **Password never expires** is a requirement for Skype for Business on the Surface Hub. Your domain rules may prohibit passwords that don't expire. If so, you'll need to create an exception for each Surface Hub device account.
- After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged.
+
-7. Connect to Azure AD.
+- Click **Finish** to create the account.
- You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
-
- ```PowerShell
- Install-Module -Name AzureAD
- ```
- You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+
- ```PowerShell
- Import-Module AzureAD
- Connect-AzureAD -Credential $cred
- ```
+6. Run directory synchronization.
-8. Assign an Office 365 license.
+After you've created the account, run a directory synchronization. When it's complete, go to the users page and verify that the two accounts created in the previous steps have merged.
- The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+7. Connect to Azure AD.
- Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+You first need to install Azure AD module for PowerShell version 2. In an elevated PowerShell prompt, run the following command:
- Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+```PowerShell
+Install-Module -Name AzureAD
+```
- ```PowerShell
- Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
-
- Get-AzureADSubscribedSku | Select Sku*,*Units
- $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
- $License.SkuId = SkuId You selected
-
- $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
- $AssignedLicenses.AddLicenses = $License
- $AssignedLicenses.RemoveLicenses = @()
-
- Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
- ```
+You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect:
-Next, you enable the device account with [Skype for Business Online](#sfb-online), [Skype for Business on-premises](#sfb-onprem), or [Skype for Business hybrid](#sfb-hybrid).
+```PowerShell
+Import-Module AzureAD
+Connect-AzureAD -Credential $cred
+```
+8. Assign an Office 365 license.
-### Skype for Business Online
-
-In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#sfb-online).
+The device account needs to have a valid Office 365 (O365) license, or Exchange and Skype for Business will not work. If you have the license, you need to assign a usage location to your device account—this determines what license SKUs are available for your account.
+
+Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+
+Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+
+```PowerShell
+Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+
+Get-AzureADSubscribedSku | Select Sku*,*Units
+$License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+$License.SkuId = SkuId You selected
+
+$AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+$AssignedLicenses.AddLicenses = $License
+$AssignedLicenses.RemoveLicenses = @()
+
+Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
+```
+
+Next, you enable the device account with [Skype for Business Online](#skype-for-business-online), [Skype for Business on-premises](#skype-for-business-on-premises), or [Skype for Business hybrid](#skype-for-business-hybrid).
+
+### Skype for Business Online
+
+In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](#skype-for-business-online).
1. Start by creating a remote PowerShell session to the Skype for Business online environment from a PC.
- ```PowerShell
- Import-Module SkypeOnlineConnector
- $cssess=New-CsOnlineSession -Credential $cred
- Import-PSSession $cssess -AllowClobber
- ```
+```PowerShell
+Import-Module SkypeOnlineConnector
+$cssess=New-CsOnlineSession -Credential $cred
+Import-PSSession $cssess -AllowClobber
+```
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
- ```PowerShell
- Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool
- 'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
- ```
+```PowerShell
+Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool
+'sippoolbl20a04.infra.lync.com' -SipAddressType UserPrincipalName
+```
If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
- ```PowerShell
- Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
- ```
+```PowerShell
+Get-CsOnlineUser -Identity 'HUB01@contoso.com'| fl *registrarpool*
+```
10. Assign Skype for Business license to your Surface Hub account
- Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) to the device.
+Once you've completed the preceding steps to enable your Surface Hub account in Skype for Business Online, you need to assign a license to the Surface Hub. Using the O365 administrative portal, assign either a Skype for Business Online (Plan 2) or a Skype for Business Online (Plan 3) license to the device.
- - Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
-
- - Click on **Users and Groups** and then **Add users, reset passwords, and more**.
-
- - Click the Surface Hub account, and then click the pen icon to edit the account information.
-
- - Click **Licenses**.
-
- - In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
-
- - Click **Save**.
+- Sign in as a tenant administrator, open the O365 Administrative Portal, and click on the Admin app.
- >[!NOTE]
- > You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
+- Click on **Users and Groups** and then **Add users, reset passwords, and more**.
+
+- Click the Surface Hub account, and then click the pen icon to edit the account information.
+
+- Click **Licenses**.
+
+- In **Assign licenses**, select Skype for Business (Plan 2) or Skype for Business (Plan 3), depending on your licensing and Enterprise Voice requirements. You'll have to use a Plan 3 license if you want to use Enterprise Voice on your Surface Hub.
+
+- Click **Save**.
+
+> [!NOTE]
+> You can also use the Windows Azure Active Directory Module for Windows PowerShell to run the cmdlets needed to assign one of these licenses, but that's not covered here.
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.
-
### Skype for Business on-premises
To run this cmdlet, you will need to connect to one of the Skype front-ends. Open the Skype PowerShell and run:
@@ -398,15 +401,13 @@ To run this cmdlet, you will need to connect to one of the Skype front-ends. Ope
Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool registrarpoolfqdn -SipAddressType UserPrincipalName
```
-
### Skype for Business hybrid
If your organization has set up [hybrid connectivity between Skype for Business Server and Skype for Business Online](https://technet.microsoft.com/library/jj205403.aspx), the guidance for creating accounts differs from a standard Surface Hub deployment.
The Surface Hub requires a Skype account of the type *meetingroom*, while a normal user would use a *user* type account in Skype. If your Skype server is set up for hybrid where you might have users on the local Skype server as well as users hosted in Office 365, you might run into a few issues when trying to create a Surface Hub account.
-
+
In Skype for Business Server 2015 hybrid environment, any user that you want in Skype for Business Online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online. The move of a user account from on-premises to online is done via the [Move-CsUser](https://technet.microsoft.com/library/gg398528.aspx) cmdlet. To move a Csmeetingroom object, use the [Move-CsMeetingRoom](https://technet.microsoft.com/library/jj204889.aspx?f=255&mspperror=-2147217396) cmdlet.
->[!NOTE]
->To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
-
+> [!NOTE]
+> To use the Move-CsMeetingRoom cmdlet, you must have installed [the May 2017 cumulative update 6.0.9319.281 for Skype for Business Server 2015](https://support.microsoft.com/help/4020991/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p) or [the July 2017 cumulative update 5.0.8308.992 for Lync Server 2013](https://support.microsoft.com/help/4034279/enables-the-move-csmeetingroom-cmdlet-to-move-a-meeting-room-from-on-p).
diff --git a/devices/surface-hub/images/01-diagnostic.png b/devices/surface-hub/images/01-diagnostic.png
new file mode 100644
index 0000000000..fde5951776
Binary files /dev/null and b/devices/surface-hub/images/01-diagnostic.png differ
diff --git a/devices/surface-hub/images/01-escape.png b/devices/surface-hub/images/01-escape.png
new file mode 100644
index 0000000000..badfc5883d
Binary files /dev/null and b/devices/surface-hub/images/01-escape.png differ
diff --git a/devices/surface-hub/images/02-all-apps.png b/devices/surface-hub/images/02-all-apps.png
new file mode 100644
index 0000000000..a29e9d8428
Binary files /dev/null and b/devices/surface-hub/images/02-all-apps.png differ
diff --git a/devices/surface-hub/images/02-skip-this-drive.png b/devices/surface-hub/images/02-skip-this-drive.png
new file mode 100644
index 0000000000..930f0b26d3
Binary files /dev/null and b/devices/surface-hub/images/02-skip-this-drive.png differ
diff --git a/devices/surface-hub/images/03-recover-from-cloud.png b/devices/surface-hub/images/03-recover-from-cloud.png
new file mode 100644
index 0000000000..be422cecc8
Binary files /dev/null and b/devices/surface-hub/images/03-recover-from-cloud.png differ
diff --git a/devices/surface-hub/images/03-welcome.png b/devices/surface-hub/images/03-welcome.png
new file mode 100644
index 0000000000..b71ebe0752
Binary files /dev/null and b/devices/surface-hub/images/03-welcome.png differ
diff --git a/devices/surface-hub/images/04-test-results-1.png b/devices/surface-hub/images/04-test-results-1.png
new file mode 100644
index 0000000000..e0b53f2dc3
Binary files /dev/null and b/devices/surface-hub/images/04-test-results-1.png differ
diff --git a/devices/surface-hub/images/04-yes.png b/devices/surface-hub/images/04-yes.png
new file mode 100644
index 0000000000..9c26b795ce
Binary files /dev/null and b/devices/surface-hub/images/04-yes.png differ
diff --git a/devices/surface-hub/images/05-test-results-2.png b/devices/surface-hub/images/05-test-results-2.png
new file mode 100644
index 0000000000..55b7c7abed
Binary files /dev/null and b/devices/surface-hub/images/05-test-results-2.png differ
diff --git a/devices/surface-hub/images/05a-reinstall.png b/devices/surface-hub/images/05a-reinstall.png
new file mode 100644
index 0000000000..60d90928ba
Binary files /dev/null and b/devices/surface-hub/images/05a-reinstall.png differ
diff --git a/devices/surface-hub/images/05b-downloading.png b/devices/surface-hub/images/05b-downloading.png
new file mode 100644
index 0000000000..59393e7162
Binary files /dev/null and b/devices/surface-hub/images/05b-downloading.png differ
diff --git a/devices/surface-hub/images/06-account-settings.png b/devices/surface-hub/images/06-account-settings.png
new file mode 100644
index 0000000000..35a92f2ff8
Binary files /dev/null and b/devices/surface-hub/images/06-account-settings.png differ
diff --git a/devices/surface-hub/images/06-out-of-box.png b/devices/surface-hub/images/06-out-of-box.png
new file mode 100644
index 0000000000..a513b46c5b
Binary files /dev/null and b/devices/surface-hub/images/06-out-of-box.png differ
diff --git a/devices/surface-hub/images/07-account-settings-details.png b/devices/surface-hub/images/07-account-settings-details.png
new file mode 100644
index 0000000000..421f372b03
Binary files /dev/null and b/devices/surface-hub/images/07-account-settings-details.png differ
diff --git a/devices/surface-hub/images/07-cancel.png b/devices/surface-hub/images/07-cancel.png
new file mode 100644
index 0000000000..a788960011
Binary files /dev/null and b/devices/surface-hub/images/07-cancel.png differ
diff --git a/devices/surface-hub/images/08-test-account.png b/devices/surface-hub/images/08-test-account.png
new file mode 100644
index 0000000000..d7cbf9620d
Binary files /dev/null and b/devices/surface-hub/images/08-test-account.png differ
diff --git a/devices/surface-hub/images/08-troubleshoot.png b/devices/surface-hub/images/08-troubleshoot.png
new file mode 100644
index 0000000000..d2af1969bd
Binary files /dev/null and b/devices/surface-hub/images/08-troubleshoot.png differ
diff --git a/devices/surface-hub/images/09-network.png b/devices/surface-hub/images/09-network.png
new file mode 100644
index 0000000000..d69f2d67ec
Binary files /dev/null and b/devices/surface-hub/images/09-network.png differ
diff --git a/devices/surface-hub/images/09-recover-from-cloud2.png b/devices/surface-hub/images/09-recover-from-cloud2.png
new file mode 100644
index 0000000000..64650a91bb
Binary files /dev/null and b/devices/surface-hub/images/09-recover-from-cloud2.png differ
diff --git a/devices/surface-hub/images/10-cancel.png b/devices/surface-hub/images/10-cancel.png
new file mode 100644
index 0000000000..ffef745522
Binary files /dev/null and b/devices/surface-hub/images/10-cancel.png differ
diff --git a/devices/surface-hub/images/10-environment.png b/devices/surface-hub/images/10-environment.png
new file mode 100644
index 0000000000..376e077249
Binary files /dev/null and b/devices/surface-hub/images/10-environment.png differ
diff --git a/devices/surface-hub/images/11-certificates.png b/devices/surface-hub/images/11-certificates.png
new file mode 100644
index 0000000000..13b45396b3
Binary files /dev/null and b/devices/surface-hub/images/11-certificates.png differ
diff --git a/devices/surface-hub/images/12-trust-model.png b/devices/surface-hub/images/12-trust-model.png
new file mode 100644
index 0000000000..996bb4fdd4
Binary files /dev/null and b/devices/surface-hub/images/12-trust-model.png differ
diff --git a/devices/surface-hub/images/2s-mount-pattern.png b/devices/surface-hub/images/2s-mount-pattern.png
new file mode 100644
index 0000000000..92262fb428
Binary files /dev/null and b/devices/surface-hub/images/2s-mount-pattern.png differ
diff --git a/devices/surface-hub/images/35mm.png b/devices/surface-hub/images/35mm.png
new file mode 100644
index 0000000000..7a414337b6
Binary files /dev/null and b/devices/surface-hub/images/35mm.png differ
diff --git a/devices/surface-hub/images/analog.png b/devices/surface-hub/images/analog.png
new file mode 100644
index 0000000000..1f1666903b
Binary files /dev/null and b/devices/surface-hub/images/analog.png differ
diff --git a/devices/surface-hub/images/caution.PNG b/devices/surface-hub/images/caution.PNG
new file mode 100644
index 0000000000..0f87b07c0f
Binary files /dev/null and b/devices/surface-hub/images/caution.PNG differ
diff --git a/devices/surface-hub/images/dport.png b/devices/surface-hub/images/dport.png
new file mode 100644
index 0000000000..2842f96ad4
Binary files /dev/null and b/devices/surface-hub/images/dport.png differ
diff --git a/devices/surface-hub/images/dportio.png b/devices/surface-hub/images/dportio.png
new file mode 100644
index 0000000000..02bf145d60
Binary files /dev/null and b/devices/surface-hub/images/dportio.png differ
diff --git a/devices/surface-hub/images/dportout.png b/devices/surface-hub/images/dportout.png
new file mode 100644
index 0000000000..4b6bb87663
Binary files /dev/null and b/devices/surface-hub/images/dportout.png differ
diff --git a/devices/surface-hub/images/h2gen-platemount.png b/devices/surface-hub/images/h2gen-platemount.png
new file mode 100644
index 0000000000..4a8ca76fd4
Binary files /dev/null and b/devices/surface-hub/images/h2gen-platemount.png differ
diff --git a/devices/surface-hub/images/h2gen-railmount.png b/devices/surface-hub/images/h2gen-railmount.png
new file mode 100644
index 0000000000..0c8bf8ffb6
Binary files /dev/null and b/devices/surface-hub/images/h2gen-railmount.png differ
diff --git a/devices/surface-hub/images/hdmi.png b/devices/surface-hub/images/hdmi.png
new file mode 100644
index 0000000000..a2c69ace45
Binary files /dev/null and b/devices/surface-hub/images/hdmi.png differ
diff --git a/devices/surface-hub/images/hub2s-rear.png b/devices/surface-hub/images/hub2s-rear.png
new file mode 100644
index 0000000000..f30a81159c
Binary files /dev/null and b/devices/surface-hub/images/hub2s-rear.png differ
diff --git a/devices/surface-hub/images/hub2s-schematic.png b/devices/surface-hub/images/hub2s-schematic.png
new file mode 100644
index 0000000000..28c328a005
Binary files /dev/null and b/devices/surface-hub/images/hub2s-schematic.png differ
diff --git a/devices/surface-hub/images/iec.png b/devices/surface-hub/images/iec.png
new file mode 100644
index 0000000000..7ca6e9237b
Binary files /dev/null and b/devices/surface-hub/images/iec.png differ
diff --git a/devices/surface-hub/images/key-55.png b/devices/surface-hub/images/key-55.png
new file mode 100644
index 0000000000..d0ee9a5d13
Binary files /dev/null and b/devices/surface-hub/images/key-55.png differ
diff --git a/devices/surface-hub/images/qos-create.png b/devices/surface-hub/images/qos-create.png
new file mode 100644
index 0000000000..7cd4726ddb
Binary files /dev/null and b/devices/surface-hub/images/qos-create.png differ
diff --git a/devices/surface-hub/images/qos-setting.png b/devices/surface-hub/images/qos-setting.png
new file mode 100644
index 0000000000..d775d9a46f
Binary files /dev/null and b/devices/surface-hub/images/qos-setting.png differ
diff --git a/devices/surface-hub/images/replacement-port-55.PNG b/devices/surface-hub/images/replacement-port-55.PNG
new file mode 100644
index 0000000000..5bf0b51b02
Binary files /dev/null and b/devices/surface-hub/images/replacement-port-55.PNG differ
diff --git a/devices/surface-hub/images/replacement-port-84.PNG b/devices/surface-hub/images/replacement-port-84.PNG
new file mode 100644
index 0000000000..45284b4ab9
Binary files /dev/null and b/devices/surface-hub/images/replacement-port-84.PNG differ
diff --git a/devices/surface-hub/images/rj11.png b/devices/surface-hub/images/rj11.png
new file mode 100644
index 0000000000..f044354caa
Binary files /dev/null and b/devices/surface-hub/images/rj11.png differ
diff --git a/devices/surface-hub/images/rj45.png b/devices/surface-hub/images/rj45.png
new file mode 100644
index 0000000000..ca88423217
Binary files /dev/null and b/devices/surface-hub/images/rj45.png differ
diff --git a/devices/surface-hub/images/sh-55-bottom.png b/devices/surface-hub/images/sh-55-bottom.png
new file mode 100644
index 0000000000..3d718d1226
Binary files /dev/null and b/devices/surface-hub/images/sh-55-bottom.png differ
diff --git a/devices/surface-hub/images/sh-55-clearance.png b/devices/surface-hub/images/sh-55-clearance.png
new file mode 100644
index 0000000000..12fc35ec49
Binary files /dev/null and b/devices/surface-hub/images/sh-55-clearance.png differ
diff --git a/devices/surface-hub/images/sh-55-front.png b/devices/surface-hub/images/sh-55-front.png
new file mode 100644
index 0000000000..e1268ee328
Binary files /dev/null and b/devices/surface-hub/images/sh-55-front.png differ
diff --git a/devices/surface-hub/images/sh-55-hand-rear.png b/devices/surface-hub/images/sh-55-hand-rear.png
new file mode 100644
index 0000000000..b1ff007ec2
Binary files /dev/null and b/devices/surface-hub/images/sh-55-hand-rear.png differ
diff --git a/devices/surface-hub/images/sh-55-hand.png b/devices/surface-hub/images/sh-55-hand.png
new file mode 100644
index 0000000000..6f8d96ba8e
Binary files /dev/null and b/devices/surface-hub/images/sh-55-hand.png differ
diff --git a/devices/surface-hub/images/sh-55-rear.png b/devices/surface-hub/images/sh-55-rear.png
new file mode 100644
index 0000000000..840b941e03
Binary files /dev/null and b/devices/surface-hub/images/sh-55-rear.png differ
diff --git a/devices/surface-hub/images/sh-55-top.png b/devices/surface-hub/images/sh-55-top.png
new file mode 100644
index 0000000000..f8c93f5d1b
Binary files /dev/null and b/devices/surface-hub/images/sh-55-top.png differ
diff --git a/devices/surface-hub/images/sh-84-bottom.png b/devices/surface-hub/images/sh-84-bottom.png
new file mode 100644
index 0000000000..d7252537e4
Binary files /dev/null and b/devices/surface-hub/images/sh-84-bottom.png differ
diff --git a/devices/surface-hub/images/sh-84-clearance.png b/devices/surface-hub/images/sh-84-clearance.png
new file mode 100644
index 0000000000..8fd0cd2c32
Binary files /dev/null and b/devices/surface-hub/images/sh-84-clearance.png differ
diff --git a/devices/surface-hub/images/sh-84-front.png b/devices/surface-hub/images/sh-84-front.png
new file mode 100644
index 0000000000..8afa0de18b
Binary files /dev/null and b/devices/surface-hub/images/sh-84-front.png differ
diff --git a/devices/surface-hub/images/sh-84-hand-top.png b/devices/surface-hub/images/sh-84-hand-top.png
new file mode 100644
index 0000000000..1e52446eb0
Binary files /dev/null and b/devices/surface-hub/images/sh-84-hand-top.png differ
diff --git a/devices/surface-hub/images/sh-84-hand.png b/devices/surface-hub/images/sh-84-hand.png
new file mode 100644
index 0000000000..3e84a8a434
Binary files /dev/null and b/devices/surface-hub/images/sh-84-hand.png differ
diff --git a/devices/surface-hub/images/sh-84-rear.png b/devices/surface-hub/images/sh-84-rear.png
new file mode 100644
index 0000000000..5837d4e185
Binary files /dev/null and b/devices/surface-hub/images/sh-84-rear.png differ
diff --git a/devices/surface-hub/images/sh-84-side.png b/devices/surface-hub/images/sh-84-side.png
new file mode 100644
index 0000000000..6b1ad8385b
Binary files /dev/null and b/devices/surface-hub/images/sh-84-side.png differ
diff --git a/devices/surface-hub/images/sh-84-top.png b/devices/surface-hub/images/sh-84-top.png
new file mode 100644
index 0000000000..badc94af0b
Binary files /dev/null and b/devices/surface-hub/images/sh-84-top.png differ
diff --git a/devices/surface-hub/images/sh-84-wall.png b/devices/surface-hub/images/sh-84-wall.png
new file mode 100644
index 0000000000..15d2e5a848
Binary files /dev/null and b/devices/surface-hub/images/sh-84-wall.png differ
diff --git a/devices/surface-hub/images/sh2-account2.png b/devices/surface-hub/images/sh2-account2.png
new file mode 100644
index 0000000000..2a2267ab7c
Binary files /dev/null and b/devices/surface-hub/images/sh2-account2.png differ
diff --git a/devices/surface-hub/images/sh2-account3.png b/devices/surface-hub/images/sh2-account3.png
new file mode 100644
index 0000000000..b67ff0da37
Binary files /dev/null and b/devices/surface-hub/images/sh2-account3.png differ
diff --git a/devices/surface-hub/images/sh2-account4.png b/devices/surface-hub/images/sh2-account4.png
new file mode 100644
index 0000000000..7495f28607
Binary files /dev/null and b/devices/surface-hub/images/sh2-account4.png differ
diff --git a/devices/surface-hub/images/sh2-account5.png b/devices/surface-hub/images/sh2-account5.png
new file mode 100644
index 0000000000..3dc9061733
Binary files /dev/null and b/devices/surface-hub/images/sh2-account5.png differ
diff --git a/devices/surface-hub/images/sh2-add-group.png b/devices/surface-hub/images/sh2-add-group.png
new file mode 100644
index 0000000000..eb44ad8cf9
Binary files /dev/null and b/devices/surface-hub/images/sh2-add-group.png differ
diff --git a/devices/surface-hub/images/sh2-add-room.png b/devices/surface-hub/images/sh2-add-room.png
new file mode 100644
index 0000000000..c53ee340bc
Binary files /dev/null and b/devices/surface-hub/images/sh2-add-room.png differ
diff --git a/devices/surface-hub/images/sh2-apps-assign.png b/devices/surface-hub/images/sh2-apps-assign.png
new file mode 100644
index 0000000000..f6a91864c8
Binary files /dev/null and b/devices/surface-hub/images/sh2-apps-assign.png differ
diff --git a/devices/surface-hub/images/sh2-assign-group.png b/devices/surface-hub/images/sh2-assign-group.png
new file mode 100644
index 0000000000..a2d79bcd34
Binary files /dev/null and b/devices/surface-hub/images/sh2-assign-group.png differ
diff --git a/devices/surface-hub/images/sh2-cartridge.png b/devices/surface-hub/images/sh2-cartridge.png
new file mode 100644
index 0000000000..3c7a2e83be
Binary files /dev/null and b/devices/surface-hub/images/sh2-cartridge.png differ
diff --git a/devices/surface-hub/images/sh2-config-file.png b/devices/surface-hub/images/sh2-config-file.png
new file mode 100644
index 0000000000..d8293c8ff6
Binary files /dev/null and b/devices/surface-hub/images/sh2-config-file.png differ
diff --git a/devices/surface-hub/images/sh2-deploy-apps-sync.png b/devices/surface-hub/images/sh2-deploy-apps-sync.png
new file mode 100644
index 0000000000..060c29c17f
Binary files /dev/null and b/devices/surface-hub/images/sh2-deploy-apps-sync.png differ
diff --git a/devices/surface-hub/images/sh2-keepout-zones.png b/devices/surface-hub/images/sh2-keepout-zones.png
new file mode 100644
index 0000000000..bf318963df
Binary files /dev/null and b/devices/surface-hub/images/sh2-keepout-zones.png differ
diff --git a/devices/surface-hub/images/sh2-keypad.png b/devices/surface-hub/images/sh2-keypad.png
new file mode 100644
index 0000000000..595bb19341
Binary files /dev/null and b/devices/surface-hub/images/sh2-keypad.png differ
diff --git a/devices/surface-hub/images/sh2-mobile-stand.png b/devices/surface-hub/images/sh2-mobile-stand.png
new file mode 100644
index 0000000000..75c64f06f3
Binary files /dev/null and b/devices/surface-hub/images/sh2-mobile-stand.png differ
diff --git a/devices/surface-hub/images/sh2-mount-config.png b/devices/surface-hub/images/sh2-mount-config.png
new file mode 100644
index 0000000000..5cde6108a1
Binary files /dev/null and b/devices/surface-hub/images/sh2-mount-config.png differ
diff --git a/devices/surface-hub/images/sh2-onscreen-display.png b/devices/surface-hub/images/sh2-onscreen-display.png
new file mode 100644
index 0000000000..4605f50734
Binary files /dev/null and b/devices/surface-hub/images/sh2-onscreen-display.png differ
diff --git a/devices/surface-hub/images/sh2-pen-pressure.png b/devices/surface-hub/images/sh2-pen-pressure.png
new file mode 100644
index 0000000000..67054ca972
Binary files /dev/null and b/devices/surface-hub/images/sh2-pen-pressure.png differ
diff --git a/devices/surface-hub/images/sh2-pen.png b/devices/surface-hub/images/sh2-pen.png
new file mode 100644
index 0000000000..1a95b9581e
Binary files /dev/null and b/devices/surface-hub/images/sh2-pen.png differ
diff --git a/devices/surface-hub/images/sh2-ports.png b/devices/surface-hub/images/sh2-ports.png
new file mode 100644
index 0000000000..2d30422911
Binary files /dev/null and b/devices/surface-hub/images/sh2-ports.png differ
diff --git a/devices/surface-hub/images/sh2-proxy.png b/devices/surface-hub/images/sh2-proxy.png
new file mode 100644
index 0000000000..81946a9906
Binary files /dev/null and b/devices/surface-hub/images/sh2-proxy.png differ
diff --git a/devices/surface-hub/images/sh2-reset.png b/devices/surface-hub/images/sh2-reset.png
new file mode 100644
index 0000000000..06b306ec5d
Binary files /dev/null and b/devices/surface-hub/images/sh2-reset.png differ
diff --git a/devices/surface-hub/images/sh2-run1.png b/devices/surface-hub/images/sh2-run1.png
new file mode 100644
index 0000000000..15aa540166
Binary files /dev/null and b/devices/surface-hub/images/sh2-run1.png differ
diff --git a/devices/surface-hub/images/sh2-run10.png b/devices/surface-hub/images/sh2-run10.png
new file mode 100644
index 0000000000..5e980fa334
Binary files /dev/null and b/devices/surface-hub/images/sh2-run10.png differ
diff --git a/devices/surface-hub/images/sh2-run11.png b/devices/surface-hub/images/sh2-run11.png
new file mode 100644
index 0000000000..02362bc5da
Binary files /dev/null and b/devices/surface-hub/images/sh2-run11.png differ
diff --git a/devices/surface-hub/images/sh2-run12.png b/devices/surface-hub/images/sh2-run12.png
new file mode 100644
index 0000000000..f619ac4c42
Binary files /dev/null and b/devices/surface-hub/images/sh2-run12.png differ
diff --git a/devices/surface-hub/images/sh2-run13.png b/devices/surface-hub/images/sh2-run13.png
new file mode 100644
index 0000000000..77b9e3e2a6
Binary files /dev/null and b/devices/surface-hub/images/sh2-run13.png differ
diff --git a/devices/surface-hub/images/sh2-run14.png b/devices/surface-hub/images/sh2-run14.png
new file mode 100644
index 0000000000..d88ca872ca
Binary files /dev/null and b/devices/surface-hub/images/sh2-run14.png differ
diff --git a/devices/surface-hub/images/sh2-run2.png b/devices/surface-hub/images/sh2-run2.png
new file mode 100644
index 0000000000..fd379b2b05
Binary files /dev/null and b/devices/surface-hub/images/sh2-run2.png differ
diff --git a/devices/surface-hub/images/sh2-run3.png b/devices/surface-hub/images/sh2-run3.png
new file mode 100644
index 0000000000..8171beecbf
Binary files /dev/null and b/devices/surface-hub/images/sh2-run3.png differ
diff --git a/devices/surface-hub/images/sh2-run4.png b/devices/surface-hub/images/sh2-run4.png
new file mode 100644
index 0000000000..1a132dfebb
Binary files /dev/null and b/devices/surface-hub/images/sh2-run4.png differ
diff --git a/devices/surface-hub/images/sh2-run5.png b/devices/surface-hub/images/sh2-run5.png
new file mode 100644
index 0000000000..ebfe53f3cb
Binary files /dev/null and b/devices/surface-hub/images/sh2-run5.png differ
diff --git a/devices/surface-hub/images/sh2-run6.png b/devices/surface-hub/images/sh2-run6.png
new file mode 100644
index 0000000000..896531f4ec
Binary files /dev/null and b/devices/surface-hub/images/sh2-run6.png differ
diff --git a/devices/surface-hub/images/sh2-run7.png b/devices/surface-hub/images/sh2-run7.png
new file mode 100644
index 0000000000..59e60d84de
Binary files /dev/null and b/devices/surface-hub/images/sh2-run7.png differ
diff --git a/devices/surface-hub/images/sh2-run8.png b/devices/surface-hub/images/sh2-run8.png
new file mode 100644
index 0000000000..ec2daf8e4f
Binary files /dev/null and b/devices/surface-hub/images/sh2-run8.png differ
diff --git a/devices/surface-hub/images/sh2-run9.png b/devices/surface-hub/images/sh2-run9.png
new file mode 100644
index 0000000000..5bd3abea88
Binary files /dev/null and b/devices/surface-hub/images/sh2-run9.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune1.png b/devices/surface-hub/images/sh2-set-intune1.png
new file mode 100644
index 0000000000..9993225210
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune1.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune3.png b/devices/surface-hub/images/sh2-set-intune3.png
new file mode 100644
index 0000000000..f931d828fc
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune3.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune5.png b/devices/surface-hub/images/sh2-set-intune5.png
new file mode 100644
index 0000000000..9afb1c1445
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune5.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune6.png b/devices/surface-hub/images/sh2-set-intune6.png
new file mode 100644
index 0000000000..155cbb9930
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune6.png differ
diff --git a/devices/surface-hub/images/sh2-set-intune8.png b/devices/surface-hub/images/sh2-set-intune8.png
new file mode 100644
index 0000000000..a8d9bfe874
Binary files /dev/null and b/devices/surface-hub/images/sh2-set-intune8.png differ
diff --git a/devices/surface-hub/images/sh2-setup-1.png b/devices/surface-hub/images/sh2-setup-1.png
new file mode 100644
index 0000000000..1204020f9f
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-1.png differ
diff --git a/devices/surface-hub/images/sh2-setup-2.png b/devices/surface-hub/images/sh2-setup-2.png
new file mode 100644
index 0000000000..0d6501782b
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-2.png differ
diff --git a/devices/surface-hub/images/sh2-setup-3.png b/devices/surface-hub/images/sh2-setup-3.png
new file mode 100644
index 0000000000..2b827f4405
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-3.png differ
diff --git a/devices/surface-hub/images/sh2-setup-4.png b/devices/surface-hub/images/sh2-setup-4.png
new file mode 100644
index 0000000000..0825dadce4
Binary files /dev/null and b/devices/surface-hub/images/sh2-setup-4.png differ
diff --git a/devices/surface-hub/images/sh2-thermal-audio.png b/devices/surface-hub/images/sh2-thermal-audio.png
new file mode 100644
index 0000000000..5d9640df9b
Binary files /dev/null and b/devices/surface-hub/images/sh2-thermal-audio.png differ
diff --git a/devices/surface-hub/images/sh2-token.png b/devices/surface-hub/images/sh2-token.png
new file mode 100644
index 0000000000..115153a767
Binary files /dev/null and b/devices/surface-hub/images/sh2-token.png differ
diff --git a/devices/surface-hub/images/sh2-token2.png b/devices/surface-hub/images/sh2-token2.png
new file mode 100644
index 0000000000..324bc27f63
Binary files /dev/null and b/devices/surface-hub/images/sh2-token2.png differ
diff --git a/devices/surface-hub/images/sh2-token3.png b/devices/surface-hub/images/sh2-token3.png
new file mode 100644
index 0000000000..04e173d391
Binary files /dev/null and b/devices/surface-hub/images/sh2-token3.png differ
diff --git a/devices/surface-hub/images/sh2-uefi1.png b/devices/surface-hub/images/sh2-uefi1.png
new file mode 100644
index 0000000000..ecb5aad455
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi1.png differ
diff --git a/devices/surface-hub/images/sh2-uefi10.png b/devices/surface-hub/images/sh2-uefi10.png
new file mode 100644
index 0000000000..eafc0617a2
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi10.png differ
diff --git a/devices/surface-hub/images/sh2-uefi2.png b/devices/surface-hub/images/sh2-uefi2.png
new file mode 100644
index 0000000000..8dbcb3df84
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi2.png differ
diff --git a/devices/surface-hub/images/sh2-uefi3.png b/devices/surface-hub/images/sh2-uefi3.png
new file mode 100644
index 0000000000..f9b0fdb754
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi3.png differ
diff --git a/devices/surface-hub/images/sh2-uefi4.png b/devices/surface-hub/images/sh2-uefi4.png
new file mode 100644
index 0000000000..ae6f427772
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi4.png differ
diff --git a/devices/surface-hub/images/sh2-uefi5.png b/devices/surface-hub/images/sh2-uefi5.png
new file mode 100644
index 0000000000..18a780074f
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi5.png differ
diff --git a/devices/surface-hub/images/sh2-uefi6.png b/devices/surface-hub/images/sh2-uefi6.png
new file mode 100644
index 0000000000..7b4390574a
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi6.png differ
diff --git a/devices/surface-hub/images/sh2-uefi7.png b/devices/surface-hub/images/sh2-uefi7.png
new file mode 100644
index 0000000000..0302b41a43
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi7.png differ
diff --git a/devices/surface-hub/images/sh2-uefi8.png b/devices/surface-hub/images/sh2-uefi8.png
new file mode 100644
index 0000000000..c5ccc27628
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi8.png differ
diff --git a/devices/surface-hub/images/sh2-uefi9.png b/devices/surface-hub/images/sh2-uefi9.png
new file mode 100644
index 0000000000..4747c398c8
Binary files /dev/null and b/devices/surface-hub/images/sh2-uefi9.png differ
diff --git a/devices/surface-hub/images/sh2-wall-front.png b/devices/surface-hub/images/sh2-wall-front.png
new file mode 100644
index 0000000000..349e124bb0
Binary files /dev/null and b/devices/surface-hub/images/sh2-wall-front.png differ
diff --git a/devices/surface-hub/images/sh2-wall-side.png b/devices/surface-hub/images/sh2-wall-side.png
new file mode 100644
index 0000000000..f09cbda81e
Binary files /dev/null and b/devices/surface-hub/images/sh2-wall-side.png differ
diff --git a/devices/surface-hub/images/sh2-wcd.png b/devices/surface-hub/images/sh2-wcd.png
new file mode 100644
index 0000000000..8a945dfca4
Binary files /dev/null and b/devices/surface-hub/images/sh2-wcd.png differ
diff --git a/devices/surface-hub/images/ssd-click.PNG b/devices/surface-hub/images/ssd-click.PNG
new file mode 100644
index 0000000000..5dfcc57c42
Binary files /dev/null and b/devices/surface-hub/images/ssd-click.PNG differ
diff --git a/devices/surface-hub/images/ssd-lift-door.PNG b/devices/surface-hub/images/ssd-lift-door.PNG
new file mode 100644
index 0000000000..d395ce91aa
Binary files /dev/null and b/devices/surface-hub/images/ssd-lift-door.PNG differ
diff --git a/devices/surface-hub/images/ssd-location.PNG b/devices/surface-hub/images/ssd-location.PNG
new file mode 100644
index 0000000000..9b774456b1
Binary files /dev/null and b/devices/surface-hub/images/ssd-location.PNG differ
diff --git a/devices/surface-hub/images/ssd-lock-tab.PNG b/devices/surface-hub/images/ssd-lock-tab.PNG
new file mode 100644
index 0000000000..17c11dc7a2
Binary files /dev/null and b/devices/surface-hub/images/ssd-lock-tab.PNG differ
diff --git a/devices/surface-hub/images/ssd-pull-tab.PNG b/devices/surface-hub/images/ssd-pull-tab.PNG
new file mode 100644
index 0000000000..a306f08a13
Binary files /dev/null and b/devices/surface-hub/images/ssd-pull-tab.PNG differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-1.png b/devices/surface-hub/images/surface-hub-2s-repack-1.png
new file mode 100644
index 0000000000..cab6f33cb7
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-1.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-10.png b/devices/surface-hub/images/surface-hub-2s-repack-10.png
new file mode 100644
index 0000000000..7f3c6ab51c
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-10.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-11.png b/devices/surface-hub/images/surface-hub-2s-repack-11.png
new file mode 100644
index 0000000000..0e0485056a
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-11.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-12.png b/devices/surface-hub/images/surface-hub-2s-repack-12.png
new file mode 100644
index 0000000000..7032cbc1b7
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-12.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-13.png b/devices/surface-hub/images/surface-hub-2s-repack-13.png
new file mode 100644
index 0000000000..465ce22bee
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-13.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-2.png b/devices/surface-hub/images/surface-hub-2s-repack-2.png
new file mode 100644
index 0000000000..f8fbc235b6
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-2.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-3.png b/devices/surface-hub/images/surface-hub-2s-repack-3.png
new file mode 100644
index 0000000000..e270326ab9
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-3.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-4.png b/devices/surface-hub/images/surface-hub-2s-repack-4.png
new file mode 100644
index 0000000000..42bc3a0389
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-4.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-5.png b/devices/surface-hub/images/surface-hub-2s-repack-5.png
new file mode 100644
index 0000000000..d6457cd161
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-5.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-6.png b/devices/surface-hub/images/surface-hub-2s-repack-6.png
new file mode 100644
index 0000000000..73b8a14630
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-6.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-7.png b/devices/surface-hub/images/surface-hub-2s-repack-7.png
new file mode 100644
index 0000000000..54a20e2257
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-7.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-8.png b/devices/surface-hub/images/surface-hub-2s-repack-8.png
new file mode 100644
index 0000000000..f2dcac60ed
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-8.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-repack-9.png b/devices/surface-hub/images/surface-hub-2s-repack-9.png
new file mode 100644
index 0000000000..c067cbf1d8
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-repack-9.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png b/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png
new file mode 100644
index 0000000000..10530cba1e
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-camera-1.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png b/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png
new file mode 100644
index 0000000000..119dc21a5a
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-camera-2.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png
new file mode 100644
index 0000000000..ceebc3d5fd
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-1.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png
new file mode 100644
index 0000000000..77ab33c1d5
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-10.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png
new file mode 100644
index 0000000000..3cf6d0ec62
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-2.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png
new file mode 100644
index 0000000000..d44ad9d37c
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-3.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png
new file mode 100644
index 0000000000..ffbec86f57
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-4.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png
new file mode 100644
index 0000000000..90ddf71366
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-5.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png
new file mode 100644
index 0000000000..5020d16853
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-6.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png
new file mode 100644
index 0000000000..9ea535dff4
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-7.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png
new file mode 100644
index 0000000000..1a64ae0ebb
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-8.png differ
diff --git a/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png
new file mode 100644
index 0000000000..9d9bc52c66
Binary files /dev/null and b/devices/surface-hub/images/surface-hub-2s-replace-cartridge-9.png differ
diff --git a/devices/surface-hub/images/switch.png b/devices/surface-hub/images/switch.png
new file mode 100644
index 0000000000..5ea0d21909
Binary files /dev/null and b/devices/surface-hub/images/switch.png differ
diff --git a/devices/surface-hub/images/usb.png b/devices/surface-hub/images/usb.png
new file mode 100644
index 0000000000..a743c6b634
Binary files /dev/null and b/devices/surface-hub/images/usb.png differ
diff --git a/devices/surface-hub/images/vga.png b/devices/surface-hub/images/vga.png
new file mode 100644
index 0000000000..016b42d1f4
Binary files /dev/null and b/devices/surface-hub/images/vga.png differ
diff --git a/devices/surface-hub/images/~$rface-hub-site-readiness-guide-en-us.docx b/devices/surface-hub/images/~$rface-hub-site-readiness-guide-en-us.docx
new file mode 100644
index 0000000000..1d44312447
Binary files /dev/null and b/devices/surface-hub/images/~$rface-hub-site-readiness-guide-en-us.docx differ
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index f91b3e81bf..f60588a000 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -1,61 +1,182 @@
---
-title: Microsoft Surface Hub admin guide
-description: Documents related to the Microsoft Surface Hub.
-ms.assetid: 69C99E91-1441-4318-BCAF-FE8207420555
+title: Surface Hub
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+layout: LandingPage
ms.prod: surface-hub
-ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
-ms.topic: article
-ms.date: 09/07/2017
-ms.localizationpriority: medium
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: landing-page
+description: "Get started with Microsoft Surface Hub."
+ms.localizationpriority: High
+---
+# Get started with Surface Hub
+
+Surface Hub 2S is an all-in-one digital interactive whiteboard, meetings platform, and collaborative computing device that brings the power of Windows 10 to team collaboration. Use the links below to learn how to plan, deploy, manage, and support your Surface Hub devices.
+
+
+
---
-# Microsoft Surface Hub admin guide
-
->[Looking for the Surface Hub admin guide for Windows 10, version 1607?](https://download.microsoft.com/download/7/2/5/7252051B-7E97-4781-B5DF-58D4B1A4BB88/surface-hub-admin-guide-1607.pdf)
-
->[Looking for the user's guide for Surface Hub?](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf)
-
-
-
Microsoft Surface Hub is an all-in-one productivity device that is intended for brainstorming, collaboration, and presentations. In order to get the maximum benefit from Surface Hub, your organization’s infrastructure and the Surface Hub itself must be properly set up and integrated. The documentation in this library describes what needs to be done both before and during setup in order to help you optimize your use of the device.
-
-
-## Surface Hub setup process
-
-In some ways, adding your new Surface Hub is just like adding any other Microsoft Windows-based device to your network. However, in order to get your Surface Hub up and running at its full capacity, there are some very specific requirements. Here are the next topics you'll need:
-
-1. [Prepare your environment for Surface Hub](prepare-your-environment-for-surface-hub.md)
-2. [Gather the information listed in the Setup worksheet](setup-worksheet-surface-hub.md)
-2. [Physically install your Surface Hub device](physically-install-your-surface-hub-device.md)
-3. [Run the Surface Hub first-run setup program (OOBE)](first-run-program-surface-hub.md)
-
-
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [What's new in Windows 10, version 1703 for Surface Hub?](surfacehub-whats-new-1703.md) | Discover the changes and improvements for Microsoft Surface Hub in the Windows 10, version 1703 release (also known as Creators Update). |
-| [Differences between Surface Hub and Windows 10 Enterprise](differences-between-surface-hub-and-windows-10-enterprise.md) | This topic explains the differences between the operating system on Surface Hub and Windows 10 Enterprise. |
-| [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) | This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Surface Hub. See [Intro to Surface Hub](intro-to-surface-hub.md) for a description of how the device and its features interact with your IT environment. |
-| [Set up Microsoft Surface Hub](set-up-your-surface-hub.md) | Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program. |
-| [Manage Microsoft Surface Hub](manage-surface-hub.md) | How to manage your Surface Hub after finishing the first-run program. |
-| [PowerShell for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) |
-| [How Surface Hub addresses Wi-Fi Direct security issues](surface-hub-wifi-direct.md) | This topic provides guidance on Wi-Fi Direct security risks, how the Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. | PowerShell scripts to help set up and manage your Surface Hub. |
-| [Top support solutions for Surface Hub](support-solutions-surface-hub.md) | These are the top Microsoft Support solutions for common issues experienced using Surface Hub. |
-| [Troubleshoot Microsoft Surface Hub](troubleshoot-surface-hub.md) | Troubleshoot common problems, including setup issues, Exchange ActiveSync errors. |
-| [Troubleshoot Miracast on Surface Hub](miracast-troubleshooting.md) | Learn how to resolve Miracast issues. |
-| [Useful downloads for Surface Hub administrators](surface-hub-downloads.md) | This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide. |
-| [Change history for Surface Hub](change-history-surface-hub.md) | This topic lists new and updated topics in the Surface Hub documentation library. |
-
-
-
-## Additional resources
-
-- [Surface Hub update history](https://support.microsoft.com/help/4037666/surface-surface-hub-update-history)
-- [Surface Hub help](https://support.microsoft.com/hub/4343507/surface-hub-help)
-- [Surface IT Pro Blog](https://blogs.technet.microsoft.com/surface/)
-- [Surface Playlist of videos](https://www.youtube.com/playlist?list=PLXtHYVsvn_b__1Baibdu4elN4SoF3JTBZ)
-- [Microsoft Surface on Twitter](https://twitter.com/surface)
-
+
\ No newline at end of file
diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md
index 847625be1f..74505ca6ff 100644
--- a/devices/surface-hub/install-apps-on-surface-hub.md
+++ b/devices/surface-hub/install-apps-on-surface-hub.md
@@ -2,14 +2,17 @@
title: Install apps on your Microsoft Surface Hub
description: Admins can install apps can from either the Microsoft Store or the Microsoft Store for Business.
ms.assetid: 3885CB45-D496-4424-8533-C9E3D0EDFD94
+ms.reviewer:
+manager: dansimp
keywords: install apps, Microsoft Store, Microsoft Store for Business
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 10/23/2018
ms.localizationpriority: medium
+audience: ITPro
---
# Install apps on your Microsoft Surface Hub
@@ -17,9 +20,9 @@ ms.localizationpriority: medium
You can install additional apps on your Surface Hub to fit your team or organization's needs. There are different methods for installing apps depending on whether you are developing and testing an app, or deploying a released app. This topic describes methods for installing apps for either scenario.
A few things to know about apps on Surface Hub:
-- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub. See a [list of apps that work with Surface Hub](https://support.microsoft.com/help/4040382/surface-Apps-that-work-with-Microsoft-Surface-Hub).
+- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub.
- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family.
-- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from Microsoft Store for Business.
+- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store).
- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
- When submitting an app to the Microsoft Store, developers need to set Device family availability and Organizational licensing options to make sure an app will be available to run on Surface Hub.
- You need admin credentials to install apps on your Surface Hub. Since the device is designed to be used in communal spaces like meeting rooms, people can't access the Microsoft Store to download and install apps.
@@ -37,10 +40,10 @@ By enabling developer mode, you can also install developer-signed UWP apps.
> After developer mode has been enabled, you will need to reset the Surface Hub to disable it. Resetting the device removes all local user files and configurations and then reinstalls Windows.
**To turn on developer mode**
-1. From your Surface Hub, start **Settings**.
-2. Type the device admin credentials when prompted.
-3. Navigate to **Update & security** > **For developers**.
-4. Select **Developer mode** and accept the warning prompt.
+1. From your Surface Hub, start **Settings**.
+2. Type the device admin credentials when prompted.
+3. Navigate to **Update & security** > **For developers**.
+4. Select **Developer mode** and accept the warning prompt.
### Visual Studio
During development, the easiest way to test your app on a Surface Hub is using Visual Studio. Visual Studio's remote debugging feature helps you discover issues in your app before deploying it broadly. For more information, see [Test Surface Hub apps using Visual Studio](https://msdn.microsoft.com/windows/uwp/debug-test-perf/test-surface-hub-apps-using-visual-studio).
@@ -99,10 +102,10 @@ To evaluate apps released on the Microsoft Store, use the Microsoft Store app on
> - To install apps, you will need to manually sign in to the Microsoft Store app on each Surface Hub you own.
**To browse the Microsoft Store on Surface Hub**
-1. From your Surface Hub, start **Settings**.
-2. Type the device admin credentials when prompted.
-3. Navigate to **This device** > **Apps & features**.
-4. Select **Open Store**.
+1. From your Surface Hub, start **Settings**.
+2. Type the device admin credentials when prompted.
+3. Navigate to **This device** > **Apps & features**.
+4. Select **Open Store**.
### Download app packages from Microsoft Store for Business
To download the app package you need to install apps on your Surface Hub, visit the [Microsoft Store for Business](https://www.microsoft.com/business-store). The Store for Business is where you can find, acquire, and manage apps for the Windows 10 devices in your organization, including Surface Hub.
@@ -126,17 +129,16 @@ To deploy apps to a large number of Surface Hubs in your organization, use a sup
| MDM provider | Supports offline-licensed app packages |
|-----------------------------|----------------------------------------|
-| On-premises MDM with System Center Configuration Manager (beginning in version 1602) | Yes |
-| Hybrid MDM with System Center Configuration Manager and Microsoft Intune | Yes |
-| [Microsoft Intune standalone](https://docs.microsoft.com/intune/windows-store-for-business) | Yes |
+| On-premises MDM with Configuration Manager (beginning in version 1602) | Yes |
+|
| Third-party MDM provider | Check to make sure your MDM provider supports deploying offline-licensed app packages. |
-**To deploy apps remotely using System Center Configuration Manager (either on-prem MDM or hybrid MDM)**
+**To deploy apps remotely using Microsoft Endpoint Configuration Manager**
> [!NOTE]
-> These instructions are based on the current branch of System Center Configuration Manager.
+> These instructions are based on the current branch of Microsoft Endpoint Configuration Manager.
-1. Enroll your Surface Hubs to System Center Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md#enroll-into-mdm).
+1. Enroll your Surface Hubs to Configuration Manager. For more information, see [Enroll a Surface Hub into MDM](manage-settings-with-mdm-for-surface-hub.md#enroll-into-mdm).
2. Download the offline-licensed app package, the *encoded* license file, and any necessary dependency files from the Store for Business. For more information, see [Download an offline-licensed app](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps#download-an-offline-licensed-app). Place the downloaded files in the same folder on a network share.
3. In the **Software Library** workspace of the Configuration Manager console, click **Overview** > **Application Management** > **Applications**.
4. On the **Home** tab, in the **Create** group, click **Create Application**.
@@ -147,16 +149,16 @@ To deploy apps to a large number of Surface Hubs in your organization, use a sup
9. On the **General Information** page, complete additional details about the app. Some of this information might already be populated if it was automatically obtained from the app package.
10. Click **Next**, review the application information on the Summary page, and then complete the Create Application Wizard.
11. Create a deployment type for the application. For more information, see [Create deployment types for the application](https://docs.microsoft.com/sccm/apps/deploy-use/create-applications#create-deployment-types-for-the-application).
-12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
-13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx).
+12. Deploy the application to your Surface Hubs. For more information, see [Deploy applications with Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications).
+13. As needed, update the app by downloading a new package from the Store for Business, and publishing an application revision in Configuration Manager. For more information, see [Update and retire applications with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt595704.aspx).
> [!NOTE]
-> If you are using System Center Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to System Center Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with System Center Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Microsoft Store for Business with System Center Configuration Manager](https://technet.microsoft.com/library/mt740630.aspx).
+> If you are using Microsoft Endpoint Configuration Manager (current branch), you can bypass the above steps by connecting the Store for Business to Configuration Manager. By doing so, you can synchronize the list of apps you've purchased with Configuration Manager, view these in the Configuration Manager console, and deploy them like you would any other app. For more information, see [Manage apps from the Microsoft Store for Business with Configuration Manager](https://technet.microsoft.com/library/mt740630.aspx).
## Summary
-There are a few different ways to install apps on your Surface Hub depending on whether you are developing apps, evaluating apps on a small number of devices, or deploying apps broadly to your oganization. This table summarizes the supported methods:
+There are a few different ways to install apps on your Surface Hub depending on whether you are developing apps, evaluating apps on a small number of devices, or deploying apps broadly to your organization. This table summarizes the supported methods:
| Install method | Developing apps | Evaluating apps on a few devices | Deploying apps broadly to your organization |
| -------------------------- | --------------- | ------------------------------------- | ---------------------- |
diff --git a/devices/surface-hub/juneworkspace.code-workspace b/devices/surface-hub/juneworkspace.code-workspace
new file mode 100644
index 0000000000..f23e17c3ca
--- /dev/null
+++ b/devices/surface-hub/juneworkspace.code-workspace
@@ -0,0 +1,11 @@
+{
+ "folders": [
+ {
+ "path": "C:\\github\\windows-docs-pr"
+ },
+ {
+ "path": "."
+ }
+ ],
+ "settings": {}
+}
\ No newline at end of file
diff --git a/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
new file mode 100644
index 0000000000..003795ec22
--- /dev/null
+++ b/devices/surface-hub/known-issues-and-additional-info-about-surface-hub.md
@@ -0,0 +1,26 @@
+---
+title: Known issues and additional information about Microsoft Surface Hub
+description: Outlines known issues with Microsoft Surface Hub.
+ms.assetid: aee90a0c-fb05-466e-a2b1-92de89d0f2b7
+keywords: surface, hub, issues
+ms.prod: surface-hub
+ms.sitesec: library
+author: todmccoy
+ms.author: v-todmc
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Known issues and additional information about Microsoft Surface Hub
+
+We're listening. Quality is a top priority, and we want to keep you informed about issues impacting customers. The following are some known issues of Microsoft Surface Hub:
+
+- **Skype for Business isn't using proxy for media traffic with RS2**
+ For some Surface Hub users who are behind a proxy, Skype for Business won't use the proxy server for media. However, the Surface Hub will be able to sign in to the account. We received your feedback and are aware of the media traffic issue when you are using proxy. We're actively investigating this issue and will release fixes as soon as a solution is identified and tested.
+
+- **For AAD joined devices, when a user tries to sign in to "My meetings & files", Surface Hub reports that there is no Internet connection**
+ We’re aware of a set of issues that affect sign-in and document access on Surface Hub. We're actively investigating these issues. As a workaround until a resolution is released, customers can reset their devices and set up their Hub to use a local admin account. After reconfiguring to use the local admin account, "My meetings and files" will work as expected.
+- **Single sign-in when Azure AD joined**
+ Surface Hub was designed for communal spaces, which impacts the way user credentials are stored. Because of this, there are currently limitations in how single sign-in works when devices are Azure AD joined. Microsoft is aware of this limitation and is actively investigating options for a resolution.
+- **Miracast over Infrastructure projection to Surface Hub fails if the Surface Hub has a dot character (.) in the friendly name**
+ Surface Hub users may experience issues projecting to their device if the Friendly Name includes a period or dot in the name (.) -- for example, "Conf.Room42". To work around the issue, change the Friendly Name of the Hub in **Settings** > **Surface Hub** > **About**, and then restart the device. Microsoft is working on a solution to this issue.
\ No newline at end of file
diff --git a/devices/surface-hub/local-management-surface-hub-settings.md b/devices/surface-hub/local-management-surface-hub-settings.md
index b53d27448f..810691dfe8 100644
--- a/devices/surface-hub/local-management-surface-hub-settings.md
+++ b/devices/surface-hub/local-management-surface-hub-settings.md
@@ -4,10 +4,12 @@ description: How to manage Surface Hub settings with Settings.
keywords: manage Surface Hub, Surface Hub settings
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 07/08/2019
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
@@ -27,7 +29,6 @@ Surface Hubs have many settings that are common to other Windows devices, but al
| Change admin account password | Surface Hub > Accounts | Change the password for the local admin account. This is only available if you configured the device to use a local admin during first run. |
| Device Management | Surface Hub > Device management | Manage policies and business applications using mobile device management (MDM). |
| Provisioning packages | Surface Hub > Device management | Set or change provisioning packages installed on the Surface Hub. |
-| Configure Operations Management Suite (OMS) | Surface Hub > Device management | Set up monitoring for your Surface Hub using OMS. |
| Open the Microsoft Store app | Surface Hub > Apps & features | The Microsoft Store app is only available to admins through the Settings app. |
| Skype for Business domain name | Surface Hub > Calling & Audio | Configure a domain name for your Skype for Business server. |
| Default Speaker volume | Surface Hub > Calling & Audio | Configure the default speaker volume for the Surface Hub when it starts a session. |
@@ -58,4 +59,4 @@ Surface Hubs have many settings that are common to other Windows devices, but al
[Remote Surface Hub management](remote-surface-hub-management.md)
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
\ No newline at end of file
+[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 65c471f4a1..b3a74fc47d 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -2,11 +2,13 @@
title: Manage settings with an MDM provider (Surface Hub)
description: Microsoft Surface Hub provides an enterprise management solution to help IT administrators manage policies and business applications on these devices using a mobile device management (MDM) solution.
ms.assetid: 18EB8464-6E22-479D-B0C3-21C4ADD168FE
+ms.reviewer:
+manager: dansimp
keywords: mobile device management, MDM, manage policies
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 03/07/2018
ms.localizationpriority: medium
@@ -17,9 +19,8 @@ ms.localizationpriority: medium
Surface Hub and other Windows 10 devices allow IT administrators to manage settings and policies using a mobile device management (MDM) provider. A built-in management component communicates with the management server, so there is no need to install additional clients on the device. For more information, see [Windows 10 mobile device management](https://msdn.microsoft.com/library/windows/hardware/dn914769.aspx).
Surface Hub has been validated with Microsoft’s first-party MDM providers:
-- On-premises MDM with System Center Configuration Manager (beginning in version 1602)
-- Hybrid MDM with System Center Configuration Manager and Microsoft Intune
- Microsoft Intune standalone
+- On-premises MDM with Microsoft Endpoint Configuration Manager
You can also manage Surface Hubs using any third-party MDM provider that can communicate with Windows 10 using the MDM protocol.
@@ -30,7 +31,7 @@ You can enroll your Surface Hubs using bulk, manual, or automatic enrollment.
**To configure bulk enrollment**
- Surface Hub supports the [Provisioning CSP](https://msdn.microsoft.com/library/windows/hardware/mt203665.aspx) for bulk enrollment into MDM. For more information, see [Windows 10 bulk enrollment](https://msdn.microsoft.com/library/windows/hardware/mt613115.aspx).
--OR--
-- If you have an on-premises System Center Configuration Manager infrastructure, see [How to bulk enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/library/mt627898.aspx).
+- If you have an on-premises Microsoft Endpoint Configuration Manager infrastructure, see [How to bulk enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm).
### Manual enrollment
**To configure manual enrollment**
@@ -44,148 +45,163 @@ You can enroll your Surface Hubs using bulk, manual, or automatic enrollment.
Surface Hub now supports the ability to automatically enroll in Intune by joining the device to Azure Active Directory.
-For more information, see [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
+First step is to set up Automatic MDM enrollment. See [Enable Windows 10 automatic enrollment](https://docs.microsoft.com/intune/windows-enroll#enable-windows-10-automatic-enrollment).
+
+Then, when devices are setup during First-run, pick the option to join to Azure Active Directory, see [Set up admins for this device page](https://docs.microsoft.com/surface-hub/first-run-program-surface-hub#set-up-admins-for-this-device-page)
## Manage Surface Hub settings with MDM
-You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and System Center Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
+You can use MDM to manage some [Surface Hub CSP settings](#supported-surface-hub-csp-settings), and some [Windows 10 settings](#supported-windows-10-settings). Depending on the MDM provider that you use, you may set these settings using a built-in user interface, or by deploying custom SyncML. Microsoft Intune and Microsoft Endpoint Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. Refer to documentation from your MDM provider to learn how to create and deploy SyncML.
### Supported Surface Hub CSP settings
-You can configure the Surface Hub settings in the following table using MDM. The table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
+You can configure the Surface Hub settings in the following table using MDM. The table identifies if the setting is supported with Microsoft Intune, Microsoft Endpoint Configuration Manager, or SyncML.
For more information, see [SurfaceHub configuration service provider](https://msdn.microsoft.com/library/windows/hardware/mt608323).
-| Setting | Node in the SurfaceHub CSP | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
-| ---- | --- | --- | --- | --- |
-| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
-| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
-| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
-| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID MOMAgent/WorkspaceKey | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Friendly name for wireless projection | Properties/FriendlyName | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Device account, including password rotation | DeviceAccount/*``* See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
-| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Set default volume | Properties/DefaultVolume | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Set screen timeout | Properties/ScreenTimeout | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Set session timeout | Properties/SessionTimeout | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Set sleep timeout | Properties/SleepTimeout | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
+| Setting | Node in the SurfaceHub CSP | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|----------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Maintenance hours | MaintenanceHoursSimple/Hours/StartTime MaintenanceHoursSimple/Hours/Duration | Yes | Yes | Yes |
+| Automatically turn on the screen using motion sensors | InBoxApps/Welcome/AutoWakeScreen | Yes | Yes | Yes |
+| Require a pin for wireless projection | InBoxApps/WirelessProjection/PINRequired | Yes | Yes | Yes |
+| Enable wireless projection | InBoxApps/WirelessProjection/Enabled | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Miracast channel to use for wireless projection | InBoxApps/WirelessProjection/Channel | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Connect to your Operations Management Suite workspace | MOMAgent/WorkspaceID MOMAgent/WorkspaceKey | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Welcome screen background image | InBoxApps/Welcome/CurrentBackgroundPath | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Meeting information displayed on the welcome screen | InBoxApps/Welcome/MeetingInfoOption | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Friendly name for wireless projection | Properties/FriendlyName | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Device account, including password rotation | DeviceAccount/*``* See [SurfaceHub CSP](https://msdn.microsoft.com/library/windows/hardware/mt608323.aspx). | No | No | Yes |
+| Specify Skype domain | InBoxApps/SkypeForBusiness/DomainName | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Auto launch Connect App when projection is initiated | InBoxApps/Connect/AutoLaunch | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Set default volume | Properties/DefaultVolume | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Set screen timeout | Properties/ScreenTimeout | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Set session timeout | Properties/SessionTimeout | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Set sleep timeout | Properties/SleepTimeout | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow session to resume after screen is idle | Properties/AllowSessionResume | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow device account to be used for proxy authentication | Properties/AllowAutoProxyAuth | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Disable auto-populating the sign-in dialog with invitees from scheduled meetings | Properties/DisableSignInSuggestions | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Disable "My meetings and files" feature in Start menu | Properties/DoNotShowMyMeetingsAndFiles | Yes | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Set the LanProfile for 802.1x Wired Auth | Dot3/LanProfile | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Set the EapUserData for 802.1x Wired Auth | Dot3/EapUserData | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Supported Windows 10 settings
In addition to Surface Hub-specific settings, there are numerous settings common to all Windows 10 devices. These settings are defined in the [Configuration service provider reference](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference).
-The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, System Center Configuration Manager, or SyncML.
+The following tables include info on Windows 10 settings that have been validated with Surface Hub. There is a table with settings for these areas: security, browser, Windows Updates, Windows Defender, remote reboot, certificates, and logs. Each table identifies if the setting is supported with Microsoft Intune, Microsoft Endpoint Configuration Manager, or SyncML.
#### Security settings
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. . | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|--------------------|------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Allow Bluetooth | Keep this enabled to support Bluetooth peripherals. | [Connectivity/AllowBluetooth](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Connectivity_AllowBluetooth) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Bluetooth policies | Use to set the Bluetooth device name, and block advertising, discovery, and automatic pairing. | Bluetooth/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow camera | Keep this enabled for Skype for Business. | [Camera/AllowCamera](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Camera_AllowCamera) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow location | Keep this enabled to support apps such as Maps. | [System/AllowLocation](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowLocation) | Yes. . | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow telemetry | Keep this enabled to help Microsoft improve Surface Hub. | [System/AllowTelemetry](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#System_AllowTelemetry) | Yes. | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow USB Drives | Keep this enabled to support USB drives on Surface Hub | [System/AllowStorageCard](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#system-allowstoragecard) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Browser settings
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Allow SmartScreen | Keep this enabled to turn on SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Prevent ignoring SmartScreen Filter warnings for websites | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Prevent ignoring SmartScreen Filter warnings for files | For extra security, use to stop users from ignoring SmartScreen Filter warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|-----------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Homepages | Use to configure the default homepages in Microsoft Edge. | [Browser/Homepages](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_Homepages) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow cookies | Surface Hub automatically deletes cookies at the end of a session. Use this to block cookies within a session. | [Browser/AllowCookies](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowCookies) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow developer tools | Use to stop users from using F12 Developer Tools. | [Browser/AllowDeveloperTools](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDeveloperTools) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow Do Not Track | Use to enable Do Not Track headers. | [Browser/AllowDoNotTrack](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowDoNotTrack) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow pop-ups | Use to block pop-up browser windows. | [Browser/AllowPopups](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowPopups) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow search suggestions | Use to block search suggestions in the address bar. | [Browser/AllowSearchSuggestionsinAddressBar](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSearchSuggestionsinAddressBar) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Allow Windows Defender SmartScreen | Keep this enabled to turn on Windows Defender SmartScreen. | [Browser/AllowSmartScreen](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_AllowSmartScreen) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Prevent ignoring Windows Defender SmartScreen warnings for websites | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from accessing potentially malicious websites. | [Browser/PreventSmartScreenPromptOverride](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverride) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Prevent ignoring Windows Defender SmartScreen warnings for files | For extra security, use to stop users from ignoring Windows Defender SmartScreen warnings and block them from downloading unverified files from Microsoft Edge. | [Browser/PreventSmartScreenPromptOverrideForFiles](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Browser_PreventSmartScreenPromptOverrideForFiles) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Windows Update settings
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML*? |
-| --- | --- | --- |---- | --- | --- |
-| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Defer feature updates| See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes|
-| Configure device to use WSUS| Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|---------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Use Current Branch or Current Branch for Business | Use to configure Windows Update for Business – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/BranchReadinessLevel](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_BranchReadinessLevel) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Defer feature updates | See above. | [Update/ DeferFeatureUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferFeatureUpdatesPeriodInDays) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Defer quality updates | See above. | [Update/DeferQualityUpdatesPeriodInDays](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_DeferQualityUpdatesPeriodInDays) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Pause feature updates | See above. | [Update/PauseFeatureUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseFeatureUpdates) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Pause quality updates | See above. | [Update/PauseQualityUpdates](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_PauseQualityUpdates) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Configure device to use WSUS | Use to connect your Surface Hub to WSUS instead of Windows Update – see [Windows updates](manage-windows-updates-for-surface-hub.md). | [Update/UpdateServiceUrl](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_UpdateServiceUrl) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Delivery optimization | Use peer-to-peer content sharing to reduce bandwidth issues during updates. See [Configure Delivery Optimization for Windows 10](https://technet.microsoft.com/itpro/windows/manage/waas-delivery-optimization) for details. | DeliveryOptimization/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Windows Defender settings
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | No. | No. | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|-------------------|----------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Defender policies | Use to configure various Defender settings, including a scheduled scan time. | Defender/*``* See [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Defender status | Use to initiate a Defender scan, force a Security intelligence update, query any threats detected. | [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/mt187856.aspx) | Yes | Yes | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Remote reboot
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
-| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
-| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Reboot the device immediately | Use in conjunction with OMS to minimize support costs – see [Monitor your Microsoft Surface Hub](monitor-surface-hub.md). | ./Vendor/MSFT/Reboot/RebootNow See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes | No | Yes |
+| Reboot the device at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/Single See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Reboot the device daily at a scheduled date and time | See above. | ./Vendor/MSFT/Reboot/Schedule/DailyRecurrent See [Reboot CSP](https://msdn.microsoft.com/library/windows/hardware/mt720802.aspx) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Install certificates
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
-| --- | --- | --- |---- | --- | --- |
-| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. See [How to create certificate profiles in System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/create-certificate-profiles). | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|---------------------------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------|
+| Install trusted CA certificates | Use to deploy trusted root and intermediate CA certificates. | [RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx) | Yes. See [Configure Intune certificate profiles](https://docs.microsoft.com/intune/deploy-use/configure-intune-certificate-profiles). | Yes. See [How to create certificate profiles in Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/create-certificate-profiles). | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Collect logs
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML*? |
-| --- | --- | --- |---- | --- | --- |
-| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|------------------|----------------------------------------------------|----------------------------------------------------------------------------------------|---------------------------|------------------------------------------|-----------------------------|
+| Collect ETW logs | Use to remotely collect ETW logs from Surface Hub. | [DiagnosticLog CSP](https://msdn.microsoft.com/library/windows/hardware/mt219118.aspx) | No | No | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Set network quality of service (QoS) policy
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML*? |
-| --- | --- | --- |--- | --- | ---- |
-| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|------------------------|--------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Set Network QoS Policy | Use to set a QoS policy to perform a set of actions on network traffic. This is useful for prioritizing Skype network packets. | [NetworkQoSPolicy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkqospolicy-csp) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Set network proxy
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML*? |
-| --- | ---- | --- |---- | --- | --- |
-| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|-------------------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Set Network proxy | Use to configure a proxy server for ethernet and Wi-Fi connections. | [NetworkProxy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/networkproxy-csp) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
#### Configure Start menu
-| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML*? |
-| --- | ---- | --- |---- | --- | --- |
-| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+| Setting | Details | CSP reference | Supported with Intune? | Supported with Configuration Manager? | Supported with SyncML\*? |
+|----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------|-------------------------------------------------|-----------------------------|
+| Configure Start menu | Use to configure which apps are displayed on the Start menu. For more information, see [Configure Surface Hub Start menu](surface-hub-start-menu.md) | [Policy CSP: Start/StartLayout](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-start#start-startlayout) | Yes [Use a custom policy.](#example-intune) | Yes. [Use a custom setting.](#example-sccm) | Yes |
+
\*Settings supported with SyncML can also be configured in a Windows Configuration Designer provisioning package.
### Generate OMA URIs for settings
-You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in System Center Configuration Manager.
+You need to use a setting’s OMA URI to create a custom policy in Intune, or a custom setting in Microsoft Endpoint Configuration Manager.
**To generate the OMA URI for any setting in the CSP documentation**
1. In the CSP documentation, identify the root node of the CSP. Generally, this looks like `./Vendor/MSFT/`
@@ -209,11 +225,11 @@ You can use Microsoft Intune to manage Surface Hub settings. For custom settings
-## Example: Manage Surface Hub settings with System Center Configuration Manager
-System Center Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use System Center Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
+## Example: Manage Surface Hub settings with Microsoft Endpoint Configuration Manager
+Configuration Manager supports managing modern devices that do not require the Configuration Manager client to manage them, including Surface Hub. If you already use Configuration Manager to manage other devices in your organization, you can continue to use the Configuration Manager console as your single location for managing Surface Hubs.
> [!NOTE]
-> These instructions are based on the current branch of System Center Configuration Manager.
+> These instructions are based on the current branch of Configuration Manager.
**To create a configuration item for Surface Hub settings**
@@ -248,7 +264,7 @@ System Center Configuration Manager supports managing modern devices that do not
18. When you're done, on the **Browse Settings** dialog, click **Close**.
19. Complete the wizard. You can view the new configuration item in the **Configuration Items** node of the **Assets and Compliance** workspace.
-For more information, see [Create configuration items for Windows 8.1 and Windows 10 devices managed without the System Center Configuration Manager client](https://docs.microsoft.com/sccm/compliance/deploy-use/create-configuration-items-for-windows-8.1-and-windows-10-devices-managed-without-the-client).
+For more information, see [Create configuration items for Windows 8.1 and Windows 10 devices managed without the Microsoft Endpoint Configuration Manager client](https://docs.microsoft.com/configmgr/compliance/deploy-use/create-configuration-items-for-windows-8.1-and-windows-10-devices-managed-without-the-client).
## Related topics
@@ -256,9 +272,9 @@ For more information, see [Create configuration items for Windows 8.1 and Window
-
-
-
+
+
+
diff --git a/devices/surface-hub/manage-surface-hub-settings.md b/devices/surface-hub/manage-surface-hub-settings.md
index ac7d714624..a5d76ff156 100644
--- a/devices/surface-hub/manage-surface-hub-settings.md
+++ b/devices/surface-hub/manage-surface-hub-settings.md
@@ -4,10 +4,12 @@ description: This section lists topics for managing Surface Hub settings.
keywords: Surface Hub accessibility settings, device account, device reset, windows updates, wireless network management
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md
index da29b06c9d..4ad681ff5f 100644
--- a/devices/surface-hub/manage-surface-hub.md
+++ b/devices/surface-hub/manage-surface-hub.md
@@ -2,11 +2,13 @@
title: Manage Microsoft Surface Hub
description: How to manage your Surface Hub after finishing the first-run program.
ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
+ms.reviewer:
+manager: dansimp
keywords: manage Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 01/17/2018
ms.localizationpriority: medium
@@ -17,7 +19,7 @@ ms.localizationpriority: medium
After initial setup of Microsoft Surface Hub, the device’s settings and configuration can be modified or changed in a couple ways:
- **Local management** - Every Surface Hub can be configured locally using the **Settings** app on the device. To prevent unauthorized users from changing settings, the Settings app requires admin credentials to open the app. For more information, see [Local management for Surface Hub settings](local-management-surface-hub-settings.md).
-- **Remote management** - Surface Hub allow IT admins to manage settings and policies using a mobile device management (MDM) provider, such as Microsoft Intune, System Center Configuration Manager, and other third-party providers. Additionally, admins can monitor Surface Hubs using Microsoft Operations Management Suite (OMS). For more information, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md), and [Monitor your Microsoft Surface Hub](monitor-surface-hub.md).
+- **Remote management** - Surface Hub allow IT admins to manage settings and policies using a mobile device management (MDM) provider, such as Microsoft Intune, Microsoft Endpoint Configuration Manager, and other third-party providers. Additionally, admins can monitor Surface Hubs using Microsoft Operations Management Suite (OMS). For more information, see [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md), and [Monitor your Microsoft Surface Hub](monitor-surface-hub.md).
> [!NOTE]
> These management methods are not mutually exclusive. Devices can be both locally and remotely managed if you choose. However, MDM policies and settings will overwrite any local changes when the Surface Hub syncs with the management server.
@@ -41,7 +43,8 @@ Learn about managing and updating Surface Hub.
[Enable 802.1x wired authentication](enable-8021x-wired-authentication.md) | 802.1x Wired Authentication MDM policies have been enabled on Surface Hub devices.
| [Using a room control system](https://technet.microsoft.com/itpro/surface-hub/use-room-control-system-with-surface-hub) | Room control systems can be used with your Microsoft Surface Hub.|
[Using the Surface Hub Recovery Tool](surface-hub-recovery-tool.md) | Use the Surface Hub Recovery Tool to re-image the Surface Hub SSD.
+[Surface Hub SSD replacement](surface-hub-ssd-replacement.md) | Learn how to remove and replace the solid state drive in your Surface Hub.
## Related topics
-- [View Power BI presentation mode on Surface Hub & Windows 10](https://powerbi.microsoft.com/documentation/powerbi-mobile-win10-app-presentation-mode/)
\ No newline at end of file
+- [View Power BI presentation mode on Surface Hub & Windows 10](https://powerbi.microsoft.com/documentation/powerbi-mobile-win10-app-presentation-mode/)
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index 625ba99f34..961a12fcd0 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -2,13 +2,14 @@
title: Windows updates (Surface Hub)
description: You can manage Windows updates on your Microsoft Surface Hub by setting the maintenance window, deferring updates, or using Windows Server Update Services (WSUS).
ms.assetid: A737BD50-2D36-4DE5-A604-55053D549045
+ms.reviewer:
+manager: dansimp
keywords: manage Windows updates, Surface Hub, Windows Server Update Services, WSUS
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 11/03/2017
ms.localizationpriority: medium
---
@@ -57,7 +58,7 @@ Surface Hubs, like all Windows 10 devices, include **Windows Update for Business
2. [Configure when Surface Hub receives updates](#configure-when-surface-hub-receives-updates).
> [!NOTE]
-> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune)
+> You can use Microsoft Intune, Microsoft Endpoint Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune)
### Group Surface Hub into deployment rings
@@ -67,7 +68,7 @@ This table gives examples of deployment rings.
| Deployment ring | Ring size | Servicing branch | Deferral for feature updates | Deferral for quality updates (security fixes, drivers, and other updates) | Validation step |
| --------- | --------- | --------- | --------- | --------- | --------- |
-| Preview (e.g. non-critical or test devices) | Small | Semi-annual channel (Targeted) | None. | None. | Manually test and evaluate new functionality. Pause updates if there are issues. |
+| Preview (e.g. non-critical or test devices) | Small | Windows Insider Preview | None. | None. | Manually test and evaluate new functionality. Pause updates if there are issues. |
| Release (e.g. devices used by select teams) | Medium | Semi-annual channel | None. | None. | Monitor device usage and user feedback. Pause updates if there are issues. |
| Broad deployment (e.g. most of the devices in your organization) | Large | Semi-annual channel | 120 days after release. | 7-14 days after release. | Monitor device usage and user feedback. Pause updates if there are issues. |
| Mission critical (e.g. devices in executive boardrooms) | Small | Semi-annual channel | 180 days after release (maximum deferral for feature updates). | 30 days after release (maximum deferral for quality updates). | Monitor device usage and user feedback. |
diff --git a/devices/surface-hub/miracast-over-infrastructure.md b/devices/surface-hub/miracast-over-infrastructure.md
index 7b6737d1ac..1b09f33999 100644
--- a/devices/surface-hub/miracast-over-infrastructure.md
+++ b/devices/surface-hub/miracast-over-infrastructure.md
@@ -3,10 +3,12 @@ title: Miracast on existing wireless network or LAN
description: Windows 10 enables you to send a Miracast stream over a local network.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 08/03/2017
+ms.date: 06/20/2019
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/miracast-troubleshooting.md b/devices/surface-hub/miracast-troubleshooting.md
index 6f3bdf62ec..9517857676 100644
--- a/devices/surface-hub/miracast-troubleshooting.md
+++ b/devices/surface-hub/miracast-troubleshooting.md
@@ -3,10 +3,12 @@ title: Troubleshoot Miracast on Surface Hub
description: Learn how to resolve issues with Miracast on Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index a210f9834d..262c565327 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -2,11 +2,13 @@
title: Monitor your Microsoft Surface Hub
description: Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
ms.assetid: 1D2ED317-DFD9-423D-B525-B16C2B9D6942
+ms.reviewer:
+manager: dansimp
keywords: monitor Surface Hub, Microsoft Operations Management Suite, OMS
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -93,10 +95,10 @@ This table describes the sample queries in the Surface Hub solution:
| Hardware | Error | **Contact Microsoft support**. Indicates impact to core functionality (such as Skype, projection, touch, and internet connectivity). **Note** Some events, including heartbeat, include the device’s serial number that you can use when contacting support.| Triggers when there is an error with any of the following hardware components. **Components that affect Skype**: - Speaker driver - Microphone driver - Camera driver **Components that affect wired and wireless projection**: - Wired touchback driver - Wired ingest driver - Wireless adapter driver - Wi-Fi Direct error **Other components**: - Touch digitizer driver - Network adapter error (not reported to OMS)|
**To set up an alert**
-1. From the Surface Hub solution, select one of the sample queries.
-2. Modify the query as desired. See Log Analytics search reference to learn more.
-3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert.
-4. Click **Save** to complete the alert rule. It will start running immediately.
+1. From the Surface Hub solution, select one of the sample queries.
+2. Modify the query as desired. See Log Analytics search reference to learn more.
+3. Click **Alert** at the top of the page to open the **Add Alert Rule** screen. See [Alerts in Log Analytics](https://azure.microsoft.com/documentation/articles/log-analytics-alerts/) for details on the options to configure the alert.
+4. Click **Save** to complete the alert rule. It will start running immediately.
## Enroll your Surface Hub
@@ -136,7 +138,7 @@ You'll need the workspace ID and primary key of your OMS workspace. You can get
A confirmation dialog will appear telling you whether or not the OMS configuration was successfully applied to the device. If it was, the device will start sending data to OMS.
### Enroll using a provisioning package
-You can use a provisioning package to enroll your Surface Hub. For more infomation, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
+You can use a provisioning package to enroll your Surface Hub. For more information, see [Create provisioning packages](provisioning-packages-for-certificates-surface-hub.md).
### Enroll using a MDM provider
You can enroll Surface Hub into OMS using the SurfaceHub CSP. Intune and Configuration Manager provide built-in experiences to help create policy templates for Surface Hub. For more information, see [Manage Surface Hub settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md).
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index 46877db4de..88b0653b00 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
title: On-premises deployment single forest (Surface Hub)
description: This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
ms.assetid: 80E12195-A65B-42D1-8B84-ECC3FCBAAFC6
+ms.reviewer:
+manager: dansimp
keywords: single forest deployment, on prem deployment, device account, Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.date: 08/28/2018
ms.localizationpriority: medium
---
@@ -18,94 +20,98 @@ This topic explains how you add a device account for your Microsoft Surface Hub
If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premises-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, see [On-premises deployment for Surface Hub in a multi-forest environment](on-premises-deployment-surface-hub-multi-forest.md).
-1. Start a remote PowerShell session from a PC and connect to Exchange.
+1. Start a remote PowerShell session from a PC and connect to Exchange.
- Be sure you have the right permissions set to run the associated cmdlets.
+ Be sure you have the right permissions set to run the associated cmdlets.
- Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
-
- ```PowerShell
- Set-ExecutionPolicy Unrestricted
- $org='contoso.microsoft.com'
- $cred=Get-Credential $admin@$org
- $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
- $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
- Import-PSSession $sessExchange
- Import-PSSession $sessLync
- ```
-
-2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
-
- If you're changing an existing resource mailbox:
-
- ```PowerShell
- Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
-
- If you’re creating a new resource mailbox:
-
- ```PowerShell
- New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
-
-3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
-
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
-
- If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
-
- ```PowerShell
- $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
- ```
-
- Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
-
- ```PowerShell
- Set-Mailbox $acctUpn -Type Regular
- Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy
- Set-Mailbox $acctUpn -Type Room
- Set-Mailbox $credNewAccount.UserName -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
- ```
-
-4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
-
- ```PowerShell
- Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
- ```
-
-5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
-
- ```PowerShell
- Set-AdUser $acctUpn -PasswordNeverExpires $true
- ```
-
-6. Enable the account in Active Directory so it will authenticate to the Surface Hub.
-
- ```PowerShell
- Set-AdUser $acctUpn -Enabled $true
- ```
-
-7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
-
- ```PowerShell
- Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
- -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
- -Identity HUB01
- ```
-
- You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
-
-8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
+ Note here that `$strExchangeServer` is the fully qualified domain name (FQDN) of your Exchange server, and `$strLyncFQDN` is the FQDN of your Skype for Business server.
```PowerShell
- Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true
- ```
+ Set-ExecutionPolicy Unrestricted
+ $org='contoso.microsoft.com'
+ $cred=Get-Credential $admin@$org
+ $sessExchange = New-PSSession -ConfigurationName microsoft.exchange -Credential $cred -AllowRedirection -Authentication Kerberos -ConnectionUri "http://$strExchangeServer/powershell" -WarningAction SilentlyContinue
+ $sessLync = New-PSSession -Credential $cred -ConnectionURI "https://$strLyncFQDN/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue
+ Import-PSSession $sessExchange
+ Import-PSSession $sessLync
+ ```
- Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
+2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+
+ If you're changing an existing resource mailbox:
+
+ ```PowerShell
+ Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+ ```
+
+ If you’re creating a new resource mailbox:
+
+ ```PowerShell
+ New-Mailbox -UserPrincipalName HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+ ```
+> [!IMPORTANT]
+> ActiveSync Virtual Directory Basic Authentication is required to be enabled as the Surface Hub is unable to authenticate using other authentication methods.
+
+3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+
+ Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+
+ If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+
+ ```PowerShell
+ $easPolicy = New-MobileDeviceMailboxPolicy -Name “SurfaceHubs” -PasswordEnabled $false
+ ```
+
+ Once you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. You need to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox—you may need to re-enable it and set the password again too.
+
+ ```PowerShell
+ $acctUpn = Get-Mailbox -Identity ""
+ $credNewAccount.Password = ConvertTo-SecureString -String -AsPlainText -Force
+ Set-Mailbox $acctUpn -Type Regular
+ Set-CASMailbox $acctUpn -ActiveSyncMailboxPolicy $easPolicy
+ Set-Mailbox $acctUpn -Type Room
+ Set-Mailbox $acctUpn -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+ ```
+
+4. Various Exchange properties can be set on the device account to improve the meeting experience for people. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+
+ ```PowerShell
+ Set-CalendarProcessing -Identity $acctUpn -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+ Set-CalendarProcessing -Identity $acctUpn -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+ ```
+
+5. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
+
+ ```PowerShell
+ Set-AdUser $acctUpn -PasswordNeverExpires $true
+ ```
+
+6. Enable the account in Active Directory so it will authenticate to the Surface Hub.
+
+ ```PowerShell
+ Set-AdUser $acctUpn -Enabled $true
+ ```
+
+7. Enable the device account with Skype for Business by enabling your Surface Hub AD account on a Skype for Business Server pool:
+
+ ```PowerShell
+ Enable-CsMeetingRoom -SipAddress "sip:HUB01@contoso.com"
+ -DomainController DC-ND-001.contoso.com -RegistrarPool LYNCPool15.contoso.com
+ -Identity HUB01
+ ```
+
+ You'll need to use the Session Initiation Protocol (SIP) address and domain controller for the Surface Hub, along with your own Skype for Business Server pool identifier and user identity.
+
+8. OPTIONAL: You can also allow your Surface Hub to make and receive public switched telephone network (PSTN) phone calls by enabling Enterprise Voice for your account. Enterprise Voice isn't a requirement for Surface Hub, but if you want PSTN dialing functionality for the Surface Hub client, here's how to enable it:
+
+ ```PowerShell
+ Set-CsMeetingRoom -Identity HUB01 -DomainController DC-ND-001.contoso.com -LineURI "tel:+14255550555;ext=50555" -EnterpriseVoiceEnabled $true
+ ```
+
+ Again, you need to replace the provided domain controller and phone number examples with your own information. The parameter value `$true` stays the same.
- ## Disable anonymous email and IM
+ ## Disable anonymous email and IM
@@ -141,7 +147,7 @@ To change the policy entry:
```
$policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -value $true
$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Replace = $policyEntry}
-```
+```
To remove the policy entry:
@@ -150,7 +156,7 @@ $policyEntry = New-CsClientPolicyEntry -Name AllowResourceAccountSendMessage -va
$clientPolicy | Set-CsClientPolicy -PolicyEntry @{Remove = $policyEntry}
```
-
+
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
index cae7e9639e..f643e4cfe6 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-multi-forest.md
@@ -4,9 +4,11 @@ description: This topic explains how you add a device account for your Microsoft
keywords: multi forest deployment, on prem deployment, device account, Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.date: 08/28/2018
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index d5c567a57f..0cd6fc5219 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
title: Online deployment with Office 365 (Surface Hub)
description: This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment.
ms.assetid: D325CA68-A03F-43DF-8520-EACF7C3EDEC1
+ms.reviewer:
+manager: dansimp
keywords: device account for Surface Hub, online deployment
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 02/21/2018
ms.localizationpriority: medium
@@ -19,129 +21,129 @@ This topic has instructions for adding a device account for your Microsoft Surfa
If you have a pure, online (O365) deployment, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-os356-ps-scripts) to create device accounts.
-1. Start a remote PowerShell session on a PC and connect to Exchange.
+1. Start a remote PowerShell session on a PC and connect to Exchange.
- Be sure you have the right permissions set to run the associated cmdlets.
+ Be sure you have the right permissions set to run the associated cmdlets.
- ```PowerShell
- Set-ExecutionPolicy RemoteSigned
- $org='contoso.microsoft.com'
- $cred=Get-Credential admin@$org
- $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
- Import-PSSession $sess
- ```
+ ```PowerShell
+ Set-ExecutionPolicy RemoteSigned
+ $org='contoso.microsoft.com'
+ $cred=Get-Credential admin@$org
+ $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+ Import-PSSession $sess
+ ```
-2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
+2. After establishing a session, you’ll either create a new mailbox and enable it as a RoomMailboxAccount, or change the settings for an existing room mailbox. This will allow the account to authenticate into the Surface Hub.
- If you're changing an existing resource mailbox:
+ If you're changing an existing resource mailbox:
- ```PowerShell
- Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+ ```PowerShell
+ Set-Mailbox -Identity 'HUB01' -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+ ```
- If you’re creating a new resource mailbox:
+ If you’re creating a new resource mailbox:
- ```PowerShell
- New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+ ```PowerShell
+ New-Mailbox -MicrosoftOnlineServicesID HUB01@contoso.com -Alias HUB01 -Name "Hub-01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+ ```
-3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+3. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+ Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to False. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
- If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
+ If you haven’t created a compatible policy yet, use the following cmdlet—this one creates a policy called "Surface Hubs". Once it’s created, you can apply the same policy to other device accounts.
- ```PowerShell
- $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True
- ```
+ ```PowerShell
+ $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false -AllowNonProvisionableDevices $True
+ ```
- Once you have a compatible policy, then you will need to apply the policy to the device account.
+ Once you have a compatible policy, then you will need to apply the policy to the device account.
- ```PowerShell
- Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
- ```
+ ```PowerShell
+ Set-CASMailbox 'HUB01@contoso.com' -ActiveSyncMailboxPolicy $easPolicy.Id
+ ```
-4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
+4. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties need to be set in the [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md) section.
- ```PowerShell
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
- Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
- ```
+ ```PowerShell
+ Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
+ Set-CalendarProcessing -Identity 'HUB01@contoso.com' -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
+ ```
-5. Connect to Azure AD.
+5. Connect to Azure AD.
- You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
+ You first need to install Azure AD module for PowerShell version 2. In an elevated powershell prompt run the following command :
- ```PowerShell
- Install-Module -Name AzureAD
- ```
- You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
+ ```PowerShell
+ Install-Module -Name AzureAD
+ ```
+ You need to connect to Azure AD to apply some account settings. You can run this cmdlet to connect.
- ```PowerShell
- Import-Module AzureAD
- Connect-AzureAD -Credential $cred
- ```
+ ```PowerShell
+ Import-Module AzureAD
+ Connect-AzureAD -Credential $cred
+ ```
-6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
+6. If you decide to have the password not expire, you can set that with PowerShell cmdlets too. See [Password management](password-management-for-surface-hub-device-accounts.md) for more information.
- ```PowerShell
- Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
- ```
+ ```PowerShell
+ Set-AzureADUser -ObjectId "HUB01@contoso.com" -PasswordPolicies "DisablePasswordExpiration"
+ ```
-7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#sfb-online).
+7. Surface Hub requires a license for Skype for Business functionality. In order to enable Skype for Business, your environment will need to meet the [prerequisites for Skype for Business online](hybrid-deployment-surface-hub-device-accounts.md#skype-for-business-online).
- Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
+ Next, you can use `Get-AzureADSubscribedSku` to retrieve a list of available SKUs for your O365 tenant.
- Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
+ Once you list out the SKUs, you'll need to assign the SkuId you want to the `$License.SkuId` variable.
- ```PowerShell
- Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
+ ```PowerShell
+ Set-AzureADUser -ObjectId "HUB01@contoso.com" -UsageLocation "US"
- Get-AzureADSubscribedSku | Select Sku*,*Units
- $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
- $License.SkuId = SkuId You selected
+ Get-AzureADSubscribedSku | Select Sku*,*Units
+ $License = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicense
+ $License.SkuId = SkuId You selected
- $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
- $AssignedLicenses.AddLicenses = $License
- $AssignedLicenses.RemoveLicenses = @()
+ $AssignedLicenses = New-Object -TypeName Microsoft.Open.AzureAD.Model.AssignedLicenses
+ $AssignedLicenses.AddLicenses = $License
+ $AssignedLicenses.RemoveLicenses = @()
- Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
- ```
+ Set-AzureADUserLicense -ObjectId "HUB01@contoso.com" -AssignedLicenses $AssignedLicenses
+ ```
-8. Enable the device account with Skype for Business.
- If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366).
+8. Enable the device account with Skype for Business.
+ If the Skype for Business PowerShell module is not installed, [download the Skype for Business Online Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366).
- - Start by creating a remote PowerShell session from a PC.
+ - Start by creating a remote PowerShell session from a PC.
- ```PowerShell
- Import-Module SkypeOnlineConnector
- $cssess=New-CsOnlineSession -Credential $cred
- Import-PSSession $cssess -AllowClobber
- ```
+ ```PowerShell
+ Import-Module SkypeOnlineConnector
+ $cssess=New-CsOnlineSession -Credential $cred
+ Import-PSSession $cssess -AllowClobber
+ ```
- - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, *alice@contoso.com*):
+ - Next, if you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet (for example, alice@contoso.com):
- ```PowerShell
- (Get-CsTenant).TenantPoolExtension
- ```
- OR by setting a variable
+ ```PowerShell
+ Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool
+ ```
+ OR by setting a variable
- ```PowerShell
- $strRegistrarPool = (Get-CsTenant).TenantPoolExtension
- $strRegistrarPool = $strRegistrarPool[0].Substring($strRegistrarPool[0].IndexOf(':') + 1)
- ```
+ ```PowerShell
+ $strRegistrarPool = Get-CsOnlineUser -Identity 'alice@contoso.com' | fl registrarpool | out-string
+ $strRegistrarPool = $strRegistrarPool.Substring($strRegistrarPool.IndexOf(':') + 2)
+ ```
- - Enable the Surface Hub account with the following cmdlet:
+ - Enable the Surface Hub account with the following cmdlet:
- ```PowerShell
- Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
- ```
+ ```PowerShell
+ Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool yourRegistrarPool -SipAddressType EmailAddress
+ ```
- OR using the $strRegistarPool variable from above
+ OR using the $strRegistarPool variable from above
- ```PowerShell
- Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
- ```
+ ```PowerShell
+ Enable-CsMeetingRoom -Identity 'HUB01@contoso.com' -RegistrarPool $strRegistrarPool -SipAddressType EmailAddress
+ ```
For validation, you should be able to use any Skype for Business client (PC, Android, etc) to sign in to this account.
diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
index be86720a3a..22e7e1284c 100644
--- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
@@ -2,11 +2,13 @@
title: Password management (Surface Hub)
description: Every Microsoft Surface Hub device account requires a password to authenticate and enable features on the device.
ms.assetid: 0FBFB546-05F0-430E-905E-87111046E4B8
+ms.reviewer:
+manager: dansimp
keywords: password, password management, password rotation, device account
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md
index f750d07a4f..6d06a9ac69 100644
--- a/devices/surface-hub/physically-install-your-surface-hub-device.md
+++ b/devices/surface-hub/physically-install-your-surface-hub-device.md
@@ -2,11 +2,13 @@
title: Physically install Microsoft Surface Hub
description: The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation.
ms.assetid: C764DBFB-429B-4B29-B4E8-D7F0073BC554
+ms.reviewer:
+manager: dansimp
keywords: Surface Hub, readiness guide, installation location, mounting options
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -15,7 +17,7 @@ ms.localizationpriority: medium
# Physically install Microsoft Surface Hub
-The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
+The [Microsoft Surface Hub Readiness Guide](surface-hub-site-readiness-guide.md) will help make sure that your site is ready for the installation. It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
You may also want to check out the Unpacking Guide. It will show you how to unpack the devices efficiently and safely. There are two guides, one for the 55" and one for the 84". A printed version of the Unpacking Guide is attached to the outside front of each unit's shipping crate.
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index 6f1deba6b9..198dba4f74 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -2,11 +2,13 @@
title: Prepare your environment for Microsoft Surface Hub
description: This section contains an overview of the steps required to prepare your environment so that you can use all of the features of Microsoft Surface Hub.
ms.assetid: 336A206C-5893-413E-A270-61BFF3DF7DA9
+ms.reviewer:
+manager: dansimp
keywords: prepare environment, features of Surface Hub, create and test device account, check network availability
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 12/04/2017
ms.localizationpriority: medium
@@ -26,8 +28,8 @@ Review these dependencies to make sure Surface Hub features will work in your IT
| Active Directory or Azure Active Directory (Azure AD) |
The Surface Hub's uses an Active Directory or Azure AD account (called a **device account**) to access Exchange and Skype for Business services. The Surface Hub must be able to connect to your Active Directory domain controller or to your Azure AD tenant in order to validate the device account’s credentials, as well as to access information like the device account’s display name, alias, Exchange server, and Session Initiation Protocol (SIP) address.
You can also domain join or Azure AD join your Surface Hub to allow a group of authorized users to configure settings on the Surface Hub. |
| Exchange (Exchange 2013 or later, or Exchange Online) and Exchange ActiveSync |
Exchange is used for enabling mail and calendar features, and also lets people who use the device send meeting requests to the Surface Hub, enabling one-touch meeting join.
ActiveSync is used to sync the device account’s calendar and mail to the Surface Hub. If the device cannot use ActiveSync, it will not show meetings on the welcome screen, and joining meetings and emailing whiteboards will not be enabled. |
| Skype for Business (Lync Server 2013 or later, or Skype for Business Online) | Skype for Business is used for various conferencing features, like video calls, instant messaging, and screen sharing.|
-| Mobile device management (MDM) solution (Microsoft Intune, System Center Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
-| Microsoft Operations Managmement Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
+| Mobile device management (MDM) solution (Microsoft Intune, Microsoft Endpoint Configuration Manager, or supported third-party MDM provider) | If you want to apply settings and install apps remotely, and to multiple devices at a time, you must set up a MDM solution and enroll the device to that solution. See [Manage settings with an MDM provider](manage-settings-with-mdm-for-surface-hub.md) for details. |
+| Microsoft Operations Management Suite (OMS) | OMS is used to monitor the health of Surface Hub devices. See [Monitor your Surface Hub](monitor-surface-hub.md) for details. |
| Network and Internet access | In order to function properly, the Surface Hub should have access to a wired or wireless network. Overall, a wired connection is preferred. 802.1X Authentication is supported for both wired and wireless connections.**802.1X authentication:** In Windows 10, version 1703, 802.1X authentication for wired and wireless connections is enabled by default in Surface Hub. If your organization doesn't use 802.1X authentication, there is no configuration required and Surface Hub will continue to function as normal. If you use 802.1X authentication, you must ensure that the authentication certification is installed on Surface Hub. You can deliver the certificate to Surface Hub using the [ClientCertificateInstall CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/clientcertificateinstall-csp) in MDM, or you can [create a provisioning package](provisioning-packages-for-surface-hub.md) and install it during first run or through the Settings app. After the certificate is applied to Surface Hub, 802.1X authentication will start working automatically.**Note:** For more information on enabling 802.1X wired authentication on Surface Hub, see [Enable 802.1x wired authentication](enable-8021x-wired-authentication.md).**Dynamic IP:** The Surface Hub cannot be configured to use a static IP. It must use DHCP to assign an IP address.**Proxy servers:** If your topology requires a connection to a proxy server to reach Internet services, then you can configure it during first run, or in Settings. Proxy credentials are stored across Surface Hub sessions and only need to be set once. |
Additionally, note that Surface Hub requires the following open ports:
@@ -100,15 +102,15 @@ When you go through the first-run program for your Surface Hub, there's some inf
-
[Create and test a device account](create-and-test-a-device-account-surface-hub.md)
For Windows 10, settings that use the registry or a content services platform (CSP) can be configured using provisioning packages. You can also add certificates during first run using provisioning.
-
[Admin group management](admin-group-management-for-surface-hub.md)
Every Surface Hub can be configured individually by opening the Settings app on the device. However, to prevent people who are not administrators from changing the settings, the Settings app requires administrator credentials to open the app and change settings.
The Settings app requires local administrator credentials to open the app.
@@ -121,9 +123,9 @@ When you go through the first-run program for your Surface Hub, there's some inf
- [Blog post: Surface Hub in a Multi-Domain Environment](https://blogs.technet.microsoft.com/y0av/2017/11/08/11/)
- [Blog post: Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
-
+
-
+
diff --git a/devices/surface-hub/provisioning-packages-for-surface-hub.md b/devices/surface-hub/provisioning-packages-for-surface-hub.md
index 5698f985b0..607c66829e 100644
--- a/devices/surface-hub/provisioning-packages-for-surface-hub.md
+++ b/devices/surface-hub/provisioning-packages-for-surface-hub.md
@@ -1,12 +1,14 @@
---
title: Create provisioning packages (Surface Hub)
-description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages.
+description: For Windows 10, settings that use the registry or a configuration service provider (CSP) can be configured using provisioning packages.
ms.assetid: 8AA25BD4-8A8F-4B95-9268-504A49BA5345
+ms.reviewer:
+manager: dansimp
keywords: add certificate, provisioning package
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 03/16/2019
ms.localizationpriority: medium
@@ -70,11 +72,11 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
### Create the provisioning package
1. Open Windows Configuration Designer:
- - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
+ - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
- or
+ or
- - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+ - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
2. Click **Provision Surface Hub devices**.
@@ -83,13 +85,13 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
### Configure settings
-
 To provision the device with a certificate, click **Add a certificate**. Enter a name for the certificate, and then browse to and select the certificate to be used.
-
 Toggle **Yes** or **No** for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select **No** if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting **Yes** and **Automatically detect settings**. If you toggle **Yes**, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server).
 You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, [set up Azure AD join in your organization](https://docs.microsoft.com/azure/active-directory/active-directory-azureadjoin-setup). The **maximum number of devices per user** setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click **Get bulk token**. In the **Let's get you signed in** window, enter an account that has permissions to join a device to Azure AD, and then the password. Click **Accept** to give Windows Configuration Designer the necessary permissions.To create a local administrator account, select that option and enter a user name and password. **Important:** If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.
-
 Toggle **Yes** or **No** for enrollment in MDM. If you toggle **Yes**, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. [Learn more about managing Surface Hub with MDM.](manage-settings-with-mdm-for-surface-hub.md)
-
 You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see [Provision PCs with apps](https://technet.microsoft.com/itpro/windows/configure/provision-pcs-with-apps). **Important:** Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail.
-
 You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See [Sample configuration file](#sample-configuration-file) for an example.**Important:** The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703.
-
You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.
+
To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.
+
Toggle Yes or No for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select No if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting Yes and Automatically detect settings. If you toggle Yes, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server).
+
You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, set up Azure AD join in your organization. The maximum number of devices per user setting in your Azure AD tenant determines how many times the bulk token that you get in the wizard can be used. To enroll the device in Azure AD, select that option and enter a friendly name for the bulk token you will get using the wizard. Set an expiration date for the token (maximum is 30 days from the date you get the token). Click Get bulk token. In the Let's get you signed in window, enter an account that has permissions to join a device to Azure AD, and then the password. Click Accept to give Windows Configuration Designer the necessary permissions.To create a local administrator account, select that option and enter a user name and password. Important: If you create a local account in the provisioning package, you must change the password using the Settings app every 42 days. If the password is not changed during that period, the account might be locked out and unable to sign in.
+
Toggle Yes or No for enrollment in MDM. If you toggle Yes, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. Learn more about managing Surface Hub with MDM.
+
You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see Provision PCs with apps. Important: Although the wizard interface allows you to select a Classic Win32 app, only include UWP apps in a provisioning package that will be applied to Surface Hub. If you include a Classic Win32 app, provisioning will fail.
+
You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See Sample configuration file for an example.Important: The configuration file can only be applied during the out-of-box setup experience (OOBE) and can only be used with provisioning packages created using the Windows Configuration Designer released with Windows 10, version 1703.
+
You can set a password to protect your provisioning package. You must enter this password when you apply the provisioning package to a device.
After you're done, click **Create**. It only takes a few seconds. When the package is built, the location where the package is stored is displayed as a hyperlink at the bottom of the page.
@@ -139,11 +141,11 @@ After you [install Windows Configuration Designer](https://technet.microsoft.com
### Create the provisioning package (advanced)
1. Open Windows Configuration Designer:
- - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
+ - From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
- or
+ or
- - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+ - If you installed Windows Configuration Designer from the ADK, navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
2. Click **Advanced provisioning**.
diff --git a/devices/surface-hub/remote-surface-hub-management.md b/devices/surface-hub/remote-surface-hub-management.md
index 5038e225b5..7a9acbe0fd 100644
--- a/devices/surface-hub/remote-surface-hub-management.md
+++ b/devices/surface-hub/remote-surface-hub-management.md
@@ -4,10 +4,12 @@ description: This section lists topics for managing Surface Hub.
keywords: remote management, MDM, install apps, monitor Surface Hub, Operations Management Suite, OMS
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md
index 3a013dd827..6bbfd1532a 100644
--- a/devices/surface-hub/save-bitlocker-key-surface-hub.md
+++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md
@@ -2,13 +2,15 @@
title: Save your BitLocker key (Surface Hub)
description: Every Microsoft Surface Hub is automatically set up with BitLocker drive encryption software. Microsoft strongly recommends that you make sure you back up your BitLocker recovery keys.
ms.assetid: E11E4AB6-B13E-4ACA-BCE1-4EDC9987E4F2
+ms.reviewer:
+manager: dansimp
keywords: Surface Hub, BitLocker, Bitlocker recovery keys
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 07/08/2019
ms.localizationpriority: medium
---
@@ -25,7 +27,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
2. If you’ve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
-3. If you’re using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
+3. If you’re using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
## Related topics
diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md
index 80178e7c22..96f42c3df1 100644
--- a/devices/surface-hub/set-up-your-surface-hub.md
+++ b/devices/surface-hub/set-up-your-surface-hub.md
@@ -2,11 +2,13 @@
title: Set up Microsoft Surface Hub
description: Set up instructions for Surface Hub include a setup worksheet, and a walkthrough of the first-run program.
ms.assetid: 4D1722BC-704D-4471-BBBE-D0500B006221
+ms.reviewer:
+manager: dansimp
keywords: set up instructions, Surface Hub, setup worksheet, first-run program
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -35,21 +37,21 @@ Before you turn on your Microsoft Surface Hub for the first time, make sure you'
-
[Setup worksheet](setup-worksheet-surface-hub.md)
-
When you've finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.
When you've finished pre-setup and are ready to start first-time setup for your Surface Hub, make sure you have all the information listed in this section.
The term "first run" refers to the series of steps you'll go through the first time you power up your Surface Hub, and means the same thing as "out-of-box experience" (OOBE). This section will walk you through the process.
The term "first run" refers to the series of steps you'll go through the first time you power up your Surface Hub, and means the same thing as "out-of-box experience" (OOBE). This section will walk you through the process.
-
+
-
+
-
+
diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md
index f66fce4ef7..6043d88f1d 100644
--- a/devices/surface-hub/setup-worksheet-surface-hub.md
+++ b/devices/surface-hub/setup-worksheet-surface-hub.md
@@ -2,13 +2,15 @@
title: Setup worksheet (Surface Hub)
description: When you've finished pre-setup and are ready to start first-time setup for your Microsoft Surface Hub, make sure you have all the information listed in this section.
ms.assetid: AC6F925B-BADE-48F5-8D53-8B6FFF6EE3EB
+ms.reviewer:
+manager: dansimp
keywords: Setup worksheet, pre-setup, first-time setup
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 06/20/2019
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/skype-hybrid-voice.md b/devices/surface-hub/skype-hybrid-voice.md
index 5537a823c7..c805fb9005 100644
--- a/devices/surface-hub/skype-hybrid-voice.md
+++ b/devices/surface-hub/skype-hybrid-voice.md
@@ -1,13 +1,15 @@
---
title: Online or hybrid deployment using Skype Hybrid Voice environment (Surface Hub)
description: This topic explains how to enable Skype for Business Cloud PBX with on premises PSTN connectivity via Cloud Connector Edition or Skype for Business 2015 pool.
-keywords: hybrid deployment, Skype Hybrid Voice
+keywords: hybrid deployment, Skype Hybrid Voice
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
@@ -20,72 +22,72 @@ If you deployed Skype for Business Cloud PBX with one of the hybrid voice option
>[!WARNING]
>If you create an account before configuration of Hybrid voice (you run Enable-CSMeetingRoom command), you will not be able to configure required hybrid voice parameters. In order to configure hybrid voice parameters for a previously configured account or to reconfigure a phone number, delete the E5 or E3 + Cloud PBX add-on license, and then follow the steps below, starting at step 3.
-1. Create a new user account for Surface Hub. This example uses **surfacehub2@adatum.com**. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud.
+1. Create a new user account for Surface Hub. This example uses surfacehub2@adatum.com. The account can be created in local Active Directory and synchronized to the cloud, or created directly in the cloud.
-2. Select **Password Never Expires**. This is important for a Surface Hub device.
+2. Select **Password Never Expires**. This is important for a Surface Hub device.
- 
+ 
-3. In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work.
+3. In Office 365, add **E5** license or **E3 and Cloud PBX** add-on to the user account created for the room. This is required for Hybrid Voice to work.
- 
+ 
-4. Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online.
+4. Wait approximately 15 minutes until the user account for the room appears in Skype for Business Online.
-5. After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet:
+5. After the user account for room is created in Skype for Business Online, enable it for Hybrid Voice in Skype for Business Remote PowerShell by running the following cmdlet:
- ```
- Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102
- ```
+ ```
+ Set-csuser surfacehub2@adatum.com EnterpriseVoiceEnabled $true -HostedVoiceMail $true -onpremlineuri tel:+15005000102
+ ```
-6. Validate Hybrid Voice call flow by placing test calls from the Surface Hub.
+6. Validate Hybrid Voice call flow by placing test calls from the Surface Hub.
-7. Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets.
+7. Start a remote PowerShell session on a PC and connect to Exchange by running the following cmdlets.
- ```
- Set-ExecutionPolicy Unrestricted
- $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
- $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
- Import-PSSession $sess
- ```
+ ```
+ Set-ExecutionPolicy Unrestricted
+ $cred=Get-Credential -Message "Please use your Office 365 admin credentials"
+ $sess= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/ps1-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
+ Import-PSSession $sess
+ ```
-8. After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub.
+8. After establishing a session, modify the user account for the room to enable it as a **RoomMailboxAccount** by running the following cmdlets. This allows the account to authenticate with Surface Hub.
- ```
- Set-Mailbox surfacehub2@adatum.com -Type Room
- Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
- ```
+ ```
+ Set-Mailbox surfacehub2@adatum.com -Type Room
+ Set-Mailbox surfacehub2@adatum.com -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+ ```
-9. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
+9. After setting up the mailbox, you will need to either create a new Exchange ActiveSync policy, or use a compatible existing policy.
- Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
+ Surface Hubs are only compatible with device accounts that have an ActiveSync policy where the **PasswordEnabled** property is set to **False**. If this isn’t set properly, then Exchange services on the Surface Hub (mail, calendar, and joining meetings), will not be enabled.
- If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts.
+ If you haven’t created a compatible policy yet, use the following cmdlet (this one creates a policy called "Surface Hubs"). After it’s created, you can apply the same policy to other device accounts.
- ```
- $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false
- ```
+ ```
+ $easPolicy = New-MobileDeviceMailboxPolicy -Name "SurfaceHubs" -PasswordEnabled $false
+ ```
- After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again).
+ After you have a compatible policy, then you will need to apply the policy to the device account. However, policies can only be applied to user accounts and not resource mailboxes. Run the following cmdlets to convert the mailbox into a user type, apply the policy, and then convert it back into a mailbox (you may need to re-enable the account and set the password again).
- ```
- Set-Mailbox surfacehub2@adatum.com -Type Regular
- Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id
- Set-Mailbox surfacehub2@adatum.com -Type Room
- $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
- Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
- ```
+ ```
+ Set-Mailbox surfacehub2@adatum.com -Type Regular
+ Set-CASMailbox surfacehub2@adatum.com -ActiveSyncMailboxPolicy $easPolicy.id
+ Set-Mailbox surfacehub2@adatum.com -Type Room
+ $credNewAccount = Get-Credential -Message "Please provide the Surface Hub username and password"
+ Set-Mailbox surfacehub2@adatum.com -RoomMailboxPassword $credNewAccount.Password -EnableRoomMailboxAccount $true
+ ```
-10. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties.
+10. Various Exchange properties must be set on the device account to improve the meeting experience. You can see which properties can be set in [Exchange properties](exchange-properties-for-surface-hub-device-accounts.md). The following cmdlets provide an example of setting Exchange properties.
```
Set-CalendarProcessing surfacehub2@adatum.com -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false
Set-CalendarProcessing surfacehub2@adatum.com -AddAdditionalResponse $true -AdditionalResponse "This is a Surface Hub room!"
```
-11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the acount as a meeting device.
+11. Enable the mailbox as a meeting device in Skype for Business Online. Run the following cmdlet which enables the account as a meeting device.
```
Get-CsTenant | select registrarpool
@@ -103,4 +105,4 @@ At this moment the room account is fully configured, including Hybrid Voice. If
In the following image, you can see how the device appears to users.
-
\ No newline at end of file
+
diff --git a/devices/surface-hub/support-solutions-surface-hub.md b/devices/surface-hub/support-solutions-surface-hub.md
index 66d4455737..b683f85daf 100644
--- a/devices/surface-hub/support-solutions-surface-hub.md
+++ b/devices/surface-hub/support-solutions-surface-hub.md
@@ -2,11 +2,13 @@
title: Top support solutions for Microsoft Surface Hub
description: Find top solutions for common issues using Surface Hub.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+ms.reviewer:
+manager: dansimp
keywords: Troubleshoot common problems, setup issues
ms.prod: surface-hub
ms.sitesec: library
-author: kaushika-msft
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 10/24/2017
ms.localizationpriority: medium
diff --git a/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
new file mode 100644
index 0000000000..98ad30890e
--- /dev/null
+++ b/devices/surface-hub/surface-Hub-installs-updates-and-restarts-outside-maintenance-hours.md
@@ -0,0 +1,40 @@
+---
+title: Surface Hub may install updates and restart outside maintenance hours
+description: troubleshooting information for Surface Hub regarding automatic updates
+ms.assetid: 6C09A9F8-F9CF-4491-BBFB-67A1A1DED0AA
+keywords: surface hub, maintenance window, update
+ms.prod: surface-hub
+ms.sitesec: library
+author: Teresa-MOTIV
+ms.author: v-tea
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub may install updates and restart outside maintenance hours
+
+Under specific circumstances, Surface Hub installs updates during business hours instead of during the regular maintenance window. The device then restarts if it is necessary. You cannot use the device until the process is completed.
+
+> [!NOTE]
+> This isn't expected behavior for missing a maintenance window. It occurs only if the device is out-of-date for a long time.
+
+## Cause
+To ensure that Surface Hub remains available for use during business hours, the Hub is configured to perform administrative functions during a maintenance window that is defined in Settings (see "References," below). During this maintenance period, the Hub automatically installs any available updates through Windows Update or Windows Server Update Service (WSUS). Once updates are complete, the Hub may restart.
+
+Updates can be installed during the maintenance window only if the Surface Hub is turned on but not in use or reserved. For example, if the Surface Hub is scheduled for a meeting that lasts 24 hours, any updates that are scheduled to be installed will be deferred until the Hub is available during the next maintenance window. If the Hub continues to be busy and misses multiple maintenance windows, the Hub will eventually begin to install and download updates. This can occur during or outside the maintenance window. Once the download and installation has begun, the device may restart.
+
+## To avoid this issue
+
+It's important that you set aside maintenance time for Surface Hub to perform administrative functions. Reserving the Surface Hub for 24 hour intervals or using the device during the maintenance window delays installing updates. We recommend that you not use or reserve the Hub during scheduled maintenance period. A two-hour window should be reserved for updating.
+
+One option that you can use to control the availability of updates is Windows Server Update Service (WSUS). WSUS provides control over what updates are installed and when.
+
+## References
+
+[Update the Surface Hub](first-run-program-surface-hub.md#update-the-surface-hub)
+
+[Maintenance window](manage-windows-updates-for-surface-hub.md#maintenance-window)
+
+[Deploy Windows 10 updates using Windows Server Update Services (WSUS)](/windows/deployment/update/waas-manage-updates-wsus)
+
+
diff --git a/devices/surface-hub/surface-hub-2s-account.md b/devices/surface-hub/surface-hub-2s-account.md
new file mode 100644
index 0000000000..fb93b0e7d9
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-account.md
@@ -0,0 +1,96 @@
+---
+title: "Create Surface Hub 2S device account"
+description: "This page describes the procedure for creating the Surface Hub 2S device account."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Create Surface Hub 2S device account
+
+Creating a Surface Hub device account (also known as a Room mailbox) allows Surface Hub 2S to receive, approve, or decline meeting requests and join meetings using Microsoft Teams or Skype for Business. Configure the device account during OOBE setup. If needed you can change it later (without going through OOBE setup).
+
+Unlike standard Room mailboxes that remain disabled by default, you need to enable the Surface Hub 2S device account to sign on to Microsoft Teams and Skype for Business. Surface Hub 2S relies on Exchange ActiveSync, which requires an ActiveSync mailbox policy on the device account. Apply the default ActiveSync mailbox policy that comes with Exchange Online.
+
+Create the account using the Microsoft 365 admin center or by using PowerShell. You can use Exchange Online PowerShell to configure specific features including:
+
+- Calendar processing for every Surface Hub device account.
+- Custom auto replies to scheduling requests.
+- If the default ActiveSync mailbox policy has already been modified by someone else or another process, you will likely have to create and assign a new ActiveSync mailbox policy
+
+## Create account using Microsoft 365 admin center
+
+1. In the Microsoft 365 admin center, go to **Resources** and choose **Rooms & Equipment** and then select **+ Room**.
+
+2. Provide a name and email address for the device account. Leave remaining settings unchanged in the default state.
+
+
+
+
+
+3. Set the password for the device account. To set the password, choose **Users** and then select **Active Users**. Now search for the newly created user to set the password. Ensure that you **do not** select the option **Make this user change their password when they first sign in.**
+
+
+
+4. Assign the room with an Office 365 license. It’s recommended to assign the Office 365 **Meeting Room** license, a new option that automatically enables the account for Skype for Business Online and Microsoft Teams.
+
+
+
+### Finalize setup via PowerShell
+
+- **Skype for Business:** For Skype for Business only (on-premises or online), you can enable the Skype for Business object by running **Enable-CsMeetingRoom** to enable features such as Meeting room prompt for audio and Lobby hold.
+
+- **Microsoft Teams and Skype for Business Calendar:** Set [**Calendar Auto processing**](https://docs.microsoft.com/surface-hub/surface-hub-2s-account?source=docs#set-calendar-auto-processing) for this account.
+
+## Create account using PowerShell
+Instead of using the Microsoft Admin Center portal, you can create the account using PowerShell.
+
+### Connect to Exchange Online PowerShell
+
+```powershell
+$365Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell -Credential (Get-Credential) -Authentication Basic –AllowRedirection
+$ImportResults = Import-PSSession $365Session
+```
+
+### Create a new Room Mailbox
+
+```powershell
+New-Mailbox -MicrosoftOnlineServicesID account@YourDomain.com -Alias SurfaceHub2S -Name SurfaceHub2S -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String "" -AsPlainText -Force)
+```
+
+### Set Calendar Auto processing
+
+```powershell
+Set-CalendarProcessing -Identity "account@YourDomain.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
+```
+
+### Assign a license
+
+```powershell
+Connect-MsolService
+Set-Msoluser -UserPrincipalName account@YourDomain.com -UsageLocation IE
+Set-MsolUserLicense -UserPrincipalName "account@YourDomain.com" -AddLicenses "contoso:MEETING_ROOM"
+```
+
+## Connect to Skype for Business Online using PowerShell
+
+### Install prerequisites
+
+- [Visual C++ 2017 Redistributable](https://aka.ms/vs/15/release/vc_redist.x64.exe)
+- [Skype for Business Online PowerShell Module](https://www.microsoft.com/download/confirmation.aspx?id=39366)
+
+```powershell
+Import-Module LyncOnlineConnector
+$SfBSession = New-CsOnlineSession -Credential (Get-Credential)
+Import-PSSession $SfBSession -AllowClobber
+
+# Enable the Skype for Business meeting room
+Enable-CsMeetingRoom -Identity account@YourDomain.com -RegistrarPool(Get-CsTenant).Registrarpool -SipAddressType EmailAddress
+```
diff --git a/devices/surface-hub/surface-hub-2s-adoption-kit.md b/devices/surface-hub/surface-hub-2s-adoption-kit.md
new file mode 100644
index 0000000000..2cc29c519b
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-adoption-kit.md
@@ -0,0 +1,59 @@
+---
+title: "Surface Hub 2S Adoption and training guides"
+description: "Microsoft has developed downloadable materials that you can make available for your users to aid in adoption of Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 11/04/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S adoption and training guides
+
+Whether you're a small or large business, a Surface Hub adoption plan is critical in generating the right use cases and helping your users become comfortable with the device. Check out these downloadable guides designed to help you deliver training across your organization.
+
+## On-demand training
+
+- [Surface Hub 2S adoption and training videos](surface-hub-2s-adoption-videos.md)
+
+## Adoption toolkit
+
+- [Surface Hub adoption toolkit](downloads/SurfaceHubAdoptionToolKit.pdf)
+
+## Training guides
+
+- [Training guide – end user](downloads/TrainingGuide-SurfaceHub2S-EndUser.pdf)
+- [Training guide – power user](downloads/TrainingGuide-SurfaceHub2S-PowerUser.pdf)
+- [Training guide – help desk](downloads/TrainingGuide-SurfaceHub2S-HelpDesk.pdf)
+- [Training guide – Microsoft Teams desktop](downloads/Guide-SurfaceHub2S-Teams.pptx)
+
+[Download all training guides](https://download.microsoft.com/download/2/2/3/2234F70E-E65A-4790-93DF-F4C373A75B8E/SurfaceHub2S-TrainerGuides-July2019.zip)
+
+## End user guides
+
+- [Guide to Navigation on Surface Hub](downloads/Guide-SurfaceHub2S-Navigation.pptx)
+- [Guide to Office 365 on Surface Hub](downloads/Guide-SurfaceHub2S-Office365.pptx)
+- [Guide to Microsoft Whiteboard on Surface Hub](downloads/Guide-SurfaceHub2S-Whiteboard.pptx)
+- [Guide to Microsoft Teams on Surface Hub](downloads/Guide-SurfaceHub2S-Teams.pptx)
+
+[Download all end user guides](https://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
+
+## Quick reference cards
+
+- [Connect your PC](downloads/QRCConnectYourPC.pdf)
+- [Join a Teams Meeting](downloads/QRCJoinTeamsMeeting.pdf)
+- [Manage a Teams meeting](downloads/QRCManageTeamsMeeting.pdf)
+- [Navigation basics](downloads/QRCNavigationBasics.pdf)
+- [Schedule a Teams meeting](downloads/QRCScheduleTeamsMeeting.pdf)
+- [Start a new Teams meeting](downloads/QRCStartNewTeamsMeeting.pdf)
+- [Share or send a file](downloads/QRCShareSendFile.pdf)
+- [Sign in to view meetings and files](downloads/QRCSignInToViewMeetingsFiles.pdf)
+- [Whiteboard advanced](downloads/QRCWhiteboardAdvanced.pdf)
+- [Whiteboard tools](downloads/QRCWhiteboardTools.pdf)
+
+[Download all quick reference cards](https://download.microsoft.com/download/E/7/F/E7FC6611-BB55-43E1-AF36-7BD5CE6E0FE0/SurfaceHub2S-EndUserGuides-July2019.zip)
diff --git a/devices/surface-hub/surface-hub-2s-adoption-videos.md b/devices/surface-hub/surface-hub-2s-adoption-videos.md
new file mode 100644
index 0000000000..5e0419624f
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-adoption-videos.md
@@ -0,0 +1,137 @@
+---
+title: "Surface Hub 2S on-demand adoption and training videos"
+description: "This page contains on-demand training for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 11/04/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S on-demand adoption and training videos
+
+This page contains comprehensive training for Surface Hub 2S, available on demand.
+
+## Chapter 1 - Training overview
+
+> ![VIDEO ]
+
+- Welcome and introduction
+- Training overview and agenda
+- Software and technology reference
+- Surface Hub messaging
+- Industries and user roles
+- Overview of training services
+- Training best practices
+
+## Chapter 2 - Getting started with Surface Hub
+
+> ![VIDEO ]
+
+- What is Surface Hub?
+- Technical overview
+- Steelcase Roam and the mobility story
+- Surface Hub services
+- Getting started with Surface Hub
+- Gathering expectations
+
+## Chapter 3 - Navigating Surface Hub
+
+> ![VIDEO ]
+
+- Welcome screen
+- Start menu
+- Full screen
+- Clip to Whiteboard
+- Task bar menu
+- Teams/Skype
+- End Session
+
+## Chapter 4 - Whiteboarding and collaboration
+
+> ![VIDEO ]
+
+- Whiteboard introduction
+- Starting the Whiteboard
+- Whiteboard tools
+- Inserting pictures
+- Changing the background
+- Sharing the whiteboard
+- Export the Whiteboard
+
+## Chapter 5 - Exploring Surface Hub apps
+
+> ![VIDEO ]
+
+- Surface Hub apps introduction
+- PowerPoint overview
+- Microsoft Word
+- Microsoft Excel
+- Microsoft Edge
+
+## Chapter 6 - Advanced apps and Office 365
+
+> ![VIDEO ]
+
+- Advanced apps introduction
+- Microsoft Maps
+- Photos
+- Power BI
+- Sign in to Office 365
+- OneDrive
+- CoAuthor documents
+
+## Chapter 7 - Connecting devices
+
+> ![VIDEO ]
+
+- Connect introduction
+- Miracast overview
+- Touch and Pen Input
+- Wired connect overview
+- Line of Business app workflows
+- Troubleshooting Miracast and wired connect
+
+## Chapter 8 - Skype for Business meetings
+
+> ![VIDEO ]
+
+- Introduction to Skype for Business
+-Scheduling Skype for Business meetings
+- Start a meeting
+- Start an ad hoc meeting
+- Join a meeting on your calendar
+- Managing a Skype for Business meeting
+- Present content
+
+## Chapter 9 - Microsoft Teams meetings
+
+> ![VIDEO ]
+
+- Introduction to Microsoft Teams
+- Scheduling Microsoft Teams meetings
+- Start a meeting
+- Start an ad hoc meeting
+- Join a meeting on your calendar
+- Managing a Microsoft Teams meeting
+- Present content
+- Conclusion
+
+## Chapter 10 - Basic troubleshooting
+
+> ![VIDEO ]
+
+- Introduction to Surface Hub troubleshooting
+- Application troubleshooting
+- End Session
+- Restart the device
+- Power cycle the device
+- Factory reset
+- Settings
+- Manage Surface Hub
+- Conclusion
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-2s-change-history.md b/devices/surface-hub/surface-hub-2s-change-history.md
new file mode 100644
index 0000000000..f629bd6bd6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-change-history.md
@@ -0,0 +1,38 @@
+---
+title: "Change history for Surface Hub 2S"
+description: "This page shows change history for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+audience: Admin
+ms.manager: laurawi
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Change history for Surface Hub 2S
+
+This topic summarizes new and updated content in the Surface Hub 2S documentation library.
+
+## August 2019
+
+Changes | Description
+|:--- |:---
+|Connect devices to Surface Hub 2S| Updated with guidance for connecting to a second display.
+
+## July 2019
+
+Changes | Description
+|:--- |:--- |
+| Reset and recovery for Surface Hub 2S | Added link to Surface recovery website that enables customers to download a recovery image for Surface Hub 2S |
+| Surface Hub 2S tech specs | Updated power consumption data |
+| Surface Hub 2S Adoption Kit | New |
+
+## June 2019
+
+Changes | Description
+|:--- |:--- |
+| Published new guidance for Surface Hub 2S | New |
diff --git a/devices/surface-hub/surface-hub-2s-connect.md b/devices/surface-hub/surface-hub-2s-connect.md
new file mode 100644
index 0000000000..a32df68734
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-connect.md
@@ -0,0 +1,134 @@
+---
+title: "Connect devices to Surface Hub 2S"
+description: "This page explains how to connect external devices to Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 11/13/2019
+ms.localizationpriority: Medium
+---
+
+# Connect devices to Surface Hub 2S
+Surface Hub 2S enables you to connect external devices, mirror the display on Surface Hub 2S to another device, and connect multiple third-party peripherals including video conference cameras, conference phones, and room system devices.
+
+You can display content from your devices to Surface Hub 2S. If the source device is Windows-based, that device can also provide TouchBack and InkBack, which takes video and audio from the connected device and presents them on Surface Hub 2S. If Surface Hub 2S encounters a High-Bandwidth Digital Content Protection (HDCP) signal, such as a Blu-ray DVD player, the source is displayed as a black image.
+
+> [!NOTE]
+> Surface Hub 2S uses the video input selected until a new connection is made, the existing connection is disrupted, or the Connect app is closed.
+
+## Recommended wired configurations
+
+In general, it’s recommended to use native cable connections whenever possible such as USB-C to USB-C or HDMI to HDMI. Other combinations such as MiniDP to HDMI or MiniDP to USB-C will also work. Some additional configuration may be required to optimize the video-out experience, as described on this page.
+
+| **Connection** | **Functionality** | **Description**|
+| --- | --- | ---|
+| HDMI + USB-C | HDMI-in for audio and video
USB-C for TouchBack and InkBack | USB-C supports TouchBack and InkBack with the HDMI A/V connection.
Use USB-C to USB-A to connect to legacy computers.
**NOTE:** For best results, connect HDMI before connecting a USB-C cable. If the computer you're using for HDMI is not compatible with TouchBack and InkBack, you won't need a USB-C cable. |
+| USB-C (via compute module) | Video-in Audio-in | Single cable needed for A/V
TouchBack and InkBack is supported
HDCP enabled |
+| HDMI (in port) | Video, Audio into Surface Hub 2S | Single cable needed for A/V
TouchBack and InkBack not supported
HDCP enabled |
+| MiniDP 1.2 output | Video-out such as mirroring to a larger projector. | Single cable needed for A/V |
+
+When you connect a guest computer to Surface Hub 2S via the USB-C port, several USB devices are discovered and configured. These peripheral devices are created for TouchBack and InkBack. As shown in the following table, the peripheral devices can be viewed in Device Manager, which will show duplicate names for some devices, as shown in the following table.
+
+
+|**Peripheral**| **Listing in Device Manager** |
+| ---------------------------- |------------- | ------------------------------|
+| Human interface devices | HID-compliant consumer control device HID-compliant pen HID-compliant pen (duplicate item) HID-compliant pen (duplicate item) HID-compliant touch screen USB Input Device USB Input Device (duplicate item) |
+| Keyboards | Standard PS/2 keyboard |
+| Mice and other pointing devices | HID-compliant mouse |
+| USB controllers | Generic USB hub USB composite device |
+
+## Connecting video-in to Surface Hub 2S
+
+You can input video to Surface Hub 2S using USB-C or HDMI, as indicated in the following table.
+
+### Surface Hub 2S video-in settings
+
+| **Signal Type** | **Resolution** | **Frame rate** | **HDMI** | **USB-C** |
+| --------------- | -------------- | -------------- | -------- | --------- |
+| PC | 640 x 480 | 60 | X | X |
+| PC | 720 x 480 | 60 | X | X |
+| PC | 1024 x 768 | 60 | X | X |
+| PC | 1920 x 1080 | 60 | X | X |
+| PC | 3840x2560 | 30 | X | X |
+| HDTV | 720p | 60 | X | X |
+| HDTV | 1080p | 60 | X | X |
+| 4K UHD | 3840x2560 | 30 | X | X |
+
+> [!NOTE]
+> The 4K UHD resolution (3840×2560) is only supported when connecting to ports on the compute module. It is not supported on the “guest” USB ports located on the left, top, and right sides of the device.
+
+> [!NOTE]
+> Video from a connected external PC may appear smaller when displayed on Surface Hub 2S.
+
+## Mirroring Surface Hub 2S display on another device
+
+You can output video to another display using MiniDP, as indicated in the following table.
+
+### Surface Hub 2S video-out settings
+
+| **Signal Type** | **Resolution** | **Frame rate** | **MiniDP** |
+| --------------- | -------------- | -------------- | ---------- |
+| PC | 640 x 480 | 60 | X |
+| PC | 720 x 480 | 60 | X |
+| PC | 1024 x 768 | 60 | X |
+| PC | 1920 x 1080 | 60 | X |
+| PC | 3840 x 2560 | 60 | X |
+| HDTV | 720p | 60 | X |
+| HDTV | 1080p | 60 | X |
+| 4K UHD | 3840 x 2560 | 60 | X |
+
+
+
+Surface Hub 2S includes a MiniDP video-out port for projecting visual content from Surface Hub 2S to another display. If you plan to use Surface Hub 2S to project to another display, note the following recommendations:
+
+- **Keyboard required.** Before you begin, you’ll need to connect either a wired or Bluetooth-enabled external keyboard to Surface Hub 2S. Note that unlike the original Surface Hub, a keyboard for Surface Hub 2S is sold separately and is not included in the shipping package.
+- **Set duplicate mode.** Surface Hub 2S supports video-out in duplicate mode only. However, you will still need to manually configure the display mode when you connect for the first time:
+ 1. Enter the **Windows logo key** + **P**, which opens the Project pane on the right side of Surface Hub 2S, and then select **Duplicate** mode.
+ 2. When you’re finished with your Surface Hub 2S session, select **End Session**. This ensures that the duplicate setting is saved for the next session.
+- **Plan for different aspect ratios.** Like other Surface devices, Surface Hub 2S uses a 3:2 display aspect ratio (the relationship between the width and the height of the display). Projecting Surface Hub 2S onto displays with different aspect ratios is supported. Note however that because Surface Hub 2S duplicates the display, the MiniDP output will also only display in a 3:2 aspect ratio, which may result in letterboxing or curtaining depending on the aspect ratio of the receiving display.
+
+> [!NOTE]
+> if your second monitor uses a 16:9 aspect ratio (the predominant ratio for most TV monitors), black bars may appear on the left and right sides of the mirrored display. If this occurs, you may wish to inform your users that there is no need to adjust the second display.
+
+## Selecting cables
+
+Note the following recommendations:
+
+- **USB.** USB 3.1 Gen 2 cables.
+- **MiniDP.** DisplayPort cables certified for up to 3 meters in length.
+- **HDMI.** If a long cable is necessary, HDMI is recommended due to the wide availability of cost-effective, long-haul cables with the ability to install repeaters if needed.
+
+> [!NOTE]
+> Most DisplayPort sources will automatically switch to HDMI signaling if HDMI is detected.
+
+## Wirelessly connect to Surface Hub 2S
+
+Windows 10 natively supports Miracast, which lets you wireless connect to Surface Hub 2S.
+
+### To connect using Miracast:
+
+1. On your Windows 10 device, enter **Windows logo key** + **K**.
+2. In the Connect window, look for the name of your Surface Hub 2S in the list of nearby devices. You can find the name of your Surface Hub 2S in the bottom left corner of the display.
+3. Enter a PIN if your system administrator has enabled the PIN setting for Miracast connections. This requires you to enter a PIN number when you connect to Surface Hub 2S for the first time.
+
+> [!NOTE]
+>If you do not see the name of the Surface Hub 2S device as expected, it’s possible the previous session was prematurely closed. If so, sign into Surface Hub 2S directly to end the previous session and then connect from your external device.
+
+## Connecting peripherals to Surface Hub 2S
+
+### Bluetooth accessories
+
+You can connect the following accessories to Surface Hub-2S using Bluetooth:
+
+- Mice
+- Keyboards
+- Headsets
+- Speakers
+
+> [!NOTE]
+> After you connect a Bluetooth headset or speaker, you might need to change the default microphone and speaker settings. For more information, see [**Local management for Surface Hub settings**](https://docs.microsoft.com/surface-hub/local-management-surface-hub-settings).
diff --git a/devices/surface-hub/surface-hub-2s-custom-install.md b/devices/surface-hub/surface-hub-2s-custom-install.md
new file mode 100644
index 0000000000..c86ac8b4b3
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-custom-install.md
@@ -0,0 +1,86 @@
+---
+title: "Customize wall mount of Surface Hub 2S"
+description: "Learn how to perform a custom install of Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Customize wall mount of Surface Hub 2S
+
+If you’re not using certified mounting solutions, you can mount Surface Hub 2S using readily available retail hardware.
+
+## Set wall mount measurements
+
+Surface Hub 2S recommended mounting measurements:
+
+|**Item**|**Description**|**Notes**|
+|:------ |:------------- |:------- |
+|**Height from bottom of Surface Hub 2S**| 1026.5 mm (40.41”) | Recommended |
+|**Height from top of Surface Hub 2S**| 1767.2 mm (69.57”) | Recommended |
+|**Height from center of mount**| 1397 mm (55”) | Recommended |
+
+1. Measure 1026.5 mm (40.41”) from the floor level to set the recommended minimum height.
+2. Measure 1767.2 mm (69.57”) from the floor level to set the recommended top height.
+
+
+
+3. Measure 1397 mm (55”) mm from the floor level to set the recommended center height.
+
+
+
+## Obstruction free mounting
+
+In addition to the visible ports on the sides of the device, certain integrated components must remain free of obstruction in order to function correctly. These include the Bluetooth, Wi-Fi, occupancy, and mic sensors as well thermal cooling vents.
+ Keep out zones
+
+|**Item**|**Description**|**Notes**|
+|:---- |:----------- |:----- |
+|**Access**| Ensure unimpeded access to input/output ports, the compute cartridge, Bluetooth radio, Bluetooth sensor, Wi-Fi radio, Wi-Fi sensor, occupancy sensor. | See Figure 1. |
+|**Air flow**| Avoid blocking inlet and outlet air vent zones. | See Figure 2 |
+|**Audio**| Avoid blocking audio exit zone on rear of Surface Hub 2S. | See Figure 2. |
+
+
+***Figure 1. Keep out zones for Surface Hub 2S components***
+
+
+***Figure 2. Avoid blocking thermal inlet/outlet and audio exit zones. ***
+
+The removable compute cartridge containing the I/O ports must remain free of any obstructions or impediments of any kind.
+
+
+***Figure 3.View of compute cartridge on the underside of Surface Hub 2s.***
+
+
+***Figure 4. Unimpeded removal of compute cartridge***
+
+## Selecting a mounting system
+
+Surface Hub 2S uses a 350 mm x 350 mm mounting framework that meets most — but not all — of the criteria listed in the VESA Flat Display Mounting Interface Standard. You can install Surface Hub 2S using any of various off-the-shelf display brackets designed to accommodate displays that diverge from exact VESA specifications, as shown below.
+
+On the back of Surface Hub 2S, you’ll find a square pattern of four M6 x 1.0 threaded holes centered on the circular bump (565 mm in diameter). Attach your mount using four M6 x 1.0–12 mm-long metric bolts. Or, depending on preference, you can use longer bolts up to a maximum of 20 mm.
+Important considerations for mounting systems
+
+|**Item**|**Description**|**Notes**|
+|:------ |:------------- |:------- |
+|**Strength**| Only choose mounts that can safely support devices of at least 28 kg (62 lbs.). | Required |
+|**Stiffness**| Avoid flexible display mounts that can diminish the interactive pen and touch use experience. Most TV mounts are not designed to support touch displays. | Recommended |
+|**Depth**| Keep the device mounted tightly to the wall especially in corridors and along circulation paths within rooms.| Recommended |
+|**Versatility**| Ensure your mounting solution remains hidden from view in both the existing landscape mode and any potential portrait mode (subject to future availability). | Recommended |
+
+
+***Figure 5. Surface Hub 2S mounting configuration***
+
+## Mounting methods compatible with Surface Hub 2S
+
+Surface Hub 2S is compatible with mounts that allow you to place it at angles of 10-70 degrees from the vertical plane. Rail mounts typically have multiple holes and a set of slots, enabling compatibility across a wide range of displays. A rail attached to the wall and two mounts attached to the display enable you to securely install Surface Hub 2S to a wall. When evaluating rail mounts for compatibility, ensure they meet versatility requirements listed earlier.
+
+
+***Figure 6. Surface Hub 2S rail mounts***
diff --git a/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
new file mode 100644
index 0000000000..77fe0fa1ca
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-deploy-apps-intune.md
@@ -0,0 +1,58 @@
+---
+title: "Deploy apps to Surface Hub 2S using Intune"
+description: "Learn how you can deploy apps to Surface Hub 2S using Intune."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Deploy apps to Surface Hub 2S using Intune
+
+You can install additional apps to fit your team or organization's needs.
+
+## Developer guidelines
+
+- Surface Hub only runs [Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/windows/uwp/get-started/whats-a-uwp). Apps created using the [Desktop App Converter](https://docs.microsoft.com/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) will not run on Surface Hub.
+- Apps must be targeted for the [Universal device family](https://msdn.microsoft.com/library/windows/apps/dn894631) or Windows Team device family.
+- Surface Hub only supports [offline-licensed apps](https://docs.microsoft.com/microsoft-store/distribute-offline-apps) from [Microsoft Store for Business](https://businessstore.microsoft.com/store).
+- By default, apps must be Store-signed to be installed. During testing and development, you can also choose to run developer-signed UWP apps by placing the device in developer mode.
+- When developing and submitting apps to the Microsoft Store, set Device family availability and Organizational licensing options to ensure that apps are available to run on Surface Hub.
+- You need admin credentials to install apps on Surface Hub. Designed for use in meeting rooms and other shared spaces, Surface Hub prevents regular users from accessing the Microsoft Store to download and install apps.
+
+## Deployment guidelines
+
+You can deploy Universal Windows Platform (UWP) apps to Surface Hub 2S using Intune, easing app deployment to devices.
+
+1. To deploy apps, enable MDM for your organization. In the Intune portal, select **Intune** as your MDM Authority (recommended).
+
+ 
+
+2. Enable the Microsoft Store for Business in Intune. Open Intune, select **Client apps** > **Microsoft Store for Business.**
+
+ 
+
+3. In Intune open **Microsoft Store for Business** and select **Settings** > **Distribute** > **Management tools**. Choose **Microsoft Intune** as your management tool.
+
+ 
+
+4. In Microsoft Store for Business, select **Settings** > **Shop** > **Shopping Experience**, and then select **Show offline apps**. Offline apps refer to apps that can be synced to Intune and centrally deployed to a device.
+5. After enabling Offline shopping, you can acquire offline licenses for apps that you can sync to Intune and deploy as Device licensing.
+6. In **Intune** > **Client apps** > **Microsoft Store for Business**, select **Sync**.
+7. In the Client apps page, search for the app in the apps list. Assign the apps to the desired device group or groups. Select **Assignments** > **Add group**.
+
+
+
+8. Under assignment type, choose **Required**.
+
+
+
+9. For the selected groups, choose **Device licensing** and then select **OK** and save the assignment.
+
+
diff --git a/devices/surface-hub/surface-hub-2s-deploy-checklist.md b/devices/surface-hub/surface-hub-2s-deploy-checklist.md
new file mode 100644
index 0000000000..08421ad2f6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-deploy-checklist.md
@@ -0,0 +1,65 @@
+---
+title: "Surface Hub 2S deployment checklists"
+description: "Verify your deployment of Surface Hub 2S using pre- and post-deployment checklists."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S deployment checklists
+
+## Surface Hub 2S pre-deployment checklist
+
+|**Item**|**Response**|
+|:------ |:------ |
+|**Device account name**| |
+|**Device account UPN**| |
+|**ActiveSync Policy**| |
+|**Calendar processing configuration completed**| ☐ Yes ☐ No |
+|**Device-friendly name**| |
+|**Device host name**| |
+|**Affiliation**| ☐ None ☐ Active Directory affiliation ☐ Azure Active Directory |
+|**Microsoft Teams Mode**| ☐ Mode 0 ☐ Mode 1 ☐ Mode 2 |
+|**Device Management**| ☐ Yes, Microsoft Intune ☐ Yes, other mobile device manager [MDM] ☐ None |
+|**Proxy**| ☐ Automatic configuration ☐ Proxy server ☐ Proxy auto-config (PAC) file |
+|**Proxy authentication**| ☐ Device account credentials ☐ Prompt for credentials |
+|**Password rotation**| ☐ On ☐ Off |
+|**Skype for Business additional domain names (on-premises only)**| |
+|**Session timeout time**| |
+|**Session timeout action**| ☐ End session ☐ Allow resume |
+|**My meetings and files**| ☐ Enabled ☐ Disabled |
+|**Lock screen timeout**| |
+|**Sleep idle timeout**| |
+|**Bluetooth**| ☐ On ☐ Off |
+|**Use only BitLocker USB drives**| ☐ On ☐ Off |
+|**Install additional certificates (on-premises only)**| |
+|**Windows update**| ☐ Windows Update for Business ☐ Windows Server Update Services [WSUS] |
+|**Surface app speaker setting**| ☐ Rolling stand ☐ Wall-mounted |
+|**IP Address**| ☐ Wired — DHCP ☐ Wired — DHCP reservation ☐ Wireless — DHCP ☐ Wireless — DHCP reservation |
+
+## Surface Hub 2S post-deployment checklist
+
+|**Check**|**Response**|
+|:------|:---------|
+|**Device account syncing**| ☐ Yes ☐ No |
+|**Bitlocker key**| ☐ Saved to file (no affiliation) ☐ Saved in Active Directory (AD affiliation) ☐ Saved in Azure AD (Azure AD affiliation) |
+|**Device OS updates**| ☐ Completed |
+|**Windows Store updates**| ☐ Automatic ☐ Manual |
+|**Microsoft Teams scheduled meeting**| ☐ Confirmation email received ☐ Meeting appears on start screen ☐ One-touch join functions ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ||
+|**Skype for Business scheduled meeting**| ☐ Confirmation email received ☐ Meeting appears on start screen ☐ One-touch join functions correctly ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ☐ Able to send/receive IM |
+|**Scheduled meeting when already invited**| ☐ Meeting declined |
+|**Microsoft Teams ad-hoc meeting**| ☐ Invite other users work ☐ Able to join audio ☐ Able to join video ☐ Able to share screen |
+|**Skype for Business scheduled meeting**| ☐ Invite other users work ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ☐ Able to send/receive IM |
+|**Microsoft Whiteboard**| ☐ Launch from Welcome / Start screen ☐ Launch from Microsoft Teams |
+|**Incoming Skype/Teams call**| ☐ Able to join audio ☐ Able to join video ☐ Able to share screen ☐ Able to send/receive IM (Skype for Business only) |
+|**Incoming live video streams**| ☐ Maximum 2 (Skype for Business) ☐ Maximum 4 (Microsoft Teams) |
+|**Microsoft Teams Mode 0 behavior**| ☐ Skype for Business tile on Welcome/Start screen ☐ Can join scheduled Skype for Business meetings (Skype UI) ☐ Can join scheduled Teams meetings (Teams UI) |
+|**Microsoft Teams Mode 1 behavior**| ☐ Teams tile on Welcome/Start screen ☐ Can join scheduled Skype for Business meetings (Skype UI) ☐ Can join scheduled Teams meetings (Teams UI) |
+|**Microsoft Teams Mode 2 behavior**| ☐ Teams tile on Welcome / Start screen ☐ Can join scheduled Teams meetings ☐ Fail to join Skype for Business meetings |
diff --git a/devices/surface-hub/surface-hub-2s-deploy.md b/devices/surface-hub/surface-hub-2s-deploy.md
new file mode 100644
index 0000000000..87908ed944
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-deploy.md
@@ -0,0 +1,66 @@
+---
+title: "Create provisioning packages for Surface Hub 2S"
+description: "This page describes how to deploy Surface Hub 2S using provisioning packages and other tools."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Create provisioning packages for Surface Hub 2S
+
+You can use Windows Configuration Designer (WCD) to create provisioning packages to automate the deployment process of Surface Hub 2S. Use provisioning packages to add certificates, configure proxies, set up device administrators and device accounts. You can also use provisioning packages along with a configuration file to deploy multiple Surface Hubs with a single USB thumb drive.
+
+### Install Windows Configuration Designer
+
+Install Windows Configuration Designer from the Windows Assessment and Deployment Kit (ADK) for Windows 10. Download and install the [ADK for Windows 10, version 1703](https://go.microsoft.com/fwlink/p/?LinkId=845542). For more information, see [Download and install the Windows ADK](https://docs.microsoft.com/windows-hardware/get-started/adk-install).
+
+### Add certificates
+
+You can import Certificate Authority certificates to Surface Hub 2S.
+To add certificates to Surface Hub 2S, you need a copy of each certificate as X.509 in .cer format. You cannot import .crt, .pfx or other container formats. Certificates must be imported into Windows Configuration Designer and arranged by hierarchy:
+
+ 
+
+### Configure proxy during OOBE
+
+In Windows Configuration Designer, go to the Configure proxy settings tab and enter the appropriate settings as shown below.
+
+ 
+
+> [!NOTE]
+> When configuring proxy settings, turn off **Automatically detect settings** if you intend to use a setup script or a proxy server. You can use a setup script *or* a proxy server, not both.
+
+### Affiliate Surface Hub 2S with Azure Active Directory
+
+You can affiliate Surface Hub 2S with Azure Active Directory using a provisioning package:
+As an Azure Active Directory Global Administrator, you can join large numbers of new Windows devices to Azure Active Directory and Intune using a bulk token.
+
+To create a bulk token, give it a friendly name, configure the expiration date (maximum of 30 days) and use your Admin credentials to acquire the token as shown below:
+
+ 
+ 
+ 
+
+### Provisioning multiple devices (.csv file)
+
+In addition to the provisioning package, you can use a Surface Hub configuration file to make it even easier to set up your devices. A Surface Hub configuration file contains a list of device accounts and friendly names for wireless projection. During first run, you get an option to choose a device account and friendly name from a configuration file.
+
+### To create a Surface Hub configuration file
+
+1. Using Microsoft Excel or another CSV editor, create a CSV file named: **SurfaceHubConfiguration.csv**
+2. Enter a list of device accounts and friendly names in this format:
+
+```
+,,
+```
+
+3. Save the file to the root of the USB thumb drive where you copied the PPKG file.
+
+ 
diff --git a/devices/surface-hub/surface-hub-2s-install-mount.md b/devices/surface-hub/surface-hub-2s-install-mount.md
new file mode 100644
index 0000000000..1ae4dcadb6
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-install-mount.md
@@ -0,0 +1,36 @@
+---
+title: "Install and mount Surface Hub 2S"
+description: "Learn how to install and mount Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Install and mount Surface Hub 2S
+
+Surface Hub 2S is designed for ease of mobility with a form factor that enables you to quickly install and begin using the device. Microsoft has partnered with Steelcase on the following certified mounting solutions: Roam Mobile Stand and Roam Wall Mount. Both fully integrate with the design of Surface Hub 2S, enabling unimpeded access to the compute cartridge, power, USB-A, USB-C, and other ports.
+
+You can mount Surface Hub 2S with the certified wall mount or the certified mobile stand, both developed in partnership with Steelcase. Both fully integrate with the design of Surface Hub 2S, enabling unimpeded access to the compute cartridge along with all I/O ports and power.
+
+For more information, see [Officially licensed third-party accessories](http://licensedhardware.azurewebsites.net/surface) and view installation demos from the Surface product team at [Steelcase mobile stand and APC battery set up](https://youtu.be/VTzdu4Skpkg).
+
+ 
+
+If you’re not using licensed accessories, see [Customize wall mount of Surface Hub 2S](surface-hub-2s-custom-install.md).
+
+| 1. **Set up your mount first** | |
+|:------ |:-------- |
+| Leave your Surface Hub in the box until the mount is set up and mounting hardware is applied. Mount is not included. Your mount is sold separately. |  |
+| 2. **Attach hardware to the Surface Hub** | |
+| Mounting hardware and specific instructions are found in the box for your mount. |  |
+| 3. **Remove the instructional label before mounting.** | |
+| Get someone to help you lift and mount your Surface Hub. Make sure to hold and lift the Surface Hub from the bottom. |  |
+| 4. **Attach accessories and power on** | |
+| Install accessories and attach power cable as shown. See guides on the screen cling. Remove cling wrap from the screen. Press the power button to power on. |  |
diff --git a/devices/surface-hub/surface-hub-2s-manage-intune.md b/devices/surface-hub/surface-hub-2s-manage-intune.md
new file mode 100644
index 0000000000..be1df464ef
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-manage-intune.md
@@ -0,0 +1,74 @@
+---
+title: "Manage Surface Hub 2S with Intune"
+description: "Learn how to update and manage Surface Hub 2S using Intune."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Manage Surface Hub 2S with Intune
+
+## Register Surface Hub 2S with Intune
+
+Surface Hub 2S allows IT administrators to manage settings and policies using a mobile device management (MDM) provider. Surface Hub 2S has a built-in management component to communicate with the management server, so there is no need to install additional clients on the device.
+
+### Manual registration
+
+1. Sign in as a local administrator on Surface Hub 2S and open the **Settings** app. Select **Surface Hub** > **Device management** and then select **+** to add.
+2. After authenticating, the device will automatically register with Intune.
+
+ 
+
+### Auto registration — Azure Active Directory Affiliated
+
+During the initial setup process, when affiliating a Surface Hub with an Azure AD tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods). Azure AD affiliation and Intune auto enrollment is required for the Surface Hub to be a "compliant device" in Intune.
+
+## Windows 10 Team Edition settings
+
+Select Windows 10 Team for preset device restriction settings for Surface Hub and Surface Hub 2S.
+
+ 
+
+These settings include user experience and app behavior, Azure Log Analytics registration, Maintenance windows configuration, Session settings, and Miracast settings. For a complete list of available Windows 10 Team settings, see [SurfaceHub CSP](https://docs.microsoft.com/windows/client-management/mdm/surfacehub-csp).
+
+## Additional supported configuration service providers (CSPs)
+
+For additional supported CSPs, see [Surface Hub CSPs in Windows 10](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference#surfacehubcspsupport).
+
+## Quality of Service (QoS) settings
+
+To ensure optimal video and audio quality on Surface Hub 2S, add the following QoS settings to the device. The settings are identical for Skype for Business and Teams.
+
+|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
+|:------ |:------------- |:--------- |:------ |:------- |
+|**Audio Ports**| Audio Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition | String | 50000-50019 |
+|**Audio DSCP**| Audio ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/DSCPAction | Integer | 46 |
+|**Video Ports**| Video Port range | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/SourcePortMatchCondition | String | 50020-50039 |
+|**Video DSCP**| Video ports marking | ./Device/Vendor/MSFT/NetworkQoSPolicy/HubVideo/DSCPAction | Integer | 34 |
+
+> [!NOTE]
+> These are the default port ranges. Administrators may change the port ranges in the Skype for Business and Teams control panel.
+
+## Microsoft Teams Mode settings
+
+You can set the Microsoft Teams app mode using Intune. Surface Hub 2S comes installed with Microsoft Teams in mode 0, which supports both Microsoft Teams and Skype for Business. You can adjust the modes as shown below.
+
+### Modes:
+
+- Mode 0 — Skype for Business with Microsoft Teams functionality for scheduled meetings.
+- Mode 1 — Microsoft Teams with Skype for Business functionality for scheduled meetings.
+- Mode 2 — Microsoft Teams only.
+
+To set modes, add the following settings to a custom Device Configuration Profile.
+
+|**Name**|**Description**|**OMA-URI**|**Type**|**Value**|
+|:--- |:--- |:--- |:--- |:--- |
+|**Teams App ID**|App name|./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId|String| Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams|
+|**Teams App Mode**|Teams mode|./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode|Integer| 0 or 1 or 2|
diff --git a/devices/surface-hub/surface-hub-2s-manage-passwords.md b/devices/surface-hub/surface-hub-2s-manage-passwords.md
new file mode 100644
index 0000000000..accd5d7e84
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-manage-passwords.md
@@ -0,0 +1,21 @@
+---
+title: "Manage device account password rotation"
+description: "Learn how to configure Surface Hub 2S on-premises accounts with PowerShell"
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+# Manage device account password rotation
+
+You can configure Surface Hub 2S to automatically change a device account password without requiring you to manually update the device account information.
+
+If you turn on Password Rotation, Surface Hub 2S changes the password every 7 days. The automatically generated passwords contain 15-32 characters including a combination of uppercase and lowercase letters, numbers, and special characters.
+
+Passwords do not change during a meeting. If Surface Hub 2S is turned off, it attempts to change the password immediately when turned on or every 10 minutes until successful.
diff --git a/devices/surface-hub/surface-hub-2s-onprem-powershell.md b/devices/surface-hub/surface-hub-2s-onprem-powershell.md
new file mode 100644
index 0000000000..fb2c98dcbd
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-onprem-powershell.md
@@ -0,0 +1,72 @@
+---
+title: "Configure Surface Hub 2S on-premises accounts with PowerShell"
+description: "Learn how to configure Surface Hub 2S on-premises accounts with PowerShell"
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Configure Surface Hub 2S on-premises accounts with PowerShell
+
+## Connect to Exchange Server PowerShell
+
+> [!IMPORTANT]
+> You'll need the Fully Qualified Domain Name (FQDN) for the Client Access service of the on-premises Exchange server for some of these cmdlets.
+
+```PowerShell
+$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
+$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
+Import-PSSession $ExchSession
+```
+
+```PowerShell
+$ExchServer = Read-Host "Please Enter the FQDN of your Exchange Server"
+$ExchSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchServer/PowerShell/ -Authentication Kerberos -Credential (Get-Credential)
+Import-PSSession $ExchSession
+```
+
+## Create the device account
+
+```PowerShell
+New-Mailbox -UserPrincipalName Hub01@contoso.com -Alias Hub01 -Name "Hub 01" -Room -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String -AsPlainText -Force)
+```
+
+## Set automatic calendar processing
+
+```PowerShell
+Set-CalendarProcessing -Identity "HUB01@contoso.com" -AutomateProcessing AutoAccept -AddOrganizerToSubject $false –AllowConflicts $false –DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false -AddAdditionalResponse $true -AdditionalResponse "This room is equipped with a Surface Hub"
+```
+
+## Enable the Skype for Business object
+
+> [!NOTE]
+> It is important that you know the FQDN of the Skype for Business Registrar Pool.
+
+```PowerShell
+Enable-CsMeetingRoom -Identity Contoso\HUB01 -SipAddressType emailaddress -RegistrarPool SfbIEFE01.contoso.local
+```
+
+## Mobile Device Mailbox Policy
+
+You may need to create a Mobile Device Mailbox Policy (also known as ActiveSync Policy) to allow your Surface Hub to connect to your online or on-premises environment.
+
+## Create a Surface Hub mobile device mailbox policy
+
+```PowerShell
+New-MobileDeviceMailboxPolicy -Name “Surface Hubs” -PasswordEnabled $false
+```
+
+## Additional settings
+
+It is recommended to add a MailTip to Surface Hub rooms so users remember to make the meeting a Skype for Business or Teams meeting:
+
+```PowerShell
+Set-Mailbox "Surface Hub 2S" -MailTip "This is a Surface Hub room. Please make sure this is a Microsoft Teams meeting."
+```
diff --git a/devices/surface-hub/surface-hub-2s-onscreen-display.md b/devices/surface-hub/surface-hub-2s-onscreen-display.md
new file mode 100644
index 0000000000..da4712505e
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-onscreen-display.md
@@ -0,0 +1,39 @@
+---
+title: "Adjust Surface Hub 2S brightness, volume, and input"
+description: "Learn how to use the onscreen display to adjust brightness and other settings in Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/09/2019
+ms.localizationpriority: Medium
+---
+# Adjust Surface Hub 2S brightness, volume, and input
+
+Surface Hub 2S provides an on-screen display for volume, brightness, and input control. The Source button functions as a toggle key to switch between the volume, brightness, and input control menus.
+
+## To show the on-screen display
+
+- Press and hold the **Source** button for 4 seconds.
+
+ 
+
+ When the on-screen display is visible, use one or more buttons to reach desired settings.
+
+## To adjust volume
+
+- Use the **Volume up/down** button to increase or decrease volume.
+
+## To adjust brightness
+
+1. Press the **Source** button again to switch to the brightness menu.
+2. Use the **Volume up/down** button to increase or decrease brightness.
+
+## To adjust input
+
+1. Press the **Source** button twice to switch to the Source menu.
+2. Use the **Volume up/down** button to switch between PC, HDMI, and USB-C inputs.
diff --git a/devices/surface-hub/surface-hub-2s-pack-components.md b/devices/surface-hub/surface-hub-2s-pack-components.md
new file mode 100644
index 0000000000..287f43ec7b
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-pack-components.md
@@ -0,0 +1,85 @@
+---
+title: "How to pack and ship your Surface Hub 2S for service"
+description: "Instructions for packing Surface Hub 2S components, replacing the Compute cartridge, and replacing the camera"
+keywords: pack, replace components, camera, compute cartridge
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/1/2019
+ms.localizationpriority: Medium
+---
+
+# How to pack and ship your Surface Hub 2S for service
+
+If you replace your Surface Hub 2S, one of its components, or a related accessory, use the instructions in this article when you pack the device for shipment.
+
+>[!IMPORTANT]
+>When packing your device for shipment, make sure that you use the packaging in which your replacement device arrived.
+
+## How to pack your Surface Hub 2S 50”
+
+Use the following steps to pack your Surface Hub 2S 50" for shipment.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## How to replace and pack your Surface Hub 2S Compute Cartridge
+
+Use the following steps to remove the Surface Hub 2S Compute Cartridge, pack it for shipment, and install the new Compute Cartridge.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## How to replace your Surface Hub 2S Camera
+
+Use the following steps to remove the Surface Hub 2S camera and install the new camera.
+
+
+
+
diff --git a/devices/surface-hub/surface-hub-2s-phone-authenticate.md b/devices/surface-hub/surface-hub-2s-phone-authenticate.md
new file mode 100644
index 0000000000..f79bbca0d4
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-phone-authenticate.md
@@ -0,0 +1,43 @@
+---
+title: "Configure password-less phone sign-in for Surface Hub 2S"
+description: "Learn how to simplify signing in to Surface Hub 2S using password-less phone sign-in on your mobile device."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Configure password-less phone sign-in for Surface Hub 2S
+
+Password-less phone sign-in simplifies signing-in to your meetings and files on Surface Hub 2S.
+
+> [!NOTE]
+> Password-less phone sign-in requires that your primary email address must match your UPN.
+
+## To set up password-less phone sign-in
+
+1. Download the [Microsoft Authenticator](https://www.microsoft.com/account/authenticator) app for iPhone or Android to your phone.
+2. From your PC, go to [https://aka.ms/MFASetup](https://aka.ms/MFASetup) , sign in with your account, and select **Next.**
+3. In the Additional security verification screen, select Mobile App and Use verification code, and then select **Setup**.
+
+## To configure mobile app
+
+1. In the Microsoft authenticator app on your phone, add an account, choose **Work or School Account**, and then scan the QR code displayed on your PC
+2. Send a notification to your phone and then approve the sign-in request.
+3. In the Authenticator app on your phone, use the drop-down menu next to your account and select **Enable phone sign-in**.
+4. If required, register your device with your organization and follow the on-screen instructions.
+
+## To sign in to Surface Hub
+
+1. On Surface Hub, sign into **My meetings and files** and select **Send notification** when prompted.
+2. Match the number displayed on your phone with the number displayed on Surface Hub to approve your sign-in request.
+3. If prompted, enter the PIN or biometric ID on your phone to complete sign-in.
+
+## Learn more
+For more information, see [Password-less phone sign-in with the Microsoft Authenticator app](https://docs.microsoft.com/azure/active-directory/authentication/howto-authentication-phone-sign-in).
diff --git a/devices/surface-hub/surface-hub-2s-port-keypad-overview.md b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
new file mode 100644
index 0000000000..8a667d95ac
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-port-keypad-overview.md
@@ -0,0 +1,43 @@
+---
+title: "Surface Hub 2S ports and keypad overview"
+description: "This page describes the ports, physical buttons, and configuration information essential for connecting to Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S ports and keypad overview
+
+This page describes the ports, physical buttons, and configuration information essential for connecting to Surface Hub 2S whether via wired, Wi-Fi, or Bluetooth methods. It also includes best practice recommendations for key connectivity scenarios.
+
+> [!NOTE]
+> You can find the serial number on the outside of the packaging, on the display by the power cord, or by using the Surface app.
+
+The figure below shows the location of ports and physical buttons on a keypad attached to the underside of the device. The table includes detailed descriptions of each element.
+
+ 
+
+## Port and keypad component reference
+
+|**Key**|**Component**|**Description**|**Key parameters**|
+|:--- |:--------- |:----------- |:-------------- |
+| 1 | **USB C** | **USB 3.1 Gen 1** Use as a walk-up port for plugging in peripherals such as thumb-drives. Guest ports are on each side of the device (4).
*NOTE: This is the recommended port for connecting an external camera. Additional camera mount features are incorporated into the design to help support retention of attached cameras.*
NOTE: TouchBack and video ingest are not supported on these ports. | Type C
15 W Port (5V/3A) |
+| 2 | **AC power** | **100-240 V input** Connect to standard AC power and Surface Hub 2S will auto switch to the local power standard such as110 volts in the US and Canada or 220 volts in the UK. | IEC 60320 C14 |
+| 3 | **DC power** | **24V DC input port** Use for connecting to mobile battery. | Xbox1 Dual barrel to Anderson connector |
+| 4 | **Ethernet** | **1000/100/10 Base-T** Use for providing a continuous connection in a corporate environment and related scenarios requiring maximum stability or capacity. | RJ45 |
+| 5 | **USB-A** | **USB 3.1 Gen 1** Use as a walk-up port for plugging in peripherals such as thumb-drives. | Type A 7.5 W Port (5V/1.5A) |
+| 6 | **USB-C** | **USB 3.1 Gen 1** Use as a walk-up port for connecting external PCs and related devices or plugging in peripherals such as thumb-drives.
*NOTE: This is the recommended input port for video, TouchBack, and InkBack.* | Type C 18 W Port (5V/3A, 9V/2A) |
+| 7 | **HDMI-in** | **HDMI 2.0, HDCP 2.2 /1.4** Use for multiple scenarios including HDMI-to-HDMI guest input. | Standard HDMI |
+| 8 | **Mini DP-out** | **Mini DP 1.2 output** Use for video-out scenarios such as mirroring the Surface Hub 2S display to a larger projector.
*NOTE: This supports a maximum resolution of 3840 x 2160 (4K UHD) @60Hz.* | Mini DP |
+| 9 | **Source** | Use to toggle among connected ingest sources — external PC, HDMI, and Mini DP modes. | n/a |
+| 10 | **Volume** | Use +/- to adjust audio locally on the device.
*NOTE: When navigating to the brightness control, use +/- on the volume slider to control display brightness.* | n/a |
+| 11 | **Power** | Power device on/off. Use also to navigate display menus and select items. | n/a |
+
+ 
diff --git a/devices/surface-hub/surface-hub-2s-prepare-environment.md b/devices/surface-hub/surface-hub-2s-prepare-environment.md
new file mode 100644
index 0000000000..5f10258934
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-prepare-environment.md
@@ -0,0 +1,50 @@
+---
+title: "Prepare your environment for Surface Hub 2S"
+description: "Learn what you need to do to prepare your environment for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 11/21/2019
+ms.localizationpriority: Medium
+---
+
+# Prepare your environment for Surface Hub 2S
+
+## Office 365 readiness
+
+If you use Exchange Online, Skype for Business Online, Microsoft Teams, or Microsoft Whiteboard, and intend to manage Surface Hub 2S with Intune, first review the [Office 365 requirements for endpoints](https://docs.microsoft.com/office365/enterprise/office-365-endpoints).
+
+Office 365 endpoints help optimize your network by sending all trusted Office 365 network requests directly through your firewall, bypassing all additional packet-level inspection or processing. This feature reduces latency and your perimeter capacity requirements.
+
+Microsoft regularly updates the Office 365 service with new features and functionality, which may alter required ports, URLs, and IP addresses. To evaluate, configure, and stay up to date with changes, subscribe to the [Office 365 IP Address and URL Web service](https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service).
+
+## Device affiliation
+
+Use Device affiliation to manage user access to the Settings app on Surface Hub 2S.
+With the Windows 10 Team Edition operating system (that runs on Surface Hub 2S), only authorized users can adjust settings using the Settings app. Since choosing the affiliation can impact feature availability, plan appropriately to ensure that users can access features as intended.
+
+> [!NOTE]
+> You can only set Device affiliation during the initial out-of-box experience (OOBE) setup. If you need to reset Device affiliation, you’ll have to repeat OOBE setup.
+
+## No affiliation
+
+No affiliation is like having Surface Hub 2S in a workgroup with a different local Administrator account on each Surface Hub 2S. If you choose No affiliation, you must locally save the [BitLocker Key to a USB thumb drive](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-key-management-faq). You can still enroll the device with Intune; however, only the local admin can access the Settings app using the account credentials configured during OOBE. You can change the Administrator account password from the Settings app.
+
+## Active Directory Domain Services
+
+If you affiliate Surface Hub 2S with on-premises Active Directory Domain Services, you need to manage access to the Settings app using a security group on your domain. This helps ensure that all security group members have permissions to change settings on Surface Hub 2S. Also note the following:
+
+- When Surface Hub 2S affiliates with your on-premises Active Directory Domain Services, the BitLocker key can be saved in the Active Directory Schema. For more information, see [Prepare your organization for BitLocker: Planning and policies](https://docs.microsoft.com/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies).
+- Your organization’s Trusted Root CAs are pushed to the same container in Surface Hub 2S, which means you don’t need to import them using a provisioning package.
+- You can still enroll the device with Intune to centrally manage settings on your Surface Hub 2S.
+
+## Azure Active Directory
+
+When you choose to affiliate your Surface Hub 2S with Azure Active Directory (Azure AD), any user in the Global Admins Security Group can sign in to the Settings app on Surface Hub 2S. Currently, no other group can be delegated to sign in to the Settings app on Surface Hub 2S.
+
+If you enabled Intune Automatic Enrollment for your organization, Surface Hub 2S will automatically enroll itself with Intune. The device’s BitLocker key is automatically saved in Azure AD. When affiliating Surface Hub 2S with Azure AD, single sign-on and Easy Authentication will not work.
diff --git a/devices/surface-hub/surface-hub-2s-quick-start.md b/devices/surface-hub/surface-hub-2s-quick-start.md
new file mode 100644
index 0000000000..3d7f08641a
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-quick-start.md
@@ -0,0 +1,46 @@
+---
+title: "Surface Hub 2S quick start"
+description: "View the quick start steps to begin using Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S quick start
+
+## Unpack Surface Hub 2S
+
+1. Use the handles on each side of the box to move it to the space where you'll set it up.
+2. Before opening, remove the clips (4) on the front and back, and then lift the top off the box using the handles.
+3. In the base of the Surface Hub 2S, open the accessories box containing the setup guide, Surface Hub 2 pen, Surface Hub 2 camera, and the power cable.
+4. On the back of the Surface Hub, there's an instructional label showing you where to attach the mounting hardware. Install them in place and remove the label.
+
+See this video for more information about [unboxing and set up](https://youtu.be/fCrxdNXvru4).
+
+## Install and adjust pen
+
+1. Attach Surface Hub 2 pen magnetically to your preferred side of the device.
+
+
+
+2. To adjust pen pressure, open the Surface app on Surface Hub 2S, select Pen, and adjust the slider.
+
+
+
+## Install camera
+
+Remove the lens cling from the camera and attach it to the USB-C port on the top of the Surface Hub 2S.
+
+## Start Surface Hub 2S
+
+1. Insert the power cable into the back of the device and plug it into a power outlet. Run the cable through any cable guides on your mounting solution and remove the screen clang.
+2. To begin, press the power button on the bottom right.
+
+
diff --git a/devices/surface-hub/surface-hub-2s-recover-reset.md b/devices/surface-hub/surface-hub-2s-recover-reset.md
new file mode 100644
index 0000000000..af763b9e26
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-recover-reset.md
@@ -0,0 +1,69 @@
+---
+title: "Reset and recovery for Surface Hub 2S"
+description: "Learn how to recover and reset Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 12/05/2019
+ms.localizationpriority: Medium
+---
+
+# Reset and recovery for Surface Hub 2S
+
+If you encounter problems with Surface Hub 2S, you can reset the device to factory settings or restore by using a USB drive.
+
+To begin, sign in to Surface Hub 2S with admin credentials, open the **Settings** app, select **Update & security**, and then select **Recovery**.
+
+## Reset the device
+
+1. To reset the device, select **Get Started**.
+2. When the **Ready to reset this device** window appears, select **Reset**.
+ >[!NOTE]
+ >Surface Hub 2S reinstalls the operating system from the recovery partition. This may take up to one hour to complete.
+3. To reconfigure the device, run the first-time Setup program.
+4. If you manage the device using Microsoft Intune or another mobile device management solution, retire and delete the previous record, and then re-enroll the new device. For more information, see [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe).
+
+
+*Figure 1. Reset and recovery for Surface Hub 2S*
+
+## Recover Surface Hub 2S by using a USB recovery drive
+
+New in Surface Hub 2S, you can now reinstall the device by using a recovery image.
+
+### Recovery from a USB drive
+
+Using Surface Hub 2S, you can reinstall the device by using a recovery image. By doing this, you can reinstall the device to the factory settings if you lost the BitLocker key, or if you no longer have admin credentials to the Settings app.
+
+>[!NOTE]
+>Use a USB 3.0 drive with 8 GB or 16 GB of storage, formatted as FAT32.
+
+1. From a separate PC, download the .zip file recovery image from the [Surface Recovery website](https://support.microsoft.com/surfacerecoveryimage?devicetype=surfacehub2s) and then return to these instructions.
+1. Unzip the downloaded file onto the root of the USB drive.
+1. Connect the USB drive to any USB-C or USB-A port on Surface Hub 2S.
+1. Turn off the device:
+ 1. While holding down the Volume down button, press the Power button.
+ 1. Keep holding both buttons until you see the Windows logo.
+ 1. Release the Power button but continue to hold the Volume until the Install UI begins.
+
+ 
+ **Figure 2. Volume and Power buttons**
+
+1. On the language selection screen, select the display language for your Surface Hub 2S.
+1. Select **Recover from a drive** and **Fully clean the drive**, and then select **Recover**. If you're prompted for a BitLocker key, select **Skip this drive**. Surface Hub 2S reboots several times and takes approximately 30 minutes to complete the recovery process.
+
+When the first-time setup screen appears,remove the USB drive.
+
+## Recover a locked Surface Hub
+
+At the end of a session, Surface Hub 2S may occasionally encounter an error during the cleanup of user and app data at the end of a session. If this occurs, the device automatically reboots and resumes the data cleanup. However, if this operation repeatedly fails, the device automatically locks to protect user data.
+
+**To unlock a Surface Hub 2S:**
+- Reset or recover the device from the Windows Recovery Environment. For more information, see [What is Windows RE?](https://technet.microsoft.com/library/cc765966.aspx)
+
+> [!NOTE]
+> To enter recovery mode, unplug the power cord and plug it in again three times.
diff --git a/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
new file mode 100644
index 0000000000..8d0768ba93
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md
@@ -0,0 +1,68 @@
+---
+title: "Secure and manage Surface Hub 2S with SEMM"
+description: "Learn more about securing Surface Hub 2S with SEMM."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Secure and manage Surface Hub 2S with SEMM and UEFI
+
+New in Surface Hub 2S, you can use SEMM to manage the UEFI setting of the device.
+Use the Microsoft Surface UEFI Configurator to control the following components:
+
+- Wired LAN
+- Cameras
+- Bluetooth
+- Wi-Fi
+- Occupancy sensor
+
+Use the Microsoft Surface UEFI Configurator to turn on or off the following UEFI settings:
+
+- Boot
+
+ - IPv6 for PXE Boot
+ - Alternate Boot
+ - Boot Order Lock
+ - USB Boot
+- UEFI Front Page
+
+ - Devices
+ - Boot
+ - Date/Time
+
+## Create UEFI configuration image
+
+Unlike other Surface devices, you cannot use an MSI file or a Win PE image to apply these settings on Surface Hub 2S. Instead, you need to create a USB image to load into the device. To create a Surface Hub 2S UEFI configuration image, download and install the latest version of the Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center. For more information about using UEFI and SEMM, see [Microsoft Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode).
+
+## To configure UEFI on Surface Hub 2S
+
+1. Start the UEFI Configurator and on the first screen, choose **Configuration Package**.
+
+2. To add the certificate to your package, you must have a valid certificate with the private key in a .pfx file format to sign and protect the package. Select **+ Certificate Protection.**
+
+3. Enter the certificate’s private key’s password.
+
+4. After importing the private key, continue creating the package.
+
+5. Choose **Hub** and **Surface Hub 2S** as the target for the UEFI configuration package.
+
+6. Choose the components and settings you want to activate or deactivate on Surface Hub 2S.
+
+7. Use the USB option to export the file.
+
+8. Insert and choose the USB drive you’d like to use for this package. The USB drive will be formatted and you lose any information you have on it.
+
+9. Upon successful creation of the package, the Configurator will display the last two characters of your certificate’s thumbprint. You need these characters when you import to the configuration to Surface Hub 2S.
+
+
+## To boot into UEFI
+
+Turn off Surface Hub 2S. Press and hold the **Volume Up** button and press the **Power** Button. Keep holding the Volume Up button until the UEFI menu appears.
diff --git a/devices/surface-hub/surface-hub-2s-setup.md b/devices/surface-hub/surface-hub-2s-setup.md
new file mode 100644
index 0000000000..08318020fb
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-setup.md
@@ -0,0 +1,100 @@
+---
+title: "First time Setup for Surface Hub 2S"
+description: "Learn how to complete first time Setup for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 07/03/2019
+ms.localizationpriority: Medium
+---
+
+# First time Setup for Surface Hub 2S
+
+When you first start Surface Hub 2S, the device automatically enters first time Setup mode to guide you through account configuration and related settings.
+
+## Configuring Surface Hub 2S account
+
+1. **Configure your locale.** Enter region, language, keyboard layout and time zone information. Select **Next**.
+
+ 
+1. **Connect to a wireless network.** Choose your preferred wireless network and select **Next.**
+
+- This option is not shown if connected using an Ethernet cable.
+- You cannot connect to a wireless network in hotspots (captive portals) that redirect sign-in requests to a provider’s website.
+
+3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user\@example.com** for online environments. Select **Next.**
+
+ 
+1. **Enter additional info.** If requested, provide your Exchange server address and then select **Next.**
+
+ 
+
+1. **Name this device.** Enter a name for your device or use the suggested one based on your account’s display name and user principle name [UPN]. **Select Next**.
+
+- The **Friendly name** is visible on the bottom left corner of Surface Hub 2S and is shown when projecting to the device.
+
+- The **Device name** identifies the device when affiliated with Active Directory or Azure Active Directory, and when enrolling the device with Intune.
+
+ 
+
+## Configuring device admin accounts
+
+You can only set up device admins during first time Setup. For more information, refer to [Surface Hub 2S device affiliation](https://docs.microsoft.com/surface-hub/surface-hub-2s-prepare-environment#device-affiliation).
+
+ In the **Setup admins for this device** window, select one of the following options: Active Directory Domain Services, Azure Active Directory, or Local admin.
+
+ 
+
+### Active Directory Domain Services
+
+1. Enter the credentials of a user who has permissions to join the device to Active Directory.
+
+ 
+
+2. Select the Active Directory Security Group containing members allowed to log on to the Settings app on Surface Hub 2S.
+
+ 
+1. Select **Finish**. The device will restart.
+
+### Azure Active Directory
+
+When choosing to affiliate your device with Azure Active Directory, the device will immediately restart and display the following page. Select **Next**.
+
+
+
+1. Enter the email address or UPN of an account **with Intune Plan 1** or greater and then select **Next.**
+
+ 
+
+2. If redirected, authenticate using your organization’s sign-in page and provide additional logon information if requested. The device will restart.
+
+## Local Administrator account
+
+- Enter a username and password for your local admin. The device will restart.
+
+ 
+
+## Using provisioning packages
+
+If you insert a USB thumb drive with a provisioning package into one of the USB ports when you start Surface Hub 2S, the device displays the following page.
+
+1. Enter the requested settings and select **Set up**.
+
+ 
+
+ 
+2. Choose the provisioning package you’d like to use.
+
+ 
+
+3. If you created a multiple devices CSV file, you will be able to choose a device configuration. For more information, refer to [Create provisioning packages for Surface Hub 2S](https://docs.microsoft.com/surface-hub/surface-hub-2s-deploy#provisioning-multiple-devices-csv-file).
+
+
+ 
+
+4. Follow the instructions to complete first time Setup.
diff --git a/devices/surface-hub/surface-hub-2s-site-planning.md b/devices/surface-hub/surface-hub-2s-site-planning.md
new file mode 100644
index 0000000000..9b04ea0174
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-site-planning.md
@@ -0,0 +1,43 @@
+---
+title: "Surface Hub 2S site planning"
+description: "Learn more about rooms for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S site planning
+
+## Introduction
+
+Designed for team collaboration, Surface Hub 2S can transform the way you work — not only in the conference rooms but any place you want to work. One of the biggest advantages of Surface Hub 2S is the ability to move it from one space to another when used with the Steelcase Roam mobile stand and mobile battery. Providing unplugged, uninterrupted teamwork capabilities, Surface Hub 2S can be integrated into almost any workspace.
+
+## Room considerations
+
+Designed for interactive use in smaller conference rooms and huddle spaces, Surface Hub 2S provides a 4K camera, microphone array, crystal clear speakers, and a brilliant 4K+ resolution display. Optimizing the user experience in larger spaces with more people further away from the display may require peripherals such as an extra camera, microphone, or room systems solution such as Microsoft Teams Rooms.
+
+As a general guideline, install Surface Hub 2S in a space that meets the following criteria:
+
+- People can reach all four edges of the touchscreen.
+- The screen is not in direct sunlight, which could affect viewing or damage the screen.
+- Ventilation openings are not blocked.
+- Microphones are not affected by noise sources, such as fans or vents.
+- Space is well lit with no reflective sources.
+
+Whether mounted to a wall or installed on the mobile stand, the areas where you use the device should maintain:
+
+- Room temperatures no cooler than 10°C (50° F) and no hotter than 35°C (95° F).
+- Relative humidity no lower than 20 percent and no higher than 80 percent.
+
+For detailed room planning guidance and more information about Microsoft Teams Rooms see [Plan Microsoft Teams Rooms.](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0)
+
+## Managing Surface Hub 2S location
+
+If you plan to use Surface Hub 2S on a mobile stand, you may wish to explore third-party solutions that enable location services. For example, active RFID systems can provide real-time tracking throughout complex office or industrial spaces. For more information, see your A/V provider or other third-party expertise for guidance.
diff --git a/devices/surface-hub/surface-hub-2s-site-readiness-guide.md b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
new file mode 100644
index 0000000000..8db9d3818e
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-site-readiness-guide.md
@@ -0,0 +1,25 @@
+---
+title: "Surface Hub 2S site readiness guide"
+description: "Get familiar with site readiness requirements and recommendations for Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S site readiness guide
+
+|**Topic**|**Description**|
+|:-------|:-------|
+| [Site planning for Surface Hub 2S](surface-hub-2s-site-planning.md) | Review room considerations and planning for peripherals. |
+| [Surface Hub 2S quick start](surface-hub-2s-quick-start.md) | Get an overview of required steps to unpack and start Surface Hub 2S. |
+| [Install and mount Surface Hub 2S](surface-hub-2s-install-mount.md) | Learn about licensed accessories to install and mount Surface Hub 2S. |
+| [Customizing installation of Surface Hub 2S](surface-hub-2s-custom-install.md) | Learn how to custom install without licensed mounting accessories.|
+| [Surface Hub 2S ports and keypad overview](surface-hub-2s-port-keypad-overview.md) | Get details for I/O ports and keypad power and selection controls. |
+| [Connect to Surface Hub 2S](surface-hub-2s-connect.md) | Learn about wired and wireless methods to connect to Surface Hub.|
diff --git a/devices/surface-hub/surface-hub-2s-techspecs.md b/devices/surface-hub/surface-hub-2s-techspecs.md
new file mode 100644
index 0000000000..4e40f9ae25
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-techspecs.md
@@ -0,0 +1,45 @@
+---
+title: "Surface Hub 2S tech specs"
+description: "View tech specs for Surface Hub 2S including pen, camera, and optional mobile battery specifications."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+manager: laurawi
+ms.author: greglin
+audience: Admin
+ms.topic: article
+ms.date: 11/19/2019
+ms.localizationpriority: Medium
+---
+
+# Surface Hub 2S tech specs
+
+|**Item**|**Details**|
+|:------ |:--------- |
+|**Dimensions**| 29.2" x 43.2" x 3.0” (741 mm x 1097 mm x 76 mm) |
+|**Shipping dimensions**| 47.64" x 36.89" x 9.92" (1,210 mm x 937 mm x 252 mm)|
+|**Weight**| 61.6 lbs. (28 kg) |
+|**Shipping Weight**| 81.08 lbs. (36.77 kg) |
+|**Resolution**| 3840 x 2560 |
+|**Display**| PixelSense Display, 3:2 aspect ratio, 10-bit color, 15.5 mm border, anti-glare, IPS LCD |
+|**Processor**| Quad-core 8th Generation Intel Core i5 processor, 8 GB RAM, 128 GB SSD 1 |
+|**Graphics**| Intel UHD Graphics 620 |
+|**Wireless**| Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac compatible) Bluetooth Wireless 4.1 technology Miracast display |
+|**Connections**| USB-A Mini-DisplayPort 1.2 video output RJ45 gigabit Ethernet (1000/100/10 BaseT) HDMI video input (HDMI 2.0, HDCP 2.2 /1.4) USB-C with DisplayPort input Four USB-C (on display) |
+|**Sensors**| Doppler occupancy 2 Accelerometer Gyroscope |
+|**Audio/Video**| Full-range, front facing 3-way stereo speakers Full band 8-element MEMS microphone array Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree HFOV |
+|**Pen**| Microsoft Surface Hub 2 Pen (active) |
+|**Software**| Windows 10 Microsoft Teams for Surface Hub 3 Skype for Business Microsoft Whiteboard Microsoft Office (Mobile) Microsoft Power BI 2 |
+|**Exterior**| Casing: Precision machined aluminum with mineral-composite resin Color: Platinum Physical Buttons: Power, Volume, Source |
+|**What’s in the box**| One Surface Hub 2S One Surface Hub 2 Pen One Surface Hub 2 Camera 2.5 m AC Power Cable Quick Start Guide |
+|**Warranty**| 1-year limited hardware warranty |
+|**BTU**| 1518 BTU/hr |
+|**Input Voltage**| 50/60Hz 110/230v nominal, 90-265v max |
+|**Input power, operating**| 445 W (495 W Surge Load) |
+|**Input Current**| 5.46 A |
+|**Input Power, standby**| 5 W max |
+
+> [!NOTE]
+> 1 System software uses significant storage space. Available storage is subject to change based on system software updates and apps usage. 1 GB= 1 billion bytes. See Surface.com/Storage for more details. 2 Doppler sensor not available in Hong Kong, India, Kuwait, and Oman due to government regulations.
+ 3 Software license required for some features. Sold separately.
diff --git a/devices/surface-hub/surface-hub-2s-unpack.md b/devices/surface-hub/surface-hub-2s-unpack.md
new file mode 100644
index 0000000000..950a5caa6f
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-unpack.md
@@ -0,0 +1,36 @@
+---
+title: "Unpack Surface Hub 2S"
+description: "This page includes information about safely unpacking Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# Unpack Surface Hub 2S
+
+## Unpacking the Surface Hub 2S
+
+Before you remove Surface Hub 2S from the box, make sure that you have your mounting solution assembled and someone available to help you.
+
+1. Use the handles on each side of the box to move it to the space where you'll set it up.
+2. Before opening, remove the clips (4) on the front and back, and then lift the top off the box using the handles.
+3. In the base of the Surface Hub 2S, open the accessories box containing the setup guide, Surface Hub 2 pen, Surface Hub 2 camera, and the power cable.
+4. On the back of the surface hub, there's an instructional label that shows you where to attach the mounting hardware. Install them in place and remove the label.
+5. If you're using a mobile stand remember to lock the wheels to keep the stand in place
+6. Be sure to lift the Surface Hub 2S with both hands and support the bottom of the device.
+7. Align the installed hardware with the slots on the mount so it rests firmly in place.
+8. Follow any further instructions that came with your mounting solution.
+
+## Install pen and camera
+
+1. Unwrap your Surface Hub 2 pen and attach it magnetically to your preferred side of the device.
+2. Remove the lens cling from the camera and attach it to the USB-C port on the top of the Surface Hub 2S.
+3. Insert the power cable into the back of the device and plug it into a power outlet. Run the cable through any cable guides on your mounting solution and remove the screen clang.
+4. To begin, press the power button on the bottom right.
diff --git a/devices/surface-hub/surface-hub-2s-whats-new.md b/devices/surface-hub/surface-hub-2s-whats-new.md
new file mode 100644
index 0000000000..13d7eb06ce
--- /dev/null
+++ b/devices/surface-hub/surface-hub-2s-whats-new.md
@@ -0,0 +1,65 @@
+---
+title: "What's new in Surface Hub 2S for IT admins"
+description: "Learn more about new features in Surface Hub 2S."
+keywords: separate values with commas
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+audience: Admin
+ms.topic: article
+ms.date: 06/20/2019
+ms.localizationpriority: Medium
+---
+
+# What's new in Surface Hub 2S for IT admins
+
+Surface Hub 2S is an all-in-one collaboration canvas that’s built for teamwork delivering a digital whiteboard, meetings platform, and a Windows 10 computing experience in one device.
+
+|**Capability**|**Summary**|**Learn more**|
+|:-------|:------|:----|
+|**Mobile Device Management and UEFI manageability**| Manage settings and policies using a mobile device management (MDM) provider.
Full integration with Surface Enterprise Management Mode (SEMM) lets you manage hardware components and firmware. | [Managing Surface Hub 2S with Microsoft Intune](surface-hub-2s-manage-intune.md)
[Surface Enterprise Management Mode](https://docs.microsoft.com/surface/surface-enterprise-management-mode) |
+|**Cloud and on-premises coexistence**| Supports on-premises, hybrid, or online. | [Prepare your environment for Microsoft Surface Hub 2S](surface-hub-2s-prepare-environment.md) |
+|**Reset and recovery**| Restore from the cloud or USB drive. | [Recover and reset Surface Hub 2S](surface-hub-2s-recover-reset.md) |
+|**Microsoft Whiteboard**| Ofice 365 integration, intelligent ink, and Bing search bring powerful new capabilities, enabling a persistent digital canvas shareable across most browsers, Windows and iOS devices. | [Announcing a new whiteboard for your Surface Hub](https://techcommunity.microsoft.com/t5/Office-365-Blog/Announcing-a-new-Whiteboard-for-your-Surface-Hub/ba-p/637050) |
+|**Microsoft Teams Meeting Room License**| Extends Office 365 licensing options across Skype for Business, Microsoft Teams, and Intune. | [Teams Meeting Room Licensing Update](https://docs.microsoft.com/MicrosoftTeams/room-systems/skype-room-systems-v2-0) |
+|**On-screen display**| Adjust volume, brightness, and input control directly on the display. | |
+|**Sensor-activated Connected Standby**| Doppler sensor activates Connected Standby after 1 minute of inactivity.
Manage this setting remotely using Intune or directly on the device from the Settings app. | [Surface Hub 2S tech specs](surface-hub-2s-techspecs.md) |
+|**Surface Hub pen**| Ergonomically redesigned and easily attachable on the sides of the device. | |
+|**Surface app for Surface Hub 2S**| Change audio settings and view your device's information from the Surface app | |
+|**Ready for tomorrow**| Removable cartridge facilitates upgrading to new features. | |
+
+For more information about what’s new in Surface Hub 2S, see:
+
+- [Surface Hub 2S product site](https://www.microsoft.com/p/surface-hub-2S/8P62MW6BN9G4?activetab=pivot:overviewtab)
+- [Behind the Design Surface Hub 2S](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Behind-the-design-Surface-Hub-2S/ba-p/464099)
+
+## Surface Hub 2S compared with Surface Hub
+
+The following table details the differences between Surface Hub and Surface Hub 2S:
+
+|**Component**| **Surface Hub 55”**|**Surface Hub 84”**| **Surface Hub 2S**|
+|:----- |:---- |:---- |:----- |
+|**Form Factor**| 55” | 84” | 50” |
+|**Dimension**| 31.75” x 59.62” x 3.38” (806.4 mm x 1514.3 mm x 85.8 mm) | 46.12” x 86.7” x 4.15” (1171.5 mm x 2202.9 mm x 105.4 mm) | 29.2" x 43.2" x 3.0" (741 mm x 1097 mm x 76 mm) |
+|**Weight**| 105 lbs. (48 kg) | 280 lbs. (127 kg) | 61.6 lbs. (28 kg) |
+|**Display**| Resolution: 1920 x 1080 @ 120 Hz Contrast ratio: 1300:1 Touch: 100-point multi-touch Projective Capacitance optically bonded sensor | Resolution: 3840 x 2160 @ 120 Hz Contrast Ratio: 1400:1 Touch: 100-point multi-touch Projective Capacitance optically bonded sensor | Resolution: 3840 x 2560 @ 60 Hz |
+|**Aspect Ratio**| 16:9 | 16:9 | 3:2 |
+|**Storage**| SSD 128 GB | SSD 128 GB | SSD 128 GB |
+|**RAM**| 8 GB RAM | 8 GB RAM | 8 GB RAM |
+|**Processor**| 4th Generation Intel® Core i5 | 4th Generation Intel Core i7 | Quad-core 8th Generation Intel Core i5 processor |
+|**Graphics**| Intel HD 4600 | NVIDIA Quadro K2200 | Intel UHD Graphics 620 |
+|**Network**| Wi-Fi (802.11 a/b/g/n/ac) Ethernet 1 Gbps Bluetooth 4.0 low energy Miracast enabled | Wi-Fi (802.11 a/b/g/n/ac) Ethernet 1 Gbps Bluetooth 4.0 low energy Miracast enabled | Wi-Fi 5 (IEEE 802.11 a/b/g/n/ac) Ethernet 1 Gbps Bluetooth Wireless 4.1 technology Miracast Display |
+|**Ports**| (1) USB 3.0 (bottom) + (1) USB 3.0 (side access) (2) USB 2.0 DisplayPort Video Output 3.5 mm Stereo Out RJ11 Connector for system-level control
DisplayPort Video Input HDMI Video Input VGA Video Input 3.5 mm Stereo Input (1) USB 2.0 type B Touchback Output | (1) USB 3.0 (bottom) + (1) USB 3.0 (side access) (4) USB 2.0 DisplayPort Video Output 3.5 mm Stereo Out RJ11 Connector for system-level control
DisplayPort Video Input HDMI Video Input VGA Video Input 3.5 mm Stereo Input (1) USB 2.0 type B Touchback Output | (1) USB-A Mini-DisplayPort Video Output HDMI Video Input USB-C with DisplayPort Input (4) USB-C (on display) RJ45 Gigabit Ethernet |
+|**Sensors**| (2) Passive Infrared Presence Sensors, Ambient Light Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors | Doppler occupancy sensor, Accelerometer, Gyroscope |
+|**NFC**| NFC reader | NFC reader | N/A |
+|**Speakers**| (2) Front-facing stereo speakers | (2) Front-facing stereo speakers | Full range front facing 3-way stereo speakers |
+|**Microphone**| High-Performance, 4-Element Array | High-Performance, 4-Element Array | Full band 8-element MEMS microphone array |
+|**Camera**| (2) Wide angle HD cameras 1080p @ 30 fps | (2) Wide angle HD cameras 1080p @ 30 fps | (1) Microsoft Surface Hub 2 Camera, 4K, USB-C connection, 90-degree horizontal field of view |
+|**Pen**| (2) Powered, active, subpixel accuracy | (2) Powered, active, subpixel accuracy | (1) Microsoft Surface Hub 2 Pen (active) |
+|**Physical buttons**| Power, Input Select, Volume, Brightness | Power, Input Select, Volume, Brightness | Power, Volume, Source |
+|**Software**| Windows 10 + Office (Word, PowerPoint, Excel) | Windows 10 + Office (Word, PowerPoint, Excel) | Windows 10 + Office (Word, PowerPoint, Excel) |
+
+> [!NOTE]
+> The NFC reader available in the original Surface Hub is discontinued in Surface Hub 2S and is no longer available.
diff --git a/devices/surface-hub/surface-hub-authenticator-app.md b/devices/surface-hub/surface-hub-authenticator-app.md
index a068fe1fab..9ad0606641 100644
--- a/devices/surface-hub/surface-hub-authenticator-app.md
+++ b/devices/surface-hub/surface-hub-authenticator-app.md
@@ -3,10 +3,12 @@ title: Sign in to Surface Hub with Microsoft Authenticator
description: Use Microsoft Authenticator on your mobile device to sign in to Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 08/28/2017
+ms.reviewer:
+manager: dansimp
localizationpriority: medium
---
@@ -14,7 +16,6 @@ localizationpriority: medium
People in your organization can sign in to a Surface Hub without a password using the Microsoft Authenticator app, available on Android and iOS.
-
## Organization prerequisites
To let people in your organization sign in to Surface Hub with their phones and other devices instead of a password, you’ll need to make sure that your organization meets these prerequisites:
@@ -27,42 +28,40 @@ To let people in your organization sign in to Surface Hub with their phones and
-- Enable content hosting on Azure AD services such as Office online, SharePoint, etc.
+- Enable content hosting on Azure AD services such as Office, SharePoint, etc.
- Surface Hub must be running Windows 10, version 1703 or later.
- Surface Hub is set up with either a local or domain-joined account.
-Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD.
+Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs that are joined to Azure AD.
## Individual prerequisites
- An Android phone running 6.0 or later, or an iPhone or iPad running iOS9 or later
-- The most recent version of the Microsoft Authenticator app from the appropriate app store
+- The most recent version of the Microsoft Authenticator app from the appropriate app store
+
>[!NOTE]
>On iOS, the app version must be 5.4.0 or higher.
>
>The Microsoft Authenticator app on phones running a Windows operating system can't be used to sign in to Surface Hub.
-
+
- Passcode or screen lock on your device is enabled
- A standard SMTP email address (example: joe@contoso.com). Non-standard or vanity SMTP email addresses (example: firstname.lastname@contoso.com) currently don’t work.
-
## How to set up the Microsoft Authenticator app
>[!NOTE]
>If Company Portal is installed on your Android device, uninstall it before you set up Microsoft Authenticator. After you set up the app, you can reinstall Company Portal.
>
->If you have already set up Microsoft Authenticator on your phone and registered your device, go to the [sign-in instructions](#signin).
+>If you have already set up Microsoft Authenticator on your phone and registered your device, go to the sign-in instructions.
1. Add your work or school account to Microsoft Authenticator for Multi-Factor Authentication. You will need a QR code provided by your IT department. For help, see [Get started with the Microsoft Authenticator app](https://docs.microsoft.com/azure/multi-factor-authentication/end-user/microsoft-authenticator-app-how-to).
2. Go to **Settings** and register your device.
-1. Return to the accounts page and choose **Enable phone sign-in** from the account dropdown menu.
+3. Return to the accounts page and choose **Enable phone sign-in** from the account dropdown menu.
-
-
## How to sign in to Surface Hub during a meeting
1. After you’ve set up a meeting, go to the Surface Hub and select **Sign in to see your meetings and files**.
@@ -75,14 +74,13 @@ Currently, you cannot use Microsoft Authenticator to sign in to Surface Hubs tha
2. You’ll see a list of the people invited to the meeting. Select yourself (or the person who wants to sign in – make sure this person has gone through the steps to set up their device before your meeting), and then select **Continue**.
-
+
You'll see a code on the Surface Hub.
-
+
-
+
3. To approve the sign-in, open the Authenticator app, enter the four-digit code that’s displayed on the Surface Hub, and select **Approve**. You will then be asked to enter the PIN or use your fingerprint to complete the sign in.
-
-You can now access all files through the OneDrive app.
+You can now access all files through the OneDrive app.
\ No newline at end of file
diff --git a/devices/surface-hub/surface-hub-downloads.md b/devices/surface-hub/surface-hub-downloads.md
index 689358891c..5e5073588a 100644
--- a/devices/surface-hub/surface-hub-downloads.md
+++ b/devices/surface-hub/surface-hub-downloads.md
@@ -3,25 +3,25 @@ title: Useful downloads for Microsoft Surface Hub
description: Downloads related to the Microsoft Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 08/22/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
# Useful downloads for Microsoft Surface Hub
-This topic provides links to useful Surface Hub documents, such as product datasheets, the site readiness guide, and user's guide.
+This topic provides links to useful Surface Hub documents, such as product datasheets and user's guide.
| Link | Description |
| --- | --- |
-| [Surface Hub Site Readiness Guide (PDF)](https://download.microsoft.com/download/3/8/8/3883E991-DFDB-4E70-8D28-20B26045FC5B/Surface-Hub-Site-Readiness-Guide_EN.pdf) | Make sure your site is ready for Surface Hub, including structural and power requirements, and get technical specs for Surface Hub. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov) |
| [Surface Hub Setup Guide (English, French, Spanish) (PDF)](https://download.microsoft.com/download/0/1/6/016363A4-8602-4F01-8281-9BE5C814DC78/Setup-Guide_EN-FR-SP.pdf) | Get a quick overview of how to set up the environment for your new Surface Hub. |
| [Surface Hub Quick Reference Guide (PDF)](https://download.microsoft.com/download/9/E/E/9EE660F8-3FC6-4909-969E-89EA648F06DB/Surface%20Hub%20Quick%20Reference%20Guide_en-us.pdf) | Use this quick reference guide to get information about key features and functions of the Surface Hub. |
| [Surface Hub User Guide (PDF)](https://download.microsoft.com/download/3/6/B/36B6331E-0C63-4E71-A05D-EE88D05081F8/surface-hub-user-guide-en-us.pdf) | Learn how to use Surface Hub in scheduled or ad-hoc meetings. Invite remote participants, use the built-in tools, save data from your meeting, and more. |
| [Surface Hub Replacement PC Drivers](https://www.microsoft.com/download/details.aspx?id=52210) | The Surface Hub Replacement PC driver set is available for those customers who have chosen to disable the Surface Hub’s internal PC and use an external computer with their 84” or 55” Surface Hub. This download is meant to be used with the Surface Hub Admin Guide , which contains further details on configuring a Surface Hub Replacement PC. |
-| [Surface Hub SSD Replacement Guide (PDF)](https://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf) | Learn how to replace the solid state drive (SSD) for the 55- and 84-inch Surface Hub. |
| [Microsoft Surface Hub Rollout and Adoption Success Kit (ZIP)](https://download.microsoft.com/download/F/A/3/FA3ADEA4-4966-456B-8BDE-0A594FD52C6C/Surface_Hub_Adoption_Kit_Final_0519.pdf) | Best practices for generating awareness and implementing change management to maximize adoption, usage, and benefits of Microsoft Surface Hub. The Rollout and Adoption Success Kit zip file includes the Rollout and Adoption Success Kit detailed document, Surface Hub presentation, demo guidance, awareness graphics, and more. |
| [Unpacking Guide for 84-inch Surface Hub (PDF)](https://download.microsoft.com/download/5/2/B/52B4007E-D8C8-4EED-ACA9-FEEF93F6055C/84_Unpacking_Guide_English_French-Spanish.pdf) | Learn how to unpack your 84-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/75/2b/752b73dc-6e9d-4692-8ba1-0f9fc03bff6b.mov?n=04.07.16_installation_video_03_unpacking_84.mov) |
| [Unpacking Guide for 55-inch Surface Hub (PDF)](https://download.microsoft.com/download/2/E/7/2E7616A2-F936-4512-8052-1E2D92DFD070/55_Unpacking_Guide_English-French-Spanish.PDF) | Learn how to unpack your 55-inch Surface Hub efficiently and safely. [Watch the video (opens in a pop-up media player)](http://compass.xbox.com/assets/a9/d6/a9d6b4d7-d33f-4e8b-be92-28f7fc2c06d7.mov?n=04.07.16_installation_video_02_unpacking_55.mov) |
diff --git a/devices/surface-hub/surface-hub-qos.md b/devices/surface-hub/surface-hub-qos.md
new file mode 100644
index 0000000000..105a188ae1
--- /dev/null
+++ b/devices/surface-hub/surface-hub-qos.md
@@ -0,0 +1,53 @@
+---
+title: Implement Quality of Service on Surface Hub
+ms.reviewer:
+manager: dansimp
+description: Learn how to configure QoS on Surface Hub.
+ms.prod: surface-hub
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Implement Quality of Service (QoS) on Surface Hub
+
+Quality of Service (QoS) is a combination of network technologies that allows the administrators to optimize the experience of real time audio/video and application sharing communications.
+
+Configuring [QoS for Skype for Business](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp) on the Surface Hub can be done using your [mobile device management (MDM) provider](manage-settings-with-mdm-for-surface-hub.md) or through a [provisioning package](provisioning-packages-for-surface-hub.md).
+
+
+This procedure explains how to configure QoS for Surface Hub using Microsoft Intune.
+
+1. In Intune, [create a custom policy](https://docs.microsoft.com/intune/custom-settings-configure).
+
+ 
+
+2. In **Custom OMA-URI Settings**, select **Add**. For each setting that you add, you will enter a name, description (optional), data type, OMA-URI, and value.
+
+ 
+
+3. Add the following custom OMA-URI settings:
+
+ Name | Data type | OMA-URI ./Device/Vendor/MSFT/NetworkQoSPolicy | Value
+ --- | --- | --- | ---
+ Audio Source Port | String | /HubAudio/SourcePortMatchCondition | Get the values from your Skype administrator
+ Audio DSCP | Integer | /HubAudio/DSCPAction | 46
+ Video Source Port | String | /HubVideo/SourcePortMatchCondition | Get the values from your Skype administrator
+ Video DSCP | Integer | /HubVideo/DSCPAction | 34
+ Audio Process Name | String | /HubAudio/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe
+ Video Process Name | String | /HubVideo/AppPathNameMatchCondition | Microsoft.PPISkype.Windows.exe
+
+ >[!IMPORTANT]
+ >Each **OMA-URI** path begins with `./Device/Vendor/MSFT/NetworkQoSPolicy`. The full path for the audio source port setting, for example, will be `./Device/Vendor/MSFT/NetworkQoSPolicy/HubAudio/SourcePortMatchCondition`.
+
+
+
+
+4. When the policy has been created, [deploy it to the Surface Hub.](manage-settings-with-mdm-for-surface-hub.md#manage-surface-hub-settings-with-mdm)
+
+
+>[!WARNING]
+>Currently, you cannot configure the setting **IPProtocolMatchCondition** in the [NetworkQoSPolicy CSP](https://docs.microsoft.com/windows/client-management/mdm/networkqospolicy-csp). If this setting is configured, the policy will fail to apply.
+
diff --git a/devices/surface-hub/surface-hub-recovery-tool.md b/devices/surface-hub/surface-hub-recovery-tool.md
index e6e0eeb5c1..75feb89fc2 100644
--- a/devices/surface-hub/surface-hub-recovery-tool.md
+++ b/devices/surface-hub/surface-hub-recovery-tool.md
@@ -2,11 +2,13 @@
title: Using the Surface Hub Recovery Tool
description: How to use the Surface Hub Recovery Tool to re-image the SSD.
ms.assetid: FDB6182C-1211-4A92-A930-6C106BCD5DC1
+ms.reviewer:
+manager: dansimp
keywords: manage Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 05/22/2018
ms.localizationpriority: medium
@@ -16,10 +18,10 @@ ms.localizationpriority: medium
The [Microsoft Surface Hub Recovery Tool](https://www.microsoft.com/download/details.aspx?id=52210) helps you re-image your Surface Hub Solid State Drive (SSD) using a Windows 10 desktop device, without calling support or replacing the SSD. With this tool, you can reimage an SSD that has an unknown Administrator password, boot errors, was unable to complete a cloud recovery, or for a device that has an older version of the operating system. The tool will not fix physically damaged SSDs.
-To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](https://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf).
+To re-image the Surface Hub SSD using the Recovery Tool, you'll need to remove the SSD from the Surface Hub, connect the drive to the USB-to-SATA cable, and then connect the cable to the desktop PC on which the Recovery Tool is installed. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md).
->[!IMPORTANT]
->Do not let the device go to sleep or interrupt the download of the image file.
+> [!IMPORTANT]
+> Do not let the device go to sleep or interrupt the download of the image file.
If the tool is unsuccessful in reimaging your drive, please contact [Surface Hub Support](https://support.microsoft.com/help/4037644/surface-contact-surface-warranty-and-software-support).
@@ -73,7 +75,7 @@ Install Surface Hub Recovery Tool on the host PC.
-5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, please refer to the [Surface Hub SSD Replacement Guide (PDF)](https://download.microsoft.com/download/1/F/2/1F202254-7156-459F-ABD2-39CF903A25DE/surface-hub-ssd-replacement-guide_en-us.pdf).
+5. When the download is complete, the tool instructs you to connect an SSD drive. If the tool is unable to locate the attached drive, there is a good chance that the cable being used is not reporting the name of the SSD to Windows. The imaging tool must find the name of the drive as "LITEON L CH-128V2S USB Device" before it can continue. For more information on how to remove the existing drive from your Surface Hub, see [Surface Hub SSD replacement](surface-hub-ssd-replacement.md).
@@ -91,7 +93,7 @@ Install Surface Hub Recovery Tool on the host PC.
Issue | Notes
--- | ---
-The tool fails to image the SSD | Make sure you are using a factory-supplied SSD and one of the tested cables.
+The tool fails to image the SSD | Make sure you are using a factory-supplied SSD and one of the tested cables.
The reimaging process appears halted/frozen | It is safe to close and restart the Surface Hub Recovery Tool with no ill effect to the SSD.
The drive isn’t recognized by the tool | Verify that the Surface Hub SSD is enumerated as a Lite-On drive, "LITEON L CH-128V2S USB Device". If the drive is recognized as another named device, your current cable isn’t compatible. Try another cable or one of the tested cable listed above.
Error: -2147024809 | Open Disk Manager and remove the partitions on the Surface Hub drive. Disconnect and reconnect the drive to the host machine. Restart the imaging tool again.
diff --git a/devices/surface-hub/surface-hub-site-readiness-guide.md b/devices/surface-hub/surface-hub-site-readiness-guide.md
new file mode 100644
index 0000000000..d12281f55b
--- /dev/null
+++ b/devices/surface-hub/surface-hub-site-readiness-guide.md
@@ -0,0 +1,138 @@
+---
+title: Surface Hub Site Readiness Guide
+ms.reviewer:
+manager: laurawi
+description: Use this Site Readiness Guide to help plan your Surface Hub installation.
+ms.prod: surface-hub
+ms.sitesec: library
+author: greg-lindsay
+ms.author: greglin
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub Site Readiness Guide
+
+Use this Site Readiness Guide to help plan your Surface Hub installation. In this guide, you’ll find:
+- Site readiness topics
+- Detailed hardware specifications on power, ports, and cables
+- Recommendations for moving and storage
+- Links to guidance on unpacking and mounting
+
+## Site readiness planning
+
+The room needs to be large enough to provide good viewing angles, but small enough for the microphones to pick up clear signals from the people in the room. Most rooms that are about 22 feet (seven meters) long will provide a good meeting experience. In the conference area, mount Surface Hub where:
+
+- Everyone in the room can see it.
+- People can reach all four edges of the touchscreen.
+- The screen is not in direct sunlight, which could affect viewing or damage the screen.
+- Ventilation openings are not blocked.
+- Microphones are not affected by noise sources, such as fans or vents.
+You can find more details in the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections. For cleaning, care, and safety information, see the mounting guides and user guide at https://www.microsoft.com/surface/support/surface-hub.
+
+### Hardware considerations
+
+Surface Hub arrives with:
+- Two Microsoft Surface Hub pens
+- A Microsoft wireless keyboard, customized for Surface Hub
+- A 9-foot NEMA 5-15P (US Standard) to C13 power cable
+
+You’ll need to provide:
+- Cat-5e or Cat-6 network cables
+- Display cables (optional)
+- Audio cable (optional)
+- Type A to B USB cable (optional)
+
+For details about cable ports, see the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections. For details about cables, see [Wired Connect](#wired).
+
+Microsoft Surface Hub has an internal PC and does not require an external computer system.
+
+For power recommendations, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md). For power cable safety warnings, see the mounting guides at https://www.microsoft.com/surface/support/surface-hub.
+
+### Data and other connections
+
+To use Surface Hub, you need an active Ethernet port and a standard power outlet. In addition, you may want to:
+
+- Equip the conference table for Wired Connect.
+- Expand the wall outlet configuration to include:
+ - Additional AC outlets
+ - Ethernetports
+ - Audio ports
+ - Video ports (DisplayPort, HDMI, VGA, etc.)
+
+
+## When Surface Hub arrives
+
+Surface Hub is large and heavy, so let Receiving know when it will arrive and what they should do to handle it safely. For details on the packing weights and other specifications, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md).
+
+Consider the following:
+- Wait to unpack Surface Hub from the shipping container until you’ve moved it to the conference area where you plan to install it.
+- Make sure your loading dock can accept a shipment on a pallet and hold it securely until it can be installed.
+- Check for local labor union rules that would require you to use union labor to unload or move Surface Hub.
+- Do not leave Surface Hub in a hot or humid environment. As with any computer-based or display equipment, heat and humidity can damage Surface Hub. The recommended storage temperatures are 32°F to 95°F with a relative humidity of less than 70 percent.
+
+### Moving Surface Hub
+
+Before you move Surface Hub, make sure that all the doorways, thresholds, hallways, and elevators are big enough to accommodate it. For information on the dimensions and weight of your Surface Hub in its shipping container, see [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md).
+
+### Unpacking Surface Hub
+
+For unpacking information, refer to the unpacking guide included in the shipping container. You can open the unpacking instructions before you open the shipping container. These instructions can also be found here: https://www.microsoft.com/surface/support/surface-hub
+
+>[!IMPORTANT]
+>Retain and store all Surface Hub shipping materials—including the pallet, container, and screws—in case you need to ship Surface Hub to a new location or send it
+for repairs. For the 84” Surface Hub, retain the lifting handles.
+
+### Lifting Surface Hub
+
+The 55” Surface Hub requires two people to safely lift and mount. The 84” Surface Hub requires four people to safely lift and mount. Those assisting must be able to lift 70 pounds to waist height. Review the unpacking and mounting guide for details on lifting Surface Hub. You can find it at https://www.microsoft.com/surface/support/surface-hub.
+
+## Mounting and setup
+
+See your mounting guide at https://www.microsoft.com/surface/support/surface-hub for detailed instructions.
+
+There are three ways to mount your Surface Hub:
+
+- **Wall mount**: Lets you permanently hang Surface Hub on a conference space wall.
+- **Floor support mount**: Supports Surface Hub on the floor while it is permanently anchored to a conference space wall.
+- **Rolling stand**: Supports Surface Hub and lets you move it to other conference locations. For links to guides that provide details about each mounting method, including building requirements, see https://www.microsoft.com/surface/support/surface-hub.
+
+For specifications on available mounts for the original Surface Hub, see the following:
+
+- [Surface Hub Mounts and Stands Datasheet](https://download.microsoft.com/download/5/0/1/501F98D9-1BCC-4448-A1DB-47056CEE33B6/20160711_Surface_Hub_Mounts_and_Stands_Datasheet.pdf)
+- [Surface Hub Stand and Wall Mount Specifications](https://download.microsoft.com/download/7/A/7/7A75BD0F-5A46-4BCE-B313-A80E47AEB581/20160720_Combined_Stand_Wall_Mount_Drawings.pdf)
+
+## The Connect experience
+
+Connect lets people project their laptop, tablet, or phone to the Surface Hub screen. Connect allows wireless or wired connection types.
+
+#### Wireless connect
+
+Since wireless connect is based on Miracast, you don’t need cables or additional setup planning to use it. Your users can load Miracast on most Miracast-enabled Windows 8.1 and Windows 10 devices. Then they can project their display from their computer or phone to the Surface Hub screen.
+
+
+#### Wired connect
+
+With wired connect, a cable transmits information from computers, tablets, or phones to Surface Hub. There are three video cable options, and they all use the same USB 2.0 cable. The cable bundle can include one or all of these connection options.
+
+- DisplayPort (DisplayPort cable + USB 2.0 cable)
+- HDMI (HDMI cable + USB 2.0 cable)
+- VGA (VGA cable + 3.5mm audio cable + USB 2.0 cable)
+
+For example, to provide audio, video, and touchback capability to all three video options, your Wired Connect cable bundle must include:
+
+- A DisplayPort cable
+- An HDMI cable
+- A VGA cable
+- A USB 2.0 cable
+- A 3.5mm cable
+
+When you create your wired connect cable bundles, check the [55” Microsoft Surface Hub technical information](surface-hub-technical-55.md) or [84” Microsoft Surface Hub technical information](surface-hub-technical-84.md) sections for specific technical and physical details and port locations for each type of Surface Hub. Make the cables long enough to reach from Surface Hub to where the presenter will sit or stand.
+
+For details on Touchback and Inkback, see the user guide at https://www.microsoft.com/surface/support/surface-hub.
+
+
+
+## See also
+
+[Watch the video (opens in a pop-up media player)](https://compass.xbox.com/assets/27/aa/27aa7dd7-7cb7-40ea-9bd6-c7de0795f68c.mov?n=04.07.16_installation_video_01_site_readiness.mov)
diff --git a/devices/surface-hub/surface-hub-ssd-replacement.md b/devices/surface-hub/surface-hub-ssd-replacement.md
new file mode 100644
index 0000000000..7896a7d634
--- /dev/null
+++ b/devices/surface-hub/surface-hub-ssd-replacement.md
@@ -0,0 +1,54 @@
+---
+title: Surface Hub SSD replacement
+ms.reviewer:
+manager: dansimp
+description: Learn how to replace the solid state drive in a Surface Hub.
+ms.prod: surface-hub
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub SSD replacement
+
+You might need to remove the solid state drive (SSD) from your Surface Hub so that you can reimage it using the [Surface Hub Recovery Tool](surface-hub-recovery-tool.md) or because you've been sent a replacement drive. You would reimage your SSD when the operating system is no longer bootable, such as from a Windows update failure, BitLocker issues, reset failure, or hardware failure.
+
+
+>[!WARNING]
+>Make sure the Surface Hub is turned off at the AC switch.
+
+1. Locate the SSD compartment door on the rear, upper portion of the Surface Hub in the locations illustrated below. The door is identifiable as it doesn't have open ventilation slots.
+
+ 
+
+ *Surface Hub hard drive locations*
+
+2. Locate the locking tab on the hard drive compartment door. On the Surface Hub 55, the locking tab will be located on the left-hand side of the door. On the Surface Hub 84, it will be on the right-hand side as shown in the illustration.
+
+ 
+
+ *Locking tab on hard drive compartment door*
+
+3. Lift open the compartment door to access the hard drive.
+
+ 
+
+ *Lift compartment door*
+
+4. Locate the pull tab, which may be partially hidden under the rear cover. Pull on the tab to eject the hard drive from the compartment.
+
+ 
+
+ *Pull tab*
+
+5. Slide the replacement drive into place until you hear it click.
+
+ 
+
+ *Slide replacement drive into place*
+
+6. Close the compartment door.
+
+7. Apply power to the Surface Hub.
diff --git a/devices/surface-hub/surface-hub-start-menu.md b/devices/surface-hub/surface-hub-start-menu.md
index dbd5b02e92..468e0d3329 100644
--- a/devices/surface-hub/surface-hub-start-menu.md
+++ b/devices/surface-hub/surface-hub-start-menu.md
@@ -3,10 +3,12 @@ title: Configure Surface Hub Start menu
description: Use MDM to customize the Start menu on Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: greg-lindsay
+ms.author: greglin
ms.topic: article
-ms.date: 01/17/2018
+ms.date: 08/15/2018
+ms.reviewer:
+manager: laurawi
ms.localizationpriority: medium
---
@@ -100,13 +102,12 @@ There are a few key differences between Start menu customization for Surface Hub
-
```
## Example: Start layout that includes a Microsoft Edge link
-This example shows a link to a website and a link to a .pdf file.
+This example shows a link to a website and a link to a .pdf file. The secondary tile for Microsoft Edge uses a 150 x 150 pixel icon.
```xml
@@ -164,10 +165,10 @@ This example shows a link to a website and a link to a .pdf file.
TileID="6153963000"
DisplayName="cstrtqbiology.pdf"
Arguments="-contentTile -formatVersion 0x00000003 -pinnedTimeLow 0x45b7376e -pinnedTimeHigh 0x01d2356c -securityFlags 0x00000000 -tileType 0x00000000 -url 0x0000003a https://www.ada.gov/regs2010/2010ADAStandards/Guidance_2010ADAStandards.pdf"
- Square150x150LogoUri="ms-appx:///"
+ Square150x150LogoUri="ms-appx:///Assets/MicrosoftEdgeSquare150x150.png"
Wide310x150LogoUri="ms-appx:///"
- ShowNameOnSquare150x150Logo="true"
- ShowNameOnWide310x150Logo="true"
+ ShowNameOnSquare150x150Logo="true"
+ ShowNameOnWide310x150Logo="false"
BackgroundColor="#ff4e4248"
Size="4x2"
Row="4"
@@ -177,14 +178,7 @@ This example shows a link to a website and a link to a .pdf file.
-
```
>[!NOTE]
->Microsoft Edge tile logos won't appear on secondary tiles because they aren't stored in Surface Hub.
->
>The default value for `ForegroundText` is light; you don't need to include `ForegroundText` in your XML unless you're changing the value to dark.
-
-## More information
-
-- [Blog post: Changing Surface Hub’s Start Menu](https://blogs.technet.microsoft.com/y0av/2018/02/13/47/)
diff --git a/devices/surface-hub/surface-hub-technical-55.md b/devices/surface-hub/surface-hub-technical-55.md
new file mode 100644
index 0000000000..6abc46e411
--- /dev/null
+++ b/devices/surface-hub/surface-hub-technical-55.md
@@ -0,0 +1,153 @@
+---
+title: Technical information for 55" Surface Hub
+ms.reviewer:
+manager: dansimp
+description: Specifications for the 55" Surface Hub
+ms.prod: surface-hub
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Technical information for 55" Surface Hub
+
+## Measurements
+
+|
+--- | ---
+Pricing | Starting at $8,999
+Size | 31.75” x 59.62” x 3.38” (806.4mm x 1514.3mm x 85.8mm)
+Storage/RAM | SSD 128GB with 8GB RAM
+Processor | 4th Generation Intel® Core™ i5
+Graphics | Intel® HD 4600
+Ports | **Internal PC** • (1) USB 3.0 (bottom) + (1) USB 3.0 (side access) • (2) USB 2.0 • Ethernet 1000 Base-T • DisplayPort • Video Output • 3.5mm Stereo Out • RJ11 Connector for system-level control **Alternate PC** • (2) USB 2.0 type B output • Connection for Camera, Sensors, Microphone, Speakers • (1) DisplayPort Video Input **Guest PC** • DisplayPort Video Input • HDMI Video Input • VGA Video Input • 3.5mm Stereo Input • (1) USB 2.0 type B Touchback™ Output
+Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors
+Speakers | (2) Front-facing stereo speakers
+Microphone | High-Performance, 4-Element Array
+Camera | (2) Wide angle HD cameras 1080p @ 30fps
+Pen | (2) Powered, active, subpixel accuracy
+Physical side buttons | Power, Input Select, Volume, Brightness
+Software | Windows 10 + Office (Word, PowerPoint, Excel)
+What’s in the box | • Surface Hub 55” • (2) Surface Hub Pens • Power Cable • Setup Guide • Start Guide • Safety and Warranty documents • Wireless All-in-One Keyboard
+Mounting features | 4X VESA standard, 400mm x 400mm plus 1150mm x 400mm pattern, 8X M6 X 1.0 threaded mounting locations
+Display height from floor | Recommended height of 55 inches (139.7 cm) to center of screen
+Product weight | Approx. 105 lb. (47.6 kg) without accessories
+Product shipping weight | Approx. 150 lb. (68 kg)
+Product dimensions HxWxD | 31.63 x 59.62 x 3.2 inches (80.34 x 151.44 x 8.14 cm)
+Product shipping dimensions HxWxD | 43 x 65 x 20 inches (109 x 165 x 51 cm)
+Product thickness | Touch surface to mounting surface: ≤ 2.4 inches (6 cm)
+Orientation | Landscape only. Display cannot be used in a portrait orientation.
+BTU | 1706 BTU/h
+Image resolution | 1920 x 1080
+Frame rate | 120Hz
+EDID preferred timing, replacement PC | 1920 x 1080, 120Hz vertical refresh
+EDID preferred timing, wired connect | 1920 x 1080, 60Hz vertical refresh
+Input voltage | (50/60Hz) 110/230v nominal, 90-265v max
+Input power, operating | 500W max
+Input power, standby | 5W nominal
+
+
+## Replacement PC connections
+
+Connector and location | Label | Description
+--- | --- | ---
+Switch, bottom I/O |  | Switches the function between using internal PC or external PC.
+Display port, bottom I/O |  | Provides input for replacement PC.
+USB type B, bottom I/O |  | Provides USB connection for replacement PC to internal peripherals.
+USB type B, bottom I/O |  | Provides USB connection for integrated hub.
+
+
+## Wired connect connections
+
+Connector and location | Label | Description
+--- | --- | ---
+Display port, bottom I/O |  | Provides input for wired connect PC.
+HDMI, bottom I/O |  | Provides HDMI input for wired connect PC.
+VGA, bottom I/O |  | Provides VGA input for wired connect PC.
+3.5mm, bottom I/O |  | Provides analog audio input.
+USB type B, bottom I/O |  | Provides USB connection for video ingest touchback.
+
+## Additional connections
+
+Connector and location | Label | Description
+--- | --- | ---
+USB type A, side I/O |  | Provides 1 USB 3.0 connection for USB devices. Wake-on USB capable.
+USB type A, bottom I/O with blue insulator |  | Provides USB 3.0 connection.
+3.5mm, bottom I/O |  | Provides analog audio out.
+Display port, bottom I/O |  | Provides mirrored video out function to another display.
+IEC/EN60320-C13 receptacle with hard switch |  | Provides AC input and compliance with EU power requirements.
+RJ45, bottom I/O |  | Connects to Ethernet.
+RJ11, bottom I/O |  | Connects to room control systems.
+
+
+
+
+
+
+
+## Diagrams of ports and clearances
+
+***Top view of 55" Surface Hub***
+
+
+
+---
+
+
+***Front view of 55" Surface Hub***
+
+
+
+
+---
+
+***Bottom view of 55" Surface Hub***
+
+
+
+
+---
+
+***Replacement PC ports on 55" Surface Hub***
+
+
+
+
+---
+
+***Keypad on right side of 55" Surface Hub***
+
+
+
+
+---
+
+***Rear view of 55" Surface Hub***
+
+
+
+
+---
+
+***Clearances for 55" Surface Hub***
+
+
+
+---
+
+
+***Front and bottom handholds and clearances for 55" Surface Hub***
+
+
+
+
+---
+
+
+***Rear handholds and clearances for 55" Surface Hub***
+
+
+
+
diff --git a/devices/surface-hub/surface-hub-technical-84.md b/devices/surface-hub/surface-hub-technical-84.md
new file mode 100644
index 0000000000..0ba7d45aa1
--- /dev/null
+++ b/devices/surface-hub/surface-hub-technical-84.md
@@ -0,0 +1,159 @@
+---
+title: Technical information for 84" Surface Hub
+ms.reviewer:
+manager: dansimp
+description: Specifications for the 84" Surface Hub
+ms.prod: surface-hub
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Technical information for 84" Surface Hub
+
+## Measurements
+
+|
+--- | ---
+Pricing | Starting at $21,999
+Size | 46.12” x 86.7” x 4.15” (1171.5mm x 2202.9mm x 105.4mm)
+Storage/RAM | SSD 128GB with 8GB RAM
+Processor | 4th Generation Intel® Core™ i7
+Graphics | NVIDIA Quadro K2200
+Ports | **Internal PC** • (1) USB 3.0 (bottom) + (1) USB 3.0 (side access) • (4) USB 2.0 • Ethernet 1000 Base-T • DisplayPort Video Output • 3.5mm Stereo Out • RJ11 Connector for system-level control **Alternate PC** • (2) USB 2.0 type B output • connection for Camera, Sensors, Microphone, Speakers • (2) DisplayPort Video Input **Guest PC** • DisplayPort Video Input • HDMI Video Input • VGA Video Input • 3.5mm Stereo Input • (1) USB 2.0 type B Touchback™ Output
+Sensors | (2) Passive Infrared Presence Sensors, Ambient Light Sensors
+Speakers | (2) Front-facing stereo speakers
+Microphone | High-Performance, 4-Element Array
+Camera | (2) Wide angle HD cameras 1080p @ 30fps
+Pen | (2) Powered, active, subpixel accuracy
+Physical side buttons | Power, Input Select, Volume, Brightness
+Software | Windows 10 + Office (Word, PowerPoint, Excel)
+What’s in the box | • Surface Hub 84” • (2) Surface Hub Pens • Power Cable • Setup Guide • Safety and Warranty documents • Wireless All-in-One Keyboard
+Mounting features | 4X VESA standard, 1200mm x 600mm pattern, 8X M8 X 1.25 threaded mounting locations
+Display height from floor | Recommended height of 54 inches (139.7 cm) to center of screen
+Product weight | Approx. 280 lb. (127 kg.)
+Product shipping weight | Approx. 580 lb. (263 kg.)
+Product dimensions HxWxD | 46 x 86.9 x 4.1 inches (116.8 x 220.6 x 10.4 cm)
+Product shipping dimensions HxWxD | 66.14 x 88.19 x 24.4 inches (168 x 224 x 62 cm)
+Product thickness | Touch surface to mounting surface: ≤ 3.1 inches (7.8 cm)
+Orientation | Landscape only. Display cannot be used in a portrait orientation.
+BTU | 3070.8 BTU/h
+Image resolution | 3840 x 2160
+Frame rate | 120Hz
+Contrast Ratio | 1400:1
+EDID preferred timing, replacement PC | 3840 x 2140, 120Hz vertical refresh
+EDID preferred timing, wired connect | 1920 x 1080, 60Hz vertical refresh
+Input voltage | 110/230v nominal, 90-265v max
+Input power, operating | 900W max
+Input power, standby | 5W nominal, 1-10W max
+
+
+## Replacement PC connections
+
+Connector and location | Label | Description
+--- | --- | ---
+Switch, bottom I/O |  | Switches the function between using internal PC or external PC.
+Display port, bottom I/O |  | Provides input for replacement PC.
+Display port, bottom I/O |  | Provides second input for replacement PC.
+USB type B, bottom I/O |  | Provides USB connection for replacement PC to internal peripherals.
+USB type B, bottom I/O |  | Provides USB connection for integrated hub.
+
+
+## Wired connect connections
+
+Connector and location | Label | Description
+--- | --- | ---
+Display port, bottom I/O |  | Provides input for wired connect PC.
+HDMI, bottom I/O |  | Provides HDMI input for wired connect PC.
+VGA, bottom I/O |  | Provides VGA input for wired connect PC.
+3.5mm, bottom I/O |  | Provides analog audio input.
+USB type B, bottom I/O |  | Provides USB connection for video ingest touchback.
+
+## Additional connections
+
+Connector and location | Label | Description
+--- | --- | ---
+USB type A, side I/O |  | Provides 1 USB 3.0 connection for USB devices. Wake-on USB capable.
+USB type A, bottom I/O with blue insulator |  | Provides USB 3.0 connection.
+3.5mm, bottom I/O |  | Provides analog audio out.
+Display port, bottom I/O |  | Provides mirrored video out function to another display.
+IEC/EN60320-C13 receptacle with hard switch |  | Provides AC input and compliance with EU power requirements.
+RJ45, bottom I/O |  | Connects to Ethernet.
+RJ11, bottom I/O |  | Connects to room control systems.
+
+
+
+
+
+
+
+## Diagrams of ports and clearances
+
+***Top view of 84" Surface Hub***
+
+
+
+---
+
+
+***Front view of 84" Surface Hub***
+
+
+
+
+---
+
+***Bottom view of 84" Surface Hub***
+
+
+
+
+---
+
+***Replacement PC ports on 84" Surface Hub***
+
+
+
+
+
+---
+
+***Rear view of 84" Surface Hub***
+
+
+
+
+---
+
+***Clearances for 84" Surface Hub***
+
+
+
+---
+
+
+***Removable lifting handles on 84” Surface Hub ***
+
+
+
+
+---
+
+
+***Wall mount threads on back of 84” Surface Hub ***
+
+
+
+---
+***Lifting handles in top view of 84” Surface Hub***
+
+
+
+---
+***Side view of 84” Surface Hub***
+
+
+
+
diff --git a/devices/surface-hub/surface-hub-update-history.md b/devices/surface-hub/surface-hub-update-history.md
new file mode 100644
index 0000000000..943400d44c
--- /dev/null
+++ b/devices/surface-hub/surface-hub-update-history.md
@@ -0,0 +1,528 @@
+---
+title: Surface Hub update history
+description: Surface Hub update history
+ms.assetid: d66a9392-2b14-4cb2-95c3-92db0ae2de34
+keywords:
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Surface Hub update history
+
+Windows 10 was designed to be a service, which means it automatically gets better through periodic software updates. The great news is that you usually don’t have to do anything to get the latest Windows 10 updates—they'll download and install whenever they’re available.
+
+Most Windows updates focus on performance and security improvements to keep you going 24/7.
+
+One thing we’re hearing from you is that you want to know more about what's in our Windows 10 updates, so we're providing more details on this page. In the list below, the most recent Windows update is listed first. Installing the most recent update ensures that you also get any previous updates you might have missed, including security updates. Microsoft Store apps are updated through the Microsoft Store (managed by the Surface Hub's system administrator). Details about app updates are provided on a per-app basis.
+We'll be refreshing this page as new updates are released, so stay tuned for the latest info. And thank you for helping us learn and get better with each update!
+
+Please refer to the “[Surface Hub Important Information](https://support.microsoft.com/products/surface-devices/surface-hub)” page for related topics on current and past releases that may require your attention.
+
+## Windows 10 Team Creators Update 1703
+
+
+September 24, 2019—update for Team edition based on KB4516059* (OS Build 15063.2078)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+ * Update to Surface Hub 2S Recovery Settings page to accurately reflect recovery options.
+ * Update to Surface Hub 2S Welcome screen to improve device recognizability.
+ * Addressed an issue with the Windows Team Edition shell background displaying incorrectly.
+ * Addressed an issue with Start Menu layout persistence when configured using MDM policy.
+ * Fixed an issue in Microsoft Edge that occurs when browsing some internal websites.
+ * Fixed an issue in Skype for Business that occurs when presenting in full-screen mode.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4503289](https://support.microsoft.com/help/4503289)
+
+
+
+August 17, 2019—update for Team edition based on KB4512474* (OS Build 15063.2021)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+ * Ensures that Video Out on Hub 2S defaults to "Duplicate" mode.
+ * Improves reliability for some Arabic language usage scenarios on Surface Hub.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4503289](https://support.microsoft.com/help/4503289)
+
+
+
+June 18, 2019—update for Team edition based on KB4503289* (OS Build 15063.1897)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Addresses an issue with log collection for Microsoft Surface Hub 2S.
+* Addresses an issue preventing a user from signing in to a Microsoft Surface Hub device with an Azure Active Directory account. This issue occurs because a previous session did not end successfully.
+* Adds support for TLS 1.2 connections to identity providers and Exchange in device account setup scenarios.
+* Fixes to improve reliability of Hardware Diagnostic App on Hub 2S.
+* Fix to improve consistency of first-run setup experience on Hub 2S.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4503289](https://support.microsoft.com/help/4503289)
+
+
+
+May 28, 2019—update for Team edition based on KB4499162* (OS Build 15063.1835)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Ensures that Surface Hub users aren't prompted to enter proxy credentials after the "Use device account credentials" feature has been enabled.
+* Resolves an issue where Skype connections fail periodically because audio/video isn't using the correct proxy.
+* Adds support for TLS 1.2 in Skype for Business.
+* Resolves a SIP connection failure in the Skype client when the Skype server has TLS 1.0 or TLS 1.1 disabled.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4499162](https://support.microsoft.com/help/4499162)
+
+
+
+April 25, 2019—update for Team edition based on KB4493436* (OS Build 15063.1784)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves video and audio sync issue with some USB devices that are connected to the Surface Hub.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4493436](https://support.microsoft.com/help/4493436)
+
+
+
+November 27, 2018—update for Team edition based on KB4467699* (OS Build 15063.1478)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Addresses an issue that prevents some users from Signing-In to “My Meetings and Files.”
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KBKB4467699](https://support.microsoft.com/help/KB4467699)
+
+
+
+October 18, 2018 —update for Team edition based on KB4462939* (OS Build 15063.1418)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business fixes:
+ * Resolves Skype for Business connection issue when resuming from sleep
+ * Resolves Skype for Business network connection issue, when device is connected to Internet
+ * Resolves Skype for Business crash when searching for users from directory
+* Resolves issue where the Hub mistakenly reports “No Internet connection” in enterprise proxy environments.
+* Implemented a feature allowing customers to op-in to a new Whiteboard experience.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4462939](https://support.microsoft.com/help/4462939)
+
+
+
+August 31, 2018 —update for Team edition based on KB4343889* (OS Build 15063.1292)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Adds support for Microsoft Teams
+* Resolves task management issue with Intune registration
+* Enables Administrators to disable Instant Messaging and Email services for the Hub
+* Additional bug fixes and reliability improvements for the Surface Hub Skype for Business App
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4343889](https://support.microsoft.com/help/4343889)
+
+
+
+June 21, 2018 —update for Team edition based on KB4284830* (OS Build 15063.1182)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Telemetry change in support of GDPR requirements in EMEA
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4284830](https://support.microsoft.com/help/KB4284830)
+
+
+
+April 17, 2018 —update for Team edition based on KB4093117* (OS Build 15063.1058)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves a wired projection issue
+* Enables bulk update for certain MDM (Mobile Device Management) policies
+* Resolves phone dialer issue with international calls
+* Addresses image resolution issue when 2 Surface Hubs join the same meeting
+* Resolves OMS (Operations Management Suite) certificate handling error
+* Addresses a security issue when cleaning up at the end of a session
+* Addresses Miracast issue, when Surface Hub is specified to channels 149 through 165
+ * Channels 149 through 165 will continue to be unusable in Europe, Japan or Israel due to regional governmental regulations
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4093117](https://support.microsoft.com/help/4093117)
+
+
+
+February 23, 2018 —update for Team edition based on KB4077528* (OS Build 15063.907)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolved an issue where MDM settings were not being correctly applied
+* Improved Cleanup process
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4077528](https://support.microsoft.com/help/4077528)
+
+
+
+January 16, 2018 —update for Team edition based on KB4057144* (OS Build 15063.877)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Adds ability to manage Start Menu tile layout via MDM
+* MDM bug fix on password rotation configuration
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4057144](https://support.microsoft.com/help/4057144)
+
+
+
+December 12, 2017 —update for Team edition based on KB4053580* (OS Build 15063.786)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves camera video flashes (tearing or flickers) during Skype for Business calls
+* Resolves Notification Center SSD ID issue
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4053580](https://support.microsoft.com/help/4053580)
+
+
+
+November 14, 2017 —update for Team edition based on KB4048954* (OS Build 15063.726)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Feature update that allows customers to enable 802.1x wired network authentication using MDM policy.
+* A feature update that enables users to dynamically select an application of their choice when opening a file.
+* Fix that ensures that End Session cleanup fully removes all connections between the user’s account and the device.
+* Performance fix that improves cleanup time as well as Miracast connection time.
+* Introduces Easy Authentication utilization during ad-hock meetings.
+* Fix that ensures service components to use the same proxy that is configured across the device.
+* Reduces and more thoroughly secures the telemetry transmitted by the device, reducing bandwidth utilization.
+* Enables a feature allowing users to provide feedback to Microsoft after a meeting concludes.
+
+Please refer to the [Surface Hub Admin guide](https://docs.microsoft.com/surface-hub/) for enabling/disabling device features and services.
+*[KB4048954](https://support.microsoft.com/help/4048954)
+
+
+
+October 10, 2017 —update for Team edition based on KB4041676* (OS Build 15063.674)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business
+ * Resolves issue that required a device reboot when resuming from sleep.
+ * Fixes issue where external contacts did not resolve through Skype Online Hub account.
+* PowerPoint
+ * Fixes problem where some PowerPoint presentations would not project on Hub.
+* General
+ * Fix to resolve issue where USB port could not be disabled by System Administrator.
+
+*[KB4041676](https://support.microsoft.com/help/4041676)
+
+
+
+September 12, 2017 —update for Team edition based on KB4038788* (OS Build 15063.605)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Security
+ * Resolves issue with Bitlocker when device wakes from sleep.
+* General
+ * Reduces frequency/amount of device health telemetry, improving system performance.
+ * Fixes issue that prevented device from collecting system logs.
+
+*[KB4038788](https://support.microsoft.com/help/4038788)
+
+
+
+August 1, 2017 — update for Team edition based on KB4032188* (OS Build 15063.498)
+
+* Skype for Business
+ * Resolves Skype for Business Sign-In issue, which required retry or system reboot.
+ * Resolves Skype for Business meeting time being incorrectly displayed.
+ * Fixes to improve Surface Hub Skype for Business reliability.
+
+*[KB4032188](https://support.microsoft.com/help/4032188)
+
+
+
+June 27, 2017 — update for Team edition based on KB4022716* (OS Build 15063.442)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Address NVIDIA driver crashes that may necessitate sleeping 84” Surface Hub to power down, requiring a manual restart.
+* Resolved an issue where some apps fail to launch on an 84” Surface Hub.
+
+*[KB4022716](https://support.microsoft.com/help/4022716)
+
+
+
+June 13, 2017 — update for Team edition based on KB4022725* (OS Build 15063.413)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Resolved Pen ink dropping issues with pens
+ * Resolved issue causing extended time to “cleanup” meeting
+
+*[KB4022725](https://support.microsoft.com/help/4022725)
+
+
+
+May 24, 2017 — update for Team edition based on KB4021573* (OS Build 15063.328)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Resolved issue with proxy setting retention during update issue
+
+*[KB4021573](https://support.microsoft.com/help/4021573)
+
+
+
+May 9, 2017 — update for Team edition based on KB4016871* (OS Build 15063.296)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Addressed sleep/wake cycle issue
+ * Resolved several Reset and Recovery issues
+ * Addressed Update History tab issue
+ * Resolved Miracast service launch issue
+* Apps
+ * Fixed App package update error
+
+*[KB4016871](https://support.microsoft.com/help/4016871)
+
+
+
+Windows 10 Team Creators Update 1703 for Surface Hub — General Release notes (OS Build 15063.0)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Evolving the large screen experience
+ * Improved the meeting carousel in Welcome and Start
+ * Join meetings and end the session directly from the Start menu
+ * Apps can utilize more of the screen during a session
+ * Simplified Skype controls
+ * Improved mechanisms for providing feedback
+* Access My Personal Content*
+ * Personal single sign-on from Welcome or Start
+ * Join meetings and end the session directly from the Start menu
+ * Access personal files through OneDrive for Business directly from Start
+ * Pre-populated attendee sign-in
+ * Streamlined authentication flows with “Authenticator” app**
+* Deployment & Manageability
+ * Simplified OOBE experience through bulk provisioning
+ * Cloud-based device recovery service
+ * Enterprise client certificate support
+ * Improved proxy credential support
+ * Added and /improved Skype Quality of Service (QoS) configuration support
+ * Added ability to set default device volume in Settings
+ * Improved MDM support for Surface Hub [settings](https://docs.microsoft.com/surface-hub/remote-surface-hub-management)
+* Improved Security
+ * Added ability to restrict USB drives to BitLocker only
+ * Added ability to disable USB ports via MDM
+ * Added ability to disable “Resume session” functionality on timeout
+ * Addition of wired 802.1x support
+* Audio and Projection
+ * Dolby Audio “Human Speaker” enhancements
+ * Reduced “pen tap” sounds when using Pen during Skype for Business calls
+ * Added support for Miracast infrastructure connections
+* Reliability and Performance fixes
+ * Resolved several Reset and Recovery issues
+ * Resolved Surface Hub Exchange authentication issue when utilizing client certificates
+ * Improved Wi-Fi network connection and credentials stability
+ * Fixed Miracast audio popping and sync issues during video playback
+ * Included setting to disable auto connect behavior
+
+*Single sign-in feature requires use of Office365 and OneDrive for Business
+**Refer to Admin Guide for service requirements
+
+
+
+## Windows 10 Team Anniversary Update 1607
+
+
+March 14th, 2017 — update for Team edition based on KB4013429* (OS Build 14393.953)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* General
+ * Security fix for File Explorer to prevent navigation to restricted file locations
+* Skype for Business
+ * Fix to address latency during Remote Desktop based screen sharing
+
+*[KB4013429](https://support.microsoft.com/help/4013429)
+
+
+
+January 10th, 2017 — update for Team edition based on KB4000825* (OS Build 14393.693)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Enabled selection of 106/109 Keyboard Layouts for use with physical Japanese keyboards
+
+*[KB4000825](https://support.microsoft.com/help/4000825)
+
+
+
+December 13, 2016 — update for Team edition based on KB3206632* (OS Build 14393.576)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Resolves wired connection audio distortion issue
+
+*[KB3206632](https://support.microsoft.com/help/3206632)
+
+
+
+November 4, 2016 — update for Windows 10 Team Anniversary edition based on KB3200970* (OS Build 14393.447)
+
+This update to the Windows 10 Team Anniversary Update (version 1607) for Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business bug fixes to improve reliability
+
+*[KB3200970](https://support.microsoft.com/help/3200970)
+
+
+
+October 25, 2016 — update for Team edition based on KB3197954* (OS Build 14393.351)
+
+This update to the Surface Hub includes quality improvements and security fixes. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Enabling new Sleep feature in OS and Bios to reduce the Surface Hub’s power consumption and improve its long-term reliability
+* General
+ * Resolves scenarios where the on-screen keyboard would sometimes not appear
+ * Resolves Whiteboard application shift that occasionally occurs when opening scheduled meeting
+ * Resolves issue that prevented Admins from changing the local administrator password, after device has been Reset
+ * BIOS change resolving issue with status bar tracking during device Reset
+ * UEFI update to resolve powering down issues
+
+*[KB3197954](https://support.microsoft.com/help/3197954)
+
+
+
+October 11, 2016 — update for Team edition based on KB3194496* (OS Build 14393.222)
+
+This update brings the Windows 10 Team Anniversary Update to Surface Hub and includes quality improvements and security fixes. (Your device will be running Windows 10 Version 1607 after it's installed.) Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Skype for Business
+ * Performance improvements when joining meetings, including issues when joining a meeting using federated accounts
+ * Video Based Screen Sharing (VBSS) support now available on Skype for Business for Surface Hub
+ * Resolved disconnection after 5 minutes of idle time issue
+ * Resolved Skype Hub-to-Hub screen sharing failure
+ * Improvements to Skype video, including:
+ * Loss of video during meeting with multiple video presenters
+ * Video cropping during calls
+ * Outgoing call video not displaying for other participants
+ * Addressed issue with UPN sign in error
+ * Addressed issue with dial pad during use of Session Initiation Protocol (SIP) calls
+* Whiteboard
+ * User can now save and recall Whiteboard sessions using OneDrive online service (via Share functionality)
+ * Improved launching Whiteboard when removing pen from dock
+* Apps
+ * Pre-installed OneDrive app, for access to your personal and work files
+ * Pre-installed Photos app, to view photos and video
+ * Pre-installed PowerBI app, to view dashboards
+ * The Office apps – Word, Excel, PowerPoint – are all ink-enabled
+ * Edge on Surface Hub now supports Flash-based websites
+* General
+ * Enabled Audio Device Selection (for Surface Hubs attached using external audio devices)
+ * Enabled support for HDCP on DisplayPort output connector
+ * System UI changes to settings for usability optimization (refer to [User and Admin Guides](https://www.microsoft.com/surface/support/surface-hub) for additional details)
+ * Bug fixes and performance optimizations to speed up the Azure Active Directory sign-in flow
+ * Significantly improved time needed to reset and restore Surface Hub
+ * Windows Defender UI has been added within settings
+ * Improved UX touch to start
+ * Enabled support for greater than 1080p wireless projection via Miracast, on supported devices
+ * Resolved “There’s no internet connection” and “Appointments may be out of date” false notification states from launch
+ * Improved reliability of on-screen keyboard
+ * Additional support for creating Surface Hub provisioning packages using Windows Imaging & Configuration Designer (ICD) and improved Surface Hub monitoring solution on Operations Management Suite (OMS)
+
+*[KB3194496](https://support.microsoft.com/help/3194496)
+
+
+## Updates for Windows 10 Version 1511
+
+
+November 4, 2016 — update for Windows 10 Team (version 1511) on KB3198586* (OS Build 10586.679)
+
+This update to the Windows 10 Team edition (version 1511) to Surface Hub includes quality improvements and security fixes that are outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history). There are no Surface Hub specific items in this update.
+
+*[KB3198586](https://support.microsoft.com/help/3198586)
+
+
+
+July 12, 2016 — KB3172985* (OS Build 10586.494)
+
+This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes specific to the Surface Hub (those not already included in the [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history)), include:
+
+* Fixed issue that caused Windows system crashes
+* Fixed issue that caused repeated Edge crashes
+* Fixed issue causing pre-shutdown service crashes
+* Fixed issue where some app data wasn’t properly removed after a session
+* Updated Broadcom NFC driver to improve NFC performance
+* Updated Marvell Wi-Fi driver to improve Miracast performance
+* Updated Nvidia driver to fix a display bug in which 84" Surface Hub devices show dim or fuzzy content
+* Numerous Skype for Business issues fixed, including:
+ * Issue that caused Skype for Business to disconnect during meetings
+ * Issue in which users were unable to join meetings when the meeting organizer was on a federated configuration
+ * Enabling Skype for Business application sharing
+ * Issue that caused Skype application crashes
+* Added a prompt in “Settings” to inform users that the OS can become corrupted if device reset is interrupted before completion
+
+*[KB3172985](https://support.microsoft.com/help/3172985)
+
+
+
+June 14, 2016 — KB3163018* (OS Build 10586.420)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Constrained release. Refer to July 12, 2016 — [KB3172985](https://support.microsoft.com/en-us/help/3172985) (OS Build 10586.494) for Surface Hub specific package details
+
+*[KB3163018](https://support.microsoft.com/help/3163018)
+
+
+
+May 10, 2016 — KB3156421* (OS Build 10586.318)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Fixed issue that prevented certain Store apps (OneDrive) from installing
+* Fixed issue that caused touch input to stop responding in applications
+
+*[KB3156421](https://support.microsoft.com/help/3156421)
+
+
+
+April 12, 2016 — KB3147458* (OS Build 10586.218)
+
+This update to the Surface Hub includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key updates to Surface Hub, not already outlined in [Windows 10 Update History](https://support.microsoft.com/help/4018124/windows-10-update-history), include:
+
+* Fixed issue where volume level wasn’t properly reset between sessions
+
+*[KB3147458](https://support.microsoft.com/help/3147458)
+
+
+## Related topics
+
+* [Windows 10 feature roadmap](https://go.microsoft.com/fwlink/p/?LinkId=785967)
+* [Windows 10 release information](https://go.microsoft.com/fwlink/p/?LinkId=724328)
+* [Windows 10 November update: FAQ](https://windows.microsoft.com/windows-10/windows-update-faq)
+* [Microsoft Surface update history](https://go.microsoft.com/fwlink/p/?LinkId=724327)
+* [Microsoft Lumia update history](https://go.microsoft.com/fwlink/p/?LinkId=785968)
+* [Get Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=616447)
diff --git a/devices/surface-hub/surface-hub-wifi-direct.md b/devices/surface-hub/surface-hub-wifi-direct.md
index c4051021b6..8d94858bfa 100644
--- a/devices/surface-hub/surface-hub-wifi-direct.md
+++ b/devices/surface-hub/surface-hub-wifi-direct.md
@@ -1,113 +1,117 @@
---
title: How Surface Hub addresses Wi-Fi Direct security issues
-description: This topic provides guidance on Wi-Fi Direct security risks.
+description: Guidance about Wi-Fi Direct security risks.
keywords: change history
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 11/27/2019
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
# How Surface Hub addresses Wi-Fi Direct security issues
-Microsoft Surface Hub is an all-in-one productivity device that enables teams to better brainstorm, collaborate, and share ideas. Surface Hub relies on Miracast for wireless projection by using Wi-Fi Direct.
+Microsoft Surface Hub is an all-in-one productivity device that enables teams to better brainstorm, collaborate, and share ideas. Surface Hub relies on Miracast for wireless projection through Wi-Fi Direct.
-This topic provides guidance on Wi-Fi Direct security vulnerabilities, how Surface Hub has addressed those risks, and how Surface Hub administrators can configure the device for the highest level of security. This hardening information will help customers with high security requirements understand how best to protect their Surface Hub connected networks and data in transit.
+This article describes Wi-Fi Direct security vulnerabilities, how Surface Hub addresses those risks, and how administrators can configure Surface Hub for the highest level of security. This information will help customers who have high security requirements protect their Surface Hub-connected networks and data in transit.
-The intended audiences for this topic include IT and network administrators interested in deploying Microsoft Surface Hub in their corporate environment with optimal security settings.
+The intended audiences for this article are IT and network administrators who want to deploy Surface Hub in their corporate environment with optimal security settings.
## Overview
-Microsoft Surface Hub's security depends extensively on Wi-Fi Direct / Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Since the device only supports WPS (as opposed to WPA2 Pre-Shared Key (PSK) or WPA2 Enterprise), issues traditionally associated with 802.11 encryption are simplified by design.
+Security for Surface Hub depends extensively on Wi-Fi Direct/Miracast and the associated 802.11, Wi-Fi Protected Access (WPA2), and Wireless Protected Setup (WPS) standards. Because the device only supports WPS (as opposed to WPA2 Pre-Shared Key [PSK] or WPA2 Enterprise), the issues often associated with 802.11 encryption are simplified.
-It is important to note Surface Hub operates on par with the field of Miracast receivers, meaning that it is protected from, and vulnerable to, a similar set of exploits as all WPS-based wireless network devices. But Surface Hub’s implementation of WPS has extra precautions built in, and its internal architecture helps prevent an attacker – even after compromising the Wi-Fi Direct / Miracast layer – to move past the network interface onto other attack surfaces and connected enterprise networks see [Wi-Fi Direct vulnerabilities and how Surface Hub addresses them](#vulnerabilities).
+Surface Hub operates on par with the field of Miracast receivers. So, it's vulnerable to a similar set of exploits as all WPS-based wireless network devices. But the Surface Hub implementation of WPS has extra precautions built in. Also, its internal architecture helps prevent an attacker who has compromised the Wi-Fi Direct/Miracast layer from moving past the network interface onto other attack surfaces and connected enterprise networks.
## Wi-Fi Direct background
-Miracast is part of the Wi-Fi Display standard, which itself is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration.
+Miracast is part of the Wi-Fi Display standard, which is supported by the Wi-Fi Direct protocol. These standards are supported in modern mobile devices for screen sharing and collaboration.
-Wi-Fi Direct or Wi-Fi "Peer to Peer" (P2P) is a standard released by the Wi-Fi Alliance for "Ad-Hoc" networks. This allows supported devices to communicate directly and create groups of networks without requiring a traditional Wi-Fi Access Point or an Internet connection.
+Wi-Fi Direct or Wi-Fi "peer to peer" (P2P) is a standard from the Wi-Fi Alliance for "Ad-Hoc" networks. Supported devices can communicate directly and create groups of networks without a conventional Wi-Fi access point or Internet connection.
-Security for Wi-Fi Direct is provided by WPA2 using the WPS standard. Authentication mechanism for devices can be a numerical pin (WPS-PIN), a physical or virtual Push Button (WPS-PBC), or an out-of-band message such as Near Field Communication (WPS-OOO). The Microsoft Surface Hub supports both Push Button (which is the default) and PIN methods.
+Security for Wi-Fi Direct is provided by WPA2 under the WPS standard. The authentication mechanism for devices can be a numerical pin (WPS-PIN), a physical or virtual push button (WPS-PBC), or an out-of-band message such as near field communication (WPS-OOO). Surface Hub supports both the PIN method and the push-button method, which is the default.
-In Wi-Fi Direct, groups are created as either "persistent," allowing for automatic reconnection using stored key material, or "temporary," where devices cannot re-authenticate without user intervention or action. Wi-Fi Direct groups will typically determine a Group Owner (GO) through a negotiation protocol, which mimics the "station" or "Access Point" functionality for the established Wi-Fi Direct Group. This Wi-Fi Direct GO provides authentication (via an “Internal Registrar”), and facilitate upstream network connections. For Surface Hub, this GO negotiation does not take place, as the network only operates in "autonomous" mode, where Surface Hub is always the Group Owner. Finally, Surface Hub does not and will not join other Wi-Fi Direct networks itself as a client.
+In Wi-Fi Direct, groups are created as one of the following types:
+- *Persistent*, in which automatic reconnection can occur by using stored key material
+- *Temporary*, in which devices can't re-authenticate without user action
-
-## Wi-Fi Direct vulnerabilities and how Surface Hub addresses them
+Wi-Fi Direct groups determine a *group owner* (GO) through a negotiation protocol, which mimics the "station" or "access point" functionality for the established Wi-Fi Direct group. The Wi-Fi Direct GO provides authentication (via an "internal registrar") and facilitates upstream network connections. For Surface Hub, this GO negotiation doesn't occur. The network only operates in "autonomous" mode, and Surface Hub is always the group owner. Finally, Surface Hub itself doesn't join other Wi-Fi Direct networks as a client.
-**Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process**: Wi-Fi Direct / Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes.
+## How Surface Hub addresses Wi-Fi Direct vulnerabilities
-|Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+**Vulnerabilities and attacks in the Wi-Fi Direct invitation, broadcast, and discovery process:** Wi-Fi Direct/Miracast attacks may target weaknesses in the group establishment, peer discovery, device broadcast, or invitation processes.
+
+|Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| The discovery process may remain active for an extended period of time, which could allow Invitations and connections to be established without the intent of the device owner. | Surface Hub only operates as the Group Owner (GO), which does not perform the client Discovery or GO negotiation process. Broadcast can be turned off by fully disabling wireless projection. |
-| Invitation and discovery using PBC allows an unauthenticated attacker to perform repeated connection attempts or unauthenticated connections are automatically accepted. | By requiring WPS PIN security, Administrators can reduce the potential for such unauthorized connections or "Invitation bombs" (where invitations are repeatedly sent until a user mistakenly accepts one). |
+| The discovery process may remain active for an extended period of time, which could allow invitations and connections to be established without the approval of the device owner. | Surface Hub only operates as the group owner, which doesn't perform the client discovery or GO negotiation processes. You can fully disable wireless projection to turn off broadcast. |
+| Invitation and discovery through PBC allows an unauthenticated attacker to perform repeated connection attempts, or unauthenticated connections are automatically accepted. | By requiring WPS PIN security, administrators can reduce the potential for such unauthorized connections or "invitation bombs," in which invitations are repeatedly sent until a user mistakenly accepts one. |
-**Wi-Fi Protected Setup (WPS) Push Button Connect (PBC) vs PIN Entry**: Public weaknesses have been demonstrated in WPS-PIN method design and implementation, other vulnerabilities exist within WPS-PBC involving active attacks against a protocol designed for one time use.
+**Wi-Fi Protected Setup (WPS) push button connect (PBC) vs PIN entry:** Public weaknesses have been demonstrated in WPS-PIN method design and implementation. WPS-PBC has other vulnerabilities that could allow active attacks against a protocol that's designed for one-time use.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| WPS-PBC is vulnerable to active attackers. As stated within the WPS specification: "The PBC method has zero bits of entropy and only protects against passive eavesdropping attacks. PBC protects against eavesdropping attacks and takes measures to prevent a device from joining a network that was not selected by the device owner. The absence of authentication, however, means that PBC does not protect against active attack". Attackers can use selective wireless jamming or other potential denial-of-service vulnerabilities in order to trigger an unintended Wi-Fi Direct GO or connection. Additionally, an active attacker, with only physical proximity, can repeatedly teardown any Wi-Fi Direct group and attempt the described attack until it is successful. |Enable WPS-PIN security within Surface Hub’s configuration. As discussed within the Wi-Fi WPS specification: "The PBC method should only be used if no PIN-capable Registrar is available and the WLAN user is willing to accept the risks associated with PBC". |
-| WPS-PIN implementations can be brute-forced using a Vulnerability within the WPS standard. Due to the design of split PIN verification, a number of implementation vulnerabilities occurred in the past several years across a wide range of Wi-Fi hardware manufacturers. In 2011 two researchers (Stefan Viehböck and Craig Heffner) released information on this vulnerability and tools such as "Reaver" as a proof of concept. | The Microsoft implementation of WPS within Surface Hub changes the pin every 30 seconds. In order to crack the pin, an attacker must work through the entire exploit in less than 30 seconds. Given the current state of tools and research in this area, a brute-force pin-cracking attack through WPS is unlikely. |
-| WPS-PIN can be cracked using an offline attack due to weak initial key (E-S1,E S2) entropy. In 2014, Dominique Bongard discussed a "Pixie Dust" attack where poor initial randomness for the pseudo random number generator (PRNG) within the wireless device lead to the ability to perform an offline brute-force attack. | The Microsoft implementation of WPS within Surface Hub is not susceptible to this offline PIN brute-force attack. The WPS-PIN is randomized for each connection. |
+| WPS-PBC is vulnerable to active attackers. The WPS specification states: "The PBC method has zero bits of entropy and only protects against passive eavesdropping attacks. PBC protects against eavesdropping attacks and takes measures to prevent a device from joining a network that was not selected by the device owner. The absence of authentication, however, means that PBC does not protect against active attack." Attackers can use selective wireless jamming or other denial-of-service techniques to trigger an unintended Wi-Fi Direct GO or connection. Also, an active attacker who merely has physical proximity can repeatedly tear down any Wi-Fi Direct group and attempt the attack until it succeeds. | Enable WPS-PIN security in Surface Hub configuration. The Wi-Fi WPS specification states: "The PBC method should only be used if no PIN-capable registrar is available and the WLAN user is willing to accept the risks associated with PBC." |
+| WPS-PIN implementations can be subject to brute-force attacks that target a vulnerability in the WPS standard. The design of split PIN verification led to multiple implementation vulnerabilities over the past several years across a range of Wi-Fi hardware manufacturers. In 2011, researchers Stefan Viehböck and Craig Heffner released information about this vulnerability and tools such as "Reaver" as a proof of concept. | The Microsoft implementation of WPS in Surface Hub changes the PIN every 30 seconds. To crack the PIN, an attacker must complete the entire exploit in less than 30 seconds. Given the current state of tools and research in this area, a brute-force PIN-cracking attack through WPS is unlikely to succeed. |
+| WPS-PIN can be cracked by an offline attack because of weak initial key (E-S1,E S2) entropy. In 2014, Dominique Bongard described a "Pixie Dust" attack where poor initial randomness for the pseudo random number generator (PRNG) in the wireless device allowed an offline brute-force attack. | The Microsoft implementation of WPS in Surface Hub is not susceptible to this offline PIN brute-force attack. The WPS-PIN is randomized for each connection. |
-**Unintended exposure of network services**: Network daemons intended for Ethernet or WLAN services may be accidentally exposed due to misconfiguration (such as binding to “all”/0.0.0.0 interfaces), a poorly configured device firewall, or missing firewall rules altogether.
+**Unintended exposure of network services:** Network daemons that are intended for Ethernet or WLAN services may be accidentally exposed because of misconfiguration (such as binding to "all"/0.0.0.0 interfaces). Other possible causes include a poorly configured device firewall or missing firewall rules.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| Misconfiguration binds a vulnerable or unauthenticated network service to "all" interfaces, which includes the Wi-Fi Direct interface. This potentially exposes services not intended to be accessible to Wi-Fi Direct clients, which may be weakly or automatically authenticated. | Within Surface Hub, the default firewall rules only permit the required TCP and UDP network ports and by default deny all inbound connections. Strong authentication can be configured by enabling the WPS-PIN mode. |
+| Misconfiguration binds a vulnerable or unauthenticated network service to "all" interfaces, which includes the Wi-Fi Direct interface. This can expose services that shouldn't be accessible to Wi-Fi Direct clients, which may be weakly or automatically authenticated. | In Surface Hub, the default firewall rules only permit the required TCP and UDP network ports and by default deny all inbound connections. Configure strong authentication by enabling the WPS-PIN mode.|
-**Bridging Wi-Fi Direct and other wired or wireless networks**: While network bridging between WLAN or Ethernet networks is a violation of the Wi-Fi Direct specification, such a bridge or misconfiguration may effectively lower or remove wireless access controls for the internal corporate network.
+**Bridging Wi-Fi Direct and other wired or wireless networks:** Network bridging between WLAN or Ethernet networks is a violation of the Wi-Fi Direct specification. Such a bridge or misconfiguration may effectively lower or remove wireless access controls for the internal corporate network.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| Wi-Fi Direct devices could allow unauthenticated or poorly authenticated access to bridged network connections. This may allow Wi-Fi Direct networks to route traffic to internal Ethernet LAN or other infrastructure or enterprise WLAN networks in violation of existing IT security protocols. | Surface Hub cannot be configured to bridge Wireless interfaces or allow routing between disparate networks. The default firewall rules add defense in depth to any such routing or bridge connections. |
+| Wi-Fi Direct devices could allow unauthenticated or poorly authenticated access to bridged network connections. This might allow Wi-Fi Direct networks to route traffic to internal Ethernet LAN or other infrastructure or to enterprise WLAN networks in violation of existing IT security protocols. | Surface Hub can't be configured to bridge wireless interfaces or allow routing between disparate networks. The default firewall rules add defense in depth to any such routing or bridge connections. |
-**The use of Wi-Fi Direct “legacy” mode**: Exposure to unintended networks or devices when operating in “legacy” mode may present a risk. Device spoofing or unintended connections could occur if WPS-PIN is not enabled.
+**The use of Wi-Fi Direct "legacy" mode:** Exposure to unintended networks or devices may occur when you operate in "legacy" mode. Device spoofing or unintended connections could occur if WPS-PIN is not enabled.
-
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| By supporting both Wi-Fi Direct and 802.11 infrastructure clients, the system is operating in a "legacy" support mode. This may expose the connection setup phase indefinitely, allowing for groups to be joined or devices invited to connect well after their intended setup phase terminates. | Surface Hub does not support Wi-Fi Direct legacy clients. Only Wi-Fi Direct connections can be made to Surface Hub even when WPS-PIN mode is enabled. |
+| By supporting both Wi-Fi Direct and 802.11 infrastructure clients, the system is operating in a "legacy" support mode. This may expose the connection-setup phase indefinitely, allowing groups to be joined or devices invited to connect well after their intended setup phase terminates. | Surface Hub doesn't support Wi-Fi Direct legacy clients. Only Wi-Fi Direct connections can be made to Surface Hub even when WPS-PIN mode is enabled. |
-**Wi-Fi Direct GO negotiation during connection setup**: The Group Owner within Wi-Fi Direct is analogous to the “Access Point” in a traditional 802.11 wireless network. The negotiation can be gamed by a malicious device.
+**Wi-Fi Direct GO negotiation during connection setup:** The group owner in Wi-Fi Direct is analogous to the "access point" in a conventional 802.11 wireless network. The negotiation can be gamed by a malicious device.
-|Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+|Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| If groups are dynamically established or if the Wi-Fi Direct device can be made to join new groups, the Group Owner (GO) negotiation can be won by a malicious device that always specifies the max Group Owner "intent" value of 15. (Unless such device is configured to always be a Group Owner, in which case the connection fails.) | Surface Hub takes advantage of Wi-Fi Direct "Autonomous mode", which skips the GO negotiation phase of the connection setup. Surface Hub is always the Group Owner. |
+| If groups are dynamically established or the Wi-Fi Direct device can be made to join new groups, the group owner negotiation can be won by a malicious device that always specifies the maximum group owner "intent" value of 15. (But the connection fails if the device is configured to always be a group owner.) | Surface Hub takes advantage of Wi-Fi Direct "Autonomous mode," which skips the GO negotiation phase of connection setup. And Surface Hub is always the group owner. |
-**Unintended or malicious Wi-Fi deauthentication**: Wi-Fi deauthentication is an age-old attack that can be used by a physically local attacker to expedite information leaks against the connection setup process, trigger new four-way handshakes, target Wi-Fi Direct WPS-PBC for active attack, or create denial-of-service attacks.
+**Unintended or malicious Wi-Fi deauthentication:** Wi-Fi deauthentication is an old attack in which a local attacker can expedite information leaks in the connection-setup process, trigger new four-way handshakes, target Wi-Fi Direct WPS-PBC for active attacks, or create denial-of-service attacks.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| Deauthentication packets can be sent by an unauthenticated attacker to cause the station to re-authenticate and sniff the resulting handshake. Cryptographic or brute-force attacks can be attempted on the resulting handshake. Mitigations for these attack include: enforcing length and complexity policies for pre-shared keys; configuring the Access Point (if applicable) to detect malicious levels of deauthentication packets; and using WPS to automatically generate strong keys. In PBC mode the user is interacting with a physical or virtual button to allow arbitrary device association. This process should happen only at setup within a small window, once the button is automatically "pushed", the device will accept any station associating via a canonical PIN value (all zeros). Deauthentication can force a repeated setup process. | The current Surface Hub design uses WPS in PIN or PBC mode. No PSK configuration is permitted, helping enforce the generation of strong keys. It is recommended to enable WPS-PIN. |
-| Beyond denial-of-service attacks, deauthentication packets can also be used to trigger a reconnect which re-opens the window of opportunity for active attacks against WPS-PBC. | Enable WPS-PIN security within Surface Hub’s configuration. |
+| Deauthentication packets can be sent by an unauthenticated attacker to cause the station to re-authenticate then to sniff the resulting handshake. Cryptographic or brute-force attacks can be attempted on the resulting handshake. Mitigation for these attack includes enforcing length and complexity policies for pre-shared keys, configuring the access point (if applicable) to detect malicious levels of deauthentication packets, and using WPS to automatically generate strong keys. In PBC mode, the user interacts with a physical or virtual button to allow arbitrary device association. This process should happen only at setup, within a short window. After the button is automatically "pushed," the device will accept any station that associates via a canonical PIN value (all zeros). Deauthentication can force a repeated setup process. | Surface Hub uses WPS in PIN or PBC mode. No PSK configuration is permitted. This method helps enforce generation of strong keys. It's best to enable WPS-PIN security for Surface Hub. |
+| In addition to denial-of-service attacks, deauthentication packets can be used to trigger a reconnect that re-opens the window of opportunity for active attacks against WPS-PBC. | Enable WPS-PIN security in the Surface Hub configuration. |
-**Basic wireless information disclosure**: Wireless networks, 802.11 or otherwise, are inherently sources of information disclosure. Although the information is largely connection or device metadata, it remains an accepted risk for any 802.11 administrator. Wi-Fi Direct with device authentication via WPS-PIN effectively reveals the same information as a PSK or Enterprise 802.11 network.
+**Basic wireless information disclosure:** Wireless networks, 802.11 or otherwise, are inherently at risk of information disclosure. Although this information is mostly connection or device metadata, this problem remains a known risk for any 802.11 network administrator. Wi-Fi Direct with device authentication via WPS-PIN effectively reveals the same information as a PSK or Enterprise 802.11 network.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| During broadcast, connection setup, or even with already encrypted connections, basic information about the devices and packet sizes is wirelessly transmitted. At a basic level, a local attacker within wireless range can determine the names of wireless devices, the MAC addresses of communicating equipment, and possibly other details such as the version of the wireless stack, packet sizes, or the configured Access Point or Group Owner options by examining the relevant 802.11 Information Elements. | The Wi-Fi Direct network employed by Surface Hub cannot be further protected from metadata leaks, in the same way 802.11 Enterprise or PSK wireless networks also leak such metadata. Physical security and removing potential threats from the wireless proximity can be used to reduce any potential information leaks. |
+| During broadcast, connection setup, or even normal operation of already-encrypted connections, basic information about devices and packet sizes is wirelessly transmitted. At a basic level, a local attacker who's within wireless range can examine the relevant 802.11 information elements to determine the names of wireless devices, the MAC addresses of communicating equipment, and possibly other details, such as the version of the wireless stack, packet sizes, or the configured access point or group owner options. | The Wi-Fi Direct network that Surface Hub uses can't be further protected from metadata leaks, just like for 802.11 Enterprise or PSK wireless networks. Physical security and removal of potential threats from wireless proximity can help reduce potential information leaks. |
-**Wireless evil twin or spoofing attacks**: Spoofing the wireless name is a trivial and known exploit for a physically local attacker in order to lure unsuspecting or mistaken users to connect.
+**Wireless evil twin or spoofing attacks:** Spoofing the wireless name is a simple, well-known exploit a local attacker can use to lure unsuspecting or mistaken users to connect.
-| Wi-Fi Direct Vulnerability | Surface Hub Mitigation |
+| Wi-Fi Direct vulnerability | Surface Hub mitigation |
| --- | --- |
-| By spoofing or cloning the wireless name or "SSID" of the target network, an attacker may trick the user into connecting to fake malicious network. By supporting unauthenticated, auto-join Miracast an attacker could capture the intended display materials or attempt to perform network attacks on the connecting device. | While no specific protections against joining a spoofed Surface Hub are in place, this attack is partially mitigated in two ways. First, any potential attack must be physically within Wi-Fi range. Second, this attack is only possible during the very first connection. Subsequent connections use a persistent Wi-Fi Direct group and Windows will remember and prioritize this prior connection during future Hub use. (Note: Spoofing the MAC address, Wi-Fi channel and SSID simultaneously was not considered for this report and may result in inconsistent Wi-Fi behavior.) Overall this weakness is a fundamental problem for any 802.11 wireless network not using Enterprise WPA2 protocols such as EAP-TLS or EAP-PWD, which are not supported in Wi-Fi Direct. |
+| By spoofing or cloning the wireless name or "SSID" of the target network, an attacker may trick the user into connecting to a fake, malicious network. By supporting unauthenticated, auto-join Miracast, an attacker could capture the intended display materials or launch network attacks on the connecting device. | While there are no specific protections against joining a spoofed Surface Hub, this vulnerability is partially mitigated in two ways. First, any potential attack must be physically within Wi-Fi range. Second, this attack is only possible during the first connection. Subsequent connections use a persistent Wi-Fi Direct group, and Windows will remember and prioritize this prior connection during future Hub use. (Note: Spoofing the MAC address, Wi-Fi channel, and SSID simultaneously was not considered for this report and may result in inconsistent Wi-Fi behavior.) Overall, this weakness is a fundamental problem for any 802.11 wireless network that lacks Enterprise WPA2 protocols such as EAP-TLS or EAP-PWD, which Wi-Fi Direct doesn't support. |
## Surface Hub hardening guidelines
-Surface Hub is designed to facilitate collaboration and allow users to start or join meetings quickly and efficiently. As such, the default Wi-Fi Direct settings for Surface Hub are optimized for this scenario.
+Surface Hub is designed to facilitate collaboration and allow users to start or join meetings quickly and efficiently. The default Wi-Fi Direct settings for Surface Hub are optimized for this scenario.
-For users who require additional security around the wireless interface, we recommend Surface Hub users enable the WPS-PIN security setting. This disables WPS-PBC mode and offers client authentication, and provides the strongest level of protection by preventing any unauthorized connections to Surface Hub.
+For additional wireless interface security, Surface Hub users should enable the WPS-PIN security setting. This setting disables WPS-PBC mode and offers client authentication. It provides the strongest level of protection by preventing unauthorized connection to Surface Hub.
-If concerns remain around authentication and authorization of a Surface Hub, we recommend users connect the device to a separate network, either Wi-Fi (such as a "guest" Wi-Fi network) or using separate Ethernet network (preferably an entirely different physical network, but a VLAN can also provide some added security). Of course, this approach may preclude connections to internal network resources or services, and may require additional network configurations to regain access.
+If you still have concerns about authentication and authorization for Surface Hub, we recommend that you connect the device to a separate network. You could use Wi-Fi (such as a "guest" Wi-Fi network) or a separate Ethernet network, preferably an entirely different physical network. But a VLAN can also provide added security. Of course, this approach may preclude connections to internal network resources or services and may require additional network configuration to regain access.
-Also recommended:
-- [Install regular system updates.](manage-windows-updates-for-surface-hub.md)
-- Update the Miracast settings to disable auto-present mode.
+Also recommended:
+- [Install regular system updates](manage-windows-updates-for-surface-hub.md)
+- Update the Miracast settings to disable auto-present mode
## Learn more
@@ -116,7 +120,3 @@ Also recommended:
-
-
-
-
diff --git a/devices/surface-hub/surface-hub.yml b/devices/surface-hub/surface-hub.yml
index 0a9e948ca5..dac70e8f37 100644
--- a/devices/surface-hub/surface-hub.yml
+++ b/devices/surface-hub/surface-hub.yml
@@ -34,7 +34,7 @@ sections:
- type: markdown
text: "
Prepare to deploy Surface Hub in your organization. Explore site readiness, assembly, configuration, and Exchange and ActiveSync policies.
-
"
- title: Deploy
diff --git a/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
new file mode 100644
index 0000000000..7a30ff1e37
--- /dev/null
+++ b/devices/surface-hub/surfacehub-miracast-not-supported-europe-japan-israel.md
@@ -0,0 +1,23 @@
+---
+title: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
+description: Surface Hub Miracast channels 149-165 not supported in Europe, Japan, Israel
+ms.assetid: 8af3a832-0537-403b-823b-12eaa7a1af1f
+keywords:
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Summary
+
+In compliance with regional governmental regulations, all 5-GHz wireless devices in Europe, Japan, and Israel do not support the U-NII-3 band. In Surface Hub, the channels that are associated with U-NII-3 are 149 through 165. This includes Miracast connection on these channels. Therefore, Surface Hubs that are used in Europe, Japan, and Israel can't use channels 149 through 165 for Miracast connection.
+
+## More Information
+
+For more information see the [U-NII](https://en.wikipedia.org/wiki/U-NII) topic on Wikipedia.
+
+> [!NOTE]
+> Microsoft provides third-party contact information to help you find additional information about this topic. This information may change without notice. Microsoft does not guarantee the accuracy of third-party information.
\ No newline at end of file
diff --git a/devices/surface-hub/surfacehub-whats-new-1703.md b/devices/surface-hub/surfacehub-whats-new-1703.md
index 985b44c3cd..0626c4a0d7 100644
--- a/devices/surface-hub/surfacehub-whats-new-1703.md
+++ b/devices/surface-hub/surfacehub-whats-new-1703.md
@@ -1,12 +1,14 @@
---
-title: What's new in Windows 10, version 1703 for Surface Hub
+title: What's new in Windows 10, version 1703 for Surface Hub
description: Windows 10, version 1703 (Creators Update) brings new features to Microsoft Surface Hub.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 01/18/2018
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md
index a6158edff8..af6809a477 100644
--- a/devices/surface-hub/troubleshoot-surface-hub.md
+++ b/devices/surface-hub/troubleshoot-surface-hub.md
@@ -2,11 +2,13 @@
title: Troubleshoot Microsoft Surface Hub
description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+ms.reviewer:
+manager: dansimp
keywords: Troubleshoot common problems, setup issues, Exchange ActiveSync errors
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 03/16/2018
ms.localizationpriority: medium
diff --git a/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
new file mode 100644
index 0000000000..d03cfe3055
--- /dev/null
+++ b/devices/surface-hub/use-cloud-recovery-for-bitlocker-on-surfacehub.md
@@ -0,0 +1,77 @@
+---
+title: How to use cloud recovery for BitLocker on a Surface Hub
+description: How to use cloud recovery for BitLocker on a Surface Hub
+ms.assetid: c0bde23a-49de-40f3-a675-701e3576d44d
+keywords: Accessibility settings, Settings app, Ease of Access
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Summary
+
+This article describes how to use the cloud recovery function if you are unexpectedly prompted by BitLocker on a Surface Hub device.
+
+> [!NOTE]
+> You should follow these steps only if a BitLocker recovery key isn't available.
+
+> [!WARNING]
+> * This recovery process deletes the contents of the internal drive. If the process fails, the internal drive will become completely unusable. If this occurs, you will have to log a service request with Microsoft for a resolution.
+> * After the recovery process is complete, the device will be reset to the factory settings and returned to its Out of Box Experience state.
+> * After the recovery, the Surface Hub must be completely reconfigured.
+
+> [!IMPORTANT]
+> This process requires an open Internet connection that does not use a proxy or other authentication method.
+
+## Cloud recovery process
+
+To perform a cloud recovery, follow these steps:
+
+1. Select **Press Esc for more recovery options**.
+
+ 
+
+1. Select **Skip this drive**.
+
+ 
+
+1. Select **Recover from the cloud**.
+
+ 
+
+1. Select **Yes**.
+
+ 
+
+1. Select **Reinstall**.
+
+ 
+
+ 
+
+1. After the cloud recovery process is complete, start the reconfiguration by using the **Out of Box Experience**.
+
+ 
+
+## "Something went Wrong" error message
+
+This error is usually caused by network issues that occur during the recovery download. When this issue occurs, don't turn off the Hub because you won't be able to restart it. If you receive this error message, return to the "Recover from the cloud" step, and then restart the recovery process.
+
+1. Select **Cancel**.
+
+ 
+
+1. Select **Troubleshoot**.
+
+ 
+
+1. Select **Recover from the cloud**.
+
+ 
+
+1. If the **Wired network isn't found** error occurs, select **Cancel**, and then let the Surface Hub rediscover the wired network.
+
+ 
\ No newline at end of file
diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
index f64a9fbf5d..33233a023b 100644
--- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
+++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
@@ -1,11 +1,13 @@
---
-title: Use fully qualified doman name with Surface Hub
+title: Use fully qualified domain name with Surface Hub
description: Troubleshoot common problems, including setup issues, Exchange ActiveSync errors.
keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"]
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
ms.prod: surface-hub
ms.sitesec: library
@@ -23,7 +25,7 @@ There are a few scenarios where you need to specify the domain name of your Skyp
2. Click **Surface Hub**, and then click **Calling & Audio**.
3. Under **Skype for Business configuration**, click **Configure domain name**.
4. Type the domain name for your Skype for Business server, and then click **Ok**.
-> [!TIP]
-> You can type multiple domain names, separated by commas. For example: lync.com, outlook.com, lync.glbdns.microsoft.com
+ > [!TIP]
+ > You can type multiple domain names, separated by commas. For example: lync.com, outlook.com, lync.glbdns.microsoft.com
diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index 7c5fc0e5d9..cbc437e783 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -2,11 +2,13 @@
title: Using a room control system (Surface Hub)
description: Room control systems can be used with your Microsoft Surface Hub.
ms.assetid: DC365002-6B35-45C5-A2B8-3E1EB0CB8B50
+ms.reviewer:
+manager: dansimp
keywords: room control system, Surface Hub
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
@@ -31,7 +33,7 @@ To connect to a room control system control panel, you don't need to configure a
| Parity | none |
| Flow control | none |
| Line feed | every carriage return |
-
+
## Wiring diagram
@@ -53,7 +55,7 @@ The following command modifiers are available. Commands terminate with a new lin
| - | Decrease a value |
| = | Set a discrete value |
| ? | Queries for a current value |
-
+
## Power
@@ -74,7 +76,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
| 0 | S5 | Off |
| 5 | S0 | Ready |
-For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and reponses.
+For a control device, anything other than 5 / Ready should be considered off. Each PowerOn command results in two state changes and responses.
| Command | State change| Response |
| --- | --- | --- |
@@ -110,7 +112,7 @@ Changes to volume levels can be sent by a room control system, or other system.
| Volume- | SMC sends the volume down command.PC service notifies SMC of new volume level. | Volume = 50 |
-
+
## Mute for audio
@@ -121,7 +123,7 @@ Audio can be muted.
| AudioMute+ | SMC sends the audio mute command.PC service notifies SMC that audio is muted. | none |
-
+
## Video source
@@ -135,7 +137,7 @@ Several display sources can be used.
| 3 | VGA |
-
+
Changes to display source can be sent by a room control system, or other system.
@@ -158,7 +160,7 @@ Errors are returned following the format in this table.
| Error: Command not available when off '<input>'. | When the Surface Hub is off, commands other than Power return this error. For example, "Volume+" would be invalid and return " Error: Command not available when off 'Volume'". |
-
+
## Related topics
@@ -167,9 +169,9 @@ Errors are returned following the format in this table.
[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
-
+
-
+
diff --git a/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
new file mode 100644
index 0000000000..0e5600c12c
--- /dev/null
+++ b/devices/surface-hub/use-surface-hub-diagnostic-test-device-account.md
@@ -0,0 +1,135 @@
+---
+title: Using the Surface Hub Hardware Diagnostic Tool to test a device account
+description: Using the Surface Hub Hardware Diagnostic Tool to test a device account
+ms.assetid: a87b7d41-d0a7-4acc-bfa6-b9070f99bc9c
+keywords: Accessibility settings, Settings app, Ease of Access
+ms.prod: surface-hub
+ms.sitesec: library
+author: v-miegge
+ms.author: v-miegge
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Using the Surface Hub Hardware Diagnostic Tool to test a device account
+
+## Introduction
+
+> [!NOTE]
+> The "Account Settings" section of the Surface Hub Hardware Diagnostic tool doesn’t collect any information. The email and password that are entered as input are used only directly on your environment and not collected or transferred to anyone. The login information persists only until the application is closed or you end the current session on the Surface Hub.
+
+> [!IMPORTANT]
+> * Administrator privileges are not required to run this application.
+> * The results of the diagnostic should be discussed with your local administrator before you open a service call with Microsoft.
+
+### Surface Hub Hardware Diagnostic
+
+By default, the [Surface Hub Hardware Diagnostic](https://www.microsoft.com/store/apps/9nblggh51f2g) application isn’t installed in earlier versions of the Surface Hub system. The application is available for free from the Microsoft Store. Administrator privileges are required to install the application.
+
+ 
+
+## About the Surface Hub Hardware Diagnostic Tool
+
+The Surface Hub Hardware Diagnostic tool is an easy-to-navigate tool that lets the user test many of the hardware components within the Surface Hub device. This tool can also test and verify a Surface Hub device account. This article describes how to use the Account Settings test within the Surface Hub Hardware Diagnostic tool.
+
+> [!NOTE]
+> The device account for the Surface Hub should be created before any testing is done. The Surface Hub Administrator Guide provides instructions and PowerShell scripts to help you create on-premises, online (Office365), or hybrid device accounts. For more information, go to the [Create and test a device account (Surface Hub)](https://docs.microsoft.com/surface-hub/create-and-test-a-device-account-surface-hub) topic in the guide.
+
+### Device account testing process
+
+1. Navigate to **All Apps**, and then locate the Surface Hub Hardware Diagnostic application.
+
+ 
+
+1. When the application starts, the **Welcome** page provides a text window to document the reason why you are testing the Hub. This note can be saved to USB together with the diagnostic results at the conclusion of testing. After you finish entering a note, select the **Continue** button.
+
+ 
+
+1. The next screen provides you the option to test all or some of the Surface Hub components. To begin testing the device account, select the **Test Results** icon.
+
+ 
+
+ 
+
+1. Select **Account Settings**.
+
+ 
+
+ The Account Settings screen is used to test your device account.
+
+ 
+
+1. Enter the email address of your device account. The password is optional but is recommended. Select the **Test Account** button when you are ready to continue.
+
+ 
+
+1. After testing is finished, review the results for the four areas of testing. Each section can be expanded or collapsed by selecting the Plus or Minus sign next to each topic.
+
+ **Network**
+
+ 
+
+ **Environment**
+
+ 
+
+ **Certificates**
+
+ 
+
+ **Trust Model**
+
+ 
+
+## Appendix
+
+### Field messages and resolution
+
+#### Network
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+Internet Connectivity |Device does have Internet connectivity |Device does not have Internet connectivity |Verifies internet connectivity, including proxy connection |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
+HTTP Version |1.1 |1.0 |If HTTP 1.0 found, it will cause issue with WU and Store |
+Direct Internet Connectivity |Device has a Proxy configured Device has no Proxy configured |N/A |Informational. Is your device behind a proxy? |
+Proxy Address | | |If configured, returns proxy address. |
+Proxy Authentication |Proxy does not require Authentication |Proxy requires Proxy Auth |Result may be a false positive if a user already has an open session in Edge and has authenticated through the proxy. |[Configuring a proxy for your Surface Hub](https://blogs.technet.microsoft.com/y0av/2017/12/03/7/)
+Proxy Auth Types | | |If proxy authentication is used, return the Authentication methods advertised by the proxy. |
+
+#### Environment
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+SIP Domain | | |Informational. |
+Skype Environment |Skype for Business Online, Skype for Business OnPrem, Skype for Business Hybrid |Informational. |What type of environment was detected. Note: Hybrid can only be detected if the password is entered.
+LyncDiscover FQDN | | |Informational. Displays the LyncDiscover DNS result |
+LyncDiscover URI | | |Informational. Displays the URL used to perform a LyncDiscover on your environment.|
+LyncDiscover |Connection Successful |Connection Failed |Response from LyncDiscover web service. |
+SIP Pool Hostname | | |Informational. Display the SIP pool name discovered from LyncDiscover |
+
+#### Certificates (in-premises hybrid only)
+
+LyncDiscover Certificate
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+LyncDiscover Cert CN | | |Informational. Displays the LD cert Common name |
+LyncDiscover Cert CA | | |Informational. Displays the LD Cert CA |
+LyncDiscover Cert Root CA | | |Informational. Displays the LD Cert Root CA, if available. |
+LD Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store. Returns positive if the machine trusts the certificate.|[Download and deploy Skype for Business certificates using PowerShell](https://blogs.msdn.microsoft.com/surfacehub/2016/06/07/download-and-deploy-skype-for-business-certificates-using-powershell/)/[Supported items for Surface Hub provisioning packages](https://docs.microsoft.com/surface-hub/provisioning-packages-for-surface-hub#supported-items-for-surface-hub-provisioning-packages)
+
+SIP Pool Certification
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+SIP Pool Cert CN | | |(CONTENTS) |
+SIP Pool Cert CA | | |(CONTENTS) |
+SIP Pool Trust Status |Certificate is Trusted. |Certificate is not trusted, please add the Root CA. |Verify the certificate against the local cert store and return a positive if the devices trusts the certificate. |
+SIP Pool Cert Root CA | | |Information. Display the SIP Pool Cert Root CA, if available. |
+
+#### Trust Model (on-premises hybrid only)
+
+Field |Success |Failure |Comment |Reference
+|------|------|------|------|------|
+Trust Model Status |No Trust Model Issue Detected. |SIP Domain and server domain are different please add the following domains. |Check the LD FQDN/ LD Server Name/ Pool Server name for Trust model issue. |[Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/)
+Domain Name(s) | | |Return the list of domains that should be added for SFB to connect. |
diff --git a/devices/surface-hub/whiteboard-collaboration.md b/devices/surface-hub/whiteboard-collaboration.md
index 9a68506147..a6e9524cd2 100644
--- a/devices/surface-hub/whiteboard-collaboration.md
+++ b/devices/surface-hub/whiteboard-collaboration.md
@@ -1,69 +1,70 @@
---
-title: Set up and use Microsoft Whiteboard
+title: Set up and use Microsoft Whiteboard
description: Microsoft Whiteboard’s latest update includes the capability for two Surface Hubs to collaborate in real time on the same board.
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 03/18/2019
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
---
-# Set up and use Microsoft Whiteboard
+# Set up and use Microsoft Whiteboard
+The Microsoft Whiteboard app includes the capability for Surface Hubs and other devices to collaborate in real time on the same board.
+## Prerequisites
->[!IMPORTANT]
->A new Microsoft Whiteboard app was released on July 12, 2018. The existing Whiteboard app that comes installed on Surface Hub and is pinned to the Welcome screen has been renamed **Microsoft Whiteboard 2016**. Microsoft Whiteboard 2016 will be automatically upgraded by May 21, 2019, and the collaboration service for the legacy app will stop functioning after June 7, 2019. For more details, see [Enable Microsoft Whiteboard on Surface Hub](https://support.office.com/article/enable-microsoft-whiteboard-on-surface-hub-b5df4539-f735-42ff-b22a-0f5e21be7627?ui=en-US&rs=en-US&ad=US).
+To use whiteboard collaboration complete the following actions:
-The Microsoft Whiteboard app includes the capability for two Surface Hubs to collaborate in real time on the same board.
+- Add Whiteboard.ms, whiteboard.microsoft.com, and wbd.ms to your list of allowed sites.
+- Open port: **HTTPS: 443** (normally configured when you first run Surface Hub.)
-By ensuring that your organization meets the prerequisites, users can then ink, collaborate, and ideate together.
+## Office 365 requirements
-
+- Whiteboard collaboration is only supported in the Office 365 commercial environment and requires Office 365 with cloud-based Azure Active Directory (Azure AD).
+- You can only run collaborative sessions among users belonging to the same Office 365 tenant.
+- Office 365 Germany or Office 365 operated by 21Vianet do not support whiteboard collaboration.
-## Prerequisites for Whiteboard to Whiteboard collaboration (Microsoft Whiteboard 2016)
-
-To get Whiteboard to Whiteboard collaboration up and running, you’ll need to make sure your organization meets the following requirements:
-
-- Office 365 with cloud-based Azure Active Directory (Azure AD) for all users
-- OneDrive for Business deployed for all users who intend to collaborate
-- Currently not utilizing Office 365 Germany or Office 365 operated by 21Vianet
-- Surface Hub needs to be updated to Windows 10, version 1607 or newer
-- Port 443 needs to be open since Whiteboard makes standard https requests
-- Whiteboard.ms, wbd.ms, \*.onenote.com, and your company's SharePoint tenant domain URLs need to be whitelisted for proxies
-
-
->[!NOTE]
->Collaborative sessions can only take place between users within the same tenant, so users outside of your organization won’t be able to join even if they have a Surface Hub.
-
-## Using Whiteboard to Whiteboard collaboration (Microsoft Whiteboard 2016)
+## Collaborating with whiteboards
To start a collaboration session:
-1. In the Whiteboard app, tap the **Sign in** button.
-2. Sign in with your organization ID.
-3. Tap the **Invite** button next to your name at the top of the app.
-4. Tap **Start session**. Whiteboard will generate a link that you can share.
+1. In the Whiteboard app, tap the **Sign in** button.
+2. Sign in with your organization ID.
+3. Tap the **Invite** button next to your name at the top of the app.
+4. Write or type the names of the colleagues you wish to collaborate with.
- 
-
-5. Copy and paste this link into a Skype chat with another Surface Hub
+On the other device, such as a Surface Hub, when you are signed in, the shared board will now appear in the board gallery.
-When the other Surface Hub receives the link, the recipient can tap on the link, sign in to Whiteboard, and then begin collaborating. You can copy and paste other content, use smart ink features like Ink to Shape, and co-author together.
-
-After you’re done, you can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working.
-
->[!TIP]
->When you start a collaboration session, Whiteboard creates a folder named **Whiteboard App Data** in your OneDrive for Business to store your shared whiteboards. After some collaboration sessions, this folder may continue to sync or process changes indefinitely. You can fix this by choosing to not sync the **Whiteboard App Data** folder to your device. Disabling sync for this folder won't limit your ability to use Whiteboard for collaboration sessions.
+### User tips
+- Log in to access your whiteboards. As you work, changes are saved automatically.
+- Name your whiteboards to help organize your content and find it quickly. Select the … to open the menu. Select the **Options** gear icon to access more tools and features of the Whiteboard.
+- Use **Ink to shape** to turn drawing into actual shapes like circles, squares, and triangles.
+- Use **Ink to table** to turn a drawn grid into a table with rows and columns.
+- You can also change the background color and design from solid to grid or dots. Pick the background, then choose the color from the wheel around it.
+- You can export a copy of the Whiteboard collaboration for yourself through the Share charm and leave the board for others to continue working.
+> [!NOTE]
+> If you are using Whiteboard and cannot sign in, you can collaborate by joining a Teams or Skype for Business meeting, and then sharing your screen. After you’re done, tap **Settings** > **Export to email** or save a copy of the board. The SVG export provides higher resolution than PNG and can be opened in a web browser.
+## New features in Whiteboard
+The Microsoft Whiteboard app, updated for Surface Hub on July 1, 2019 includes a host of new features including:
+- **Automatic Saving** - Boards are saved to the cloud automatically when you sign in, and can be found in the board gallery.
+- **Extended collaboration across devices** - You can collaborate using new apps for Windows 10 PC and iOS, and a web version for other devices.
+- **Richer canvas** - In addition to ink and images, Whiteboard now includes sticky notes, text and GIFs, with more objects coming soon.
+- **Intelligence** – In addition to ink to shape and table, Whiteboard now includes ink beautification to improve handwriting and ink grab to convert images to ink.
+- **More color and background options** - Whiteboard now includes more pen colors and thickness options along with additional background colors and designs.
+- **Teams Integration** – You can automatically launch Whiteboard from a Teams meeting and share with participants (currently in preview).
## Related topics
- [Windows 10 Creators Update for Surface Hub](https://www.microsoft.com/surface/support/surface-hub/windows-10-creators-update-surface-hub)
-- [Support documentation for Microsoft Whiteboard](https://support.office.com/en-us/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
\ No newline at end of file
+
+- [Support documentation for Microsoft Whiteboard](https://support.office.com/article/Whiteboard-Help-0c0f2aa0-b1bb-491c-b814-fd22de4d7c01)
diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md
index 516ddeab67..0a314fe596 100644
--- a/devices/surface-hub/wireless-network-management-for-surface-hub.md
+++ b/devices/surface-hub/wireless-network-management-for-surface-hub.md
@@ -2,11 +2,13 @@
title: Wireless network management (Surface Hub)
description: Microsoft Surface Hub offers two options for network connectivity to your corporate network and Internet wireless, and wired. While both provide network access, we recommend you use a wired connection.
ms.assetid: D2CFB90B-FBAA-4532-B658-9AA33CAEA31D
+ms.reviewer:
+manager: dansimp
keywords: network connectivity, wired connection
ms.prod: surface-hub
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
ms.localizationpriority: medium
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index c83a77a2bd..53918a7ad5 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -1,39 +1,69 @@
# [Surface](index.md)
-## [Deploy Surface devices](deploy.md)
-### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+
+## [Get started](get-started.md)
+
+## Overview
+
+### [Surface Pro 7 for Business](https://www.microsoft.com/surface/business/surface-pro-7)
+### [Surface Pro X for Business](https://www.microsoft.com/surface/business/surface-pro-x)
+### [Surface Laptop 3 for Business](https://www.microsoft.com/surface/business/surface-laptop-3)
+### [Surface Book 2 for Business](https://www.microsoft.com/surface/business/surface-book-2)
+### [Surface Studio 2 for Business](https://www.microsoft.com/surface/business/surface-studio-2)
+### [Surface Go](https://www.microsoft.com/surface/business/surface-go)
+### [Secure, work-anywhere mobility with LTE Advanced](https://www.microsoft.com/surface/business/lte-laptops-and-tablets)
+
+## Plan
+
### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md)
-#### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
+### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
+### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
+### [Considerations for Surface and Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
+### [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md)
+### [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
+### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
+
+## Deploy
+
+### [Deploy Surface devices](deploy.md)
+### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
+### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
+### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
+### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
### [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md)
+### [Enable the Surface Laptop keyboard during MDT deployment](enable-surface-keyboard-for-windows-pe-deployment.md)
### [Upgrade Surface devices to Windows 10 with MDT](upgrade-surface-devices-to-windows-10-with-mdt.md)
### [Customize the OOBE for Surface deployments](customize-the-oobe-for-surface-deployments.md)
-### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
-### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
-#### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
-#### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
-### [Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
+### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
+### [Surface System SKU reference](surface-system-sku-reference.md)
+
+## Manage
+
+### [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
+### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md)
+### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
+### [Surface Dock Firmware Update](surface-dock-firmware-update.md)
### [Battery Limit setting](battery-limit.md)
### [Surface Brightness Control](microsoft-surface-brightness-control.md)
### [Surface Asset Tag](assettag.md)
-## [Surface firmware and driver updates](update.md)
-### [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
-### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
-### [Surface Dock Updater](surface-dock-updater.md)
-### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
-## [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md)
-## [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md)
-## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
-## [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
+
+
+## Secure
+### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
+### [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
-### [Surface System SKU reference](surface-system-sku-reference.md)
-## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
+### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)
-### [Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
-## [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
-### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
-### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
-## [Surface Data Eraser](microsoft-surface-data-eraser.md)
-## [Top support solutions for Surface devices](support-solutions-surface.md)
-## [Change history for Surface documentation](change-history-for-surface.md)
+### [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md)
+### [Surface Data Eraser](microsoft-surface-data-eraser.md)
+## Troubleshoot
+### [Top support solutions for Surface devices](support-solutions-surface.md)
+### [Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md)
+#### [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md)
+#### [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
+#### [Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
+### [Change history for Surface documentation](change-history-for-surface.md)
diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
index d9d67fc9ab..c677b56488 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
@@ -2,14 +2,16 @@
title: Advanced UEFI security features for Surface Pro 3 (Surface)
description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93
+ms.reviewer:
+manager: dansimp
keywords: security, features, configure, hardware, device, custom, script, update
ms.localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
---
diff --git a/devices/surface/advanced-uefi-security-features-for-surface.md b/devices/surface/advanced-uefi-security-features-for-surface.md
deleted file mode 100644
index 9c6edd4717..0000000000
--- a/devices/surface/advanced-uefi-security-features-for-surface.md
+++ /dev/null
@@ -1,3 +0,0 @@
----
-redirect_url: https://technet.microsoft.com/itpro/surface/advanced-uefi-security-features-for-surface-pro-3
----
\ No newline at end of file
diff --git a/devices/surface/assettag.md b/devices/surface/assettag.md
index 9771aacb0d..db6a63ad69 100644
--- a/devices/surface/assettag.md
+++ b/devices/surface/assettag.md
@@ -3,11 +3,14 @@ title: Surface Asset Tag Tool
description: This topic explains how to use the Surface Asset Tag Tool.
ms.prod: w10
ms.mktglfcycl: manage
+ms.localizationpriority: medium
ms.sitesec: library
-author: coveminer
-ms.author: v-jokai
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 02/01/2019
+ms.date: 10/21/2019
+ms.reviewer: hachidan
+manager: dansimp
---
# Surface Asset Tag Tool
@@ -18,19 +21,22 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices.
## System requirements
- - Surface Pro 3 or later
+- Surface Pro 3 or later
- - UEFI firmware version 3.9.150.0 or later
+- UEFI firmware version 3.9.150.0 or later
## Using Surface Asset Tag
To run Surface Asset Tag:
-1. On the Surface device, download **Surface Pro 3 AssetTag.zip** from the [Microsoft Download
- Center](http://www.microsoft.com/download/details.aspx?id=44076),
+1. On the Surface device, download **Surface Asset Tag.zip** from the [Microsoft Download
+ Center](https://www.microsoft.com/download/details.aspx?id=46703),
extract the zip file, and save AssetTag.exe in desired folder (in
this example, C:\\assets).
+ > [!NOTE]
+ > For Surface Pro X, use the application named **AssetTag_x86** in the ZIP file.
+
2. Open a command console as an Administrator and run AssetTag.exe,
entering the full path to the tool.
diff --git a/devices/surface/battery-limit.md b/devices/surface/battery-limit.md
index b1a34e4f19..c5d75cda00 100644
--- a/devices/surface/battery-limit.md
+++ b/devices/surface/battery-limit.md
@@ -5,21 +5,27 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: brecords
-ms.date: 10/02/2018
-ms.author: jdecker
+author: dansimp
+ms.date: 10/31/2019
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Battery Limit setting
Battery Limit option is a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity. This setting is recommended in cases in which the device is continuously connected to power, for example when devices are integrated into kiosk solutions.
-## Battery Limit information
+## How Battery Limit works
Setting the device on Battery Limit changes the protocol for charging the device battery. When Battery Limit is enabled, the battery charge will be limited to 50% of its maximum capacity. The charge level reported in Windows will reflect this limit. Therefore, it will show that the battery is charged up to 50% and will not charge beyond this limit. If you enable Battery Limit while the device is above 50% charge, the Battery icon will show that the device is plugged in but discharging until the device reaches 50% of its maximum charge capacity.
-Adding the Battery Limit option to Surface UEFI requires a [Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the Microsoft Download Center. Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device. Currently, Battery Limit is supported on a subset of Surface devices and will be available in the future on other Surface device models.
+## Supported devices
+The Battery Limit UEFI setting is built into the latest Surface devices including Surface Pro 7 and Surface Laptop 3. Earlier devices require a
+ [Surface UEFI firmware update](update.md), available through Windows Update or via the MSI driver and firmware packages on the [Surface Support site](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface). Check [Enable "Battery Limit" for Surface devices that have to be plugged in for extended periods of time](https://support.microsoft.com/help/4464941) for the specific Surface UEFI version required for each supported device.
## Enabling Battery Limit in Surface UEFI (Surface Pro 4 and later)
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index 271b1cc5e2..18fc041b85 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -1,23 +1,72 @@
---
title: Change history for Surface documentation (Windows 10)
+ms.reviewer:
+manager: dansimp
description: This topic lists new and updated topics in the Surface documentation library.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
---
# Change history for Surface documentation
This topic lists new and updated topics in the Surface documentation library.
+## January 2020
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)| Updated with the latest information and links to related articles.|
+
+
+## October 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)| New document explaining how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.|
+| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document highlighting key considerations for deploying, managing, and servicing Surface Pro X.|
+|Multiple topics| Updated with information on Surface Pro 7, Surface Pro X, and Surface Laptop 3.|
+
+## September 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Surface Dock Firmware Update](surface-dock-firmware-update.md)| New document for Microsoft Surface Dock Firmware Update, newly redesigned to update Surface Dock firmware while running in the background on your Surface device.|
+
+## August 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Optimizing wireless connectivity for Surface devices](surface-wireless-connect.md) | New document highlights key wireless connectivity considerations for Surface devices in mobile scenarios. |
+| [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Updated to reflect minor changes in the file naming convention for Surface MSI files. |
+
+
+## July 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Renamed to reflect focus on deployment guidance for IT professionals. Covers minor changes in Version 2.41.139.0. |
+
+
+
+## June 2019
+
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+|[Fix common Surface problems using the Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-for-business-intro.md) | New introductory page for the Surface Diagnostic Toolkit for Business. |
+| [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) |Updated with summary of recommendations for managing power settings and optimizing battery life. |
+
+
## March 2019
-New or changed topic | Description
---- | ---
-[Surface System SKU reference](surface-system-sku-reference.md) | New
+| **New or changed topic** | **Description** |
+| ------------------------ | --------------- |
+| [Surface System SKU reference](surface-system-sku-reference.md) | New |
## February 2019
@@ -33,14 +82,14 @@ New or changed topic | Description
--- | ---
[Surface Brightness Control](microsoft-surface-brightness-control.md) | New
[Maintain optimal power settings on Surface devices](maintain-optimal-power-settings-on-Surface-devices.md) | New
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Studio 2 |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Studio 2 |
## November 2018
New or changed topic | Description
--- | ---
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Pro 6 |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Pro 6 |
[Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | New
[Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) | New
[Run Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md) | New
@@ -50,7 +99,7 @@ New or changed topic | Description
New or changed topic | Description
--- | ---
[Battery Limit setting](battery-limit.md) | New
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface GO |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface GO |
## May 2018
@@ -63,7 +112,6 @@ New or changed topic | Description
|New or changed topic | Description |
| --- | --- |
-|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.12.136.0 information |
|[Microsoft Surface Data Eraser](microsoft-surface-data-eraser.md) | Added version 3.2.46.0 information |
## January 2018
@@ -79,13 +127,7 @@ New or changed topic | Description
|New or changed topic | Description |
| --- | --- |
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information |
-
-## November 2017
-
-|New or changed topic | Description |
-| --- | --- |
-|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.7.136.0 information |
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added Surface Book 2, Surface Laptop, Surface Pro, and Surface Pro with LTE Advanced information |
## October 2017
@@ -105,7 +147,6 @@ New or changed topic | Description
| --- | --- |
|[Surface Data Eraser](microsoft-surface-data-eraser.md) | Update compatible devices, added version 3.2.36 information |
|[Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md) | Added version 2.0.8.0 information |
-|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.1.15.0 information |
## April 2017
@@ -125,14 +166,14 @@ New or changed topic | Description
|New or changed topic | Description |
| --- | --- |
-|[Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)|
+|[Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md) | Added driver info for Surface Studio; updated info for Surface Book and Surface Pro 4 (Windows 10 .zip cumulative update), Surface Pro 3 (Windows8.1-KB2969817-x64.msu), and Surface 3 (UEFI Asset Tag management tool)|
## November 2016
|New or changed topic | Description |
| --- | --- |
|[Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | Added procedure for viewing certificate thumbprint. |
-|[Use System Center Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) | New |
+|[Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](use-system-center-configuration-manager-to-manage-devices-with-semm.md) | New |
@@ -140,7 +181,7 @@ New or changed topic | Description
| New or changed topic | Description |
| --- | --- |
-| [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | New |
+| [Considerations for Surface and Microsoft Endpoint Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | New |
| [Long-term servicing branch for Surface devices](ltsb-for-surface.md) | New |
diff --git a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
index 1160b8cacc..0b9915c4b0 100644
--- a/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
+++ b/devices/surface/considerations-for-surface-and-system-center-configuration-manager.md
@@ -1,36 +1,38 @@
---
-title: Considerations for Surface and System Center Configuration Manager (Surface)
+title: Considerations for Surface and Microsoft Endpoint Configuration Manager
description: The management and deployment of Surface devices with Configuration Manager is fundamentally the same as any other PC; this article describes scenarios that may require additional considerations.
keywords: manage, deployment, updates, driver, firmware
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 11/25/2019
+ms.reviewer:
+manager: dansimp
---
-# Considerations for Surface and System Center Configuration Manager
+# Considerations for Surface and Microsoft Endpoint Configuration Manager
-Fundamentally, management and deployment of Surface devices with System Center Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device.
+Fundamentally, management and deployment of Surface devices with Microsoft Endpoint Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client; to publish apps, settings, and policies, you use the same process as you would use for any other device.
-You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index).
+You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/sccm/index).
-Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios; the solutions documented in this article may apply to other devices and manufacturers as well.
+Although the deployment and management of Surface devices is fundamentally the same as any other PC, there are some scenarios that may require additional considerations or steps. This article provides descriptions and guidance for these scenarios. The solutions documented in this article may apply to other devices and manufacturers as well.
->[!NOTE]
->For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
+> [!NOTE]
+> For management of Surface devices it is recommended that you use the Current Branch of Microsoft Endpoint Configuration Manager.
## Updating Surface device drivers and firmware
-For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
+For devices that recieve updates through Windows Update, drivers for Surface components (and even firmware updates) are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS) or Configuration Manager, see [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates/).
-As .msi files, deployment of driver and firmware updates is performed in the same manner as deployment of an application. Instead of installing an application as would normally happen when an .msi file is run, the Surface driver and firmware .msi will apply the driver and firmware updates to the device. The single .msi file contains the driver and firmware updates required by each component of the Surface device. The updates for firmware are applied the next time the device reboots. You can read more about the .msi installation method for Surface drivers and firmware in [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates). For more information about how to deploy applications with Configuration Manager, see [Packages and programs in System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/packages-and-programs).
-
->[!NOTE]
->Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2 – for more information see [Can't import drivers into System Center Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
+> [!NOTE]
+> Surface device drivers and firmware are signed with SHA-256, which is not natively supported by Windows Server 2008 R2. A workaround is available for Configuration Manager environments running on Windows Server 2008 R2. For more information, see [Can't import drivers into Microsoft Endpoint Configuration Manager (KB3025419)](https://support.microsoft.com/kb/3025419).
## Surface Ethernet adapters and Configuration Manager deployment
@@ -38,9 +40,9 @@ The default mechanism that Configuration Manager uses to identify devices during
To ensure that Surface devices using the same Ethernet adapter are identified as unique devices during deployment, you can instruct Configuration Manager to identify devices using another method. This other method could be the MAC address of the wireless network adapter or the System Universal Unique Identifier (System UUID). You can specify that Configuration Manager use other identification methods with the following options:
-* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
+* Add an exclusion for the MAC addresses of Surface Ethernet adapters, which forces Configuration Manager to overlook the MAC address in preference of the System UUID, as documented in the [Reusing the same NIC for multiple PXE initiated deployments in SMicrosoft Endpoint Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
-* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
+* Prestage devices by System UUID as documented in the [Reusing the same NIC for multiple PXE initiated deployments in Microsoft Endpoint Configuration Manager OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd/) blog post.
* Use a script to identify a newly deployed Surface device by the MAC address of its wireless adapter, as documented in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://blogs.technet.microsoft.com/askpfeplat/2014/07/27/how-to-use-the-same-external-ethernet-adapter-for-multiple-sccm-osd/) blog post.
@@ -56,15 +58,15 @@ With the release of Microsoft Store for Business, Surface app is no longer avail
If your organization uses prestaged media to pre-load deployment resources on to machines prior to deployment with Configuration Manager, the nature of Surface devices as UEFI devices may require you to take additional steps. Specifically, a native UEFI environment requires that you create multiple partitions on the boot disk of the system. If you are following along with the [documentation for prestaged media](https://technet.microsoft.com/library/79465d90-4831-4872-96c2-2062d80f5583?f=255&MSPPError=-2147217396#BKMK_CreatePrestagedMedia), the instructions provide for only single partition boot disks and therefore will fail when applied to Surface devices.
-Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in System Center Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post.
+Instructions for applying prestaged media to UEFI devices, such as Surface devices, can be found in the [How to apply Task Sequence Prestaged Media on multi-partitioned disks for BIOS or UEFI PCs in Microsoft Endpoint Configuration Manager](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2014/04/02/how-to-apply-task-sequence-prestaged-media-on-multi-partitioned-disks-for-bios-or-uefi-pcs-in-system-center-configuration-manager/) blog post.
## Licensing conflicts with OEM Activation 3.0
Surface devices come preinstalled with a licensed copy of Windows. For example, Surface Pro 4 is preinstalled with Windows 10 Professional. The license key for this preinstalled copy of Windows is embedded in the firmware of the device with OEM Activation 3.0 (OA 3.0). When you run Windows installation media on a device with an OA 3.0 key, Windows setup automatically reads the license key and uses it to install and activate Windows. In most situations, this simplifies the reinstallation of Windows, because the user does not have to find or enter a license key.
-When you reimage a device by using Windows Enterprise, this embedded license key does not cause a conflict. This is because the installation media for Windows Enterprise is configured to install only an Enterprise edition of Windows and therefore is incompatible with the license key embedded in the system firmware. If a product key is not specified (such as when you intend to activate with Key Management Services (KMS) or Active Directory Based Activation), a Generic Volume License Key (GVLK) is used until Windows is activated by one of those technologies.
+When you reimage a device by using Windows Enterprise, this embedded license key does not cause a conflict. This is because the installation media for Windows Enterprise is configured to install only an Enterprise edition of Windows and therefore is incompatible with the license key embedded in the system firmware. If a product key is not specified (such as when you intend to activate with Key Management Services [KMS] or Active Directory Based Activation), a Generic Volume License Key (GVLK) is used until Windows is activated by one of those technologies.
-However, issues may arise when organizations intend to use versions of Windows that are compatible with the firmware embedded key. For example, an organization that wants to install Windows 10 Professional on a Surface 3 device that originally shipped with Windows 10 Home edition may encounter difficulty when Windows setup automatically reads the Home edition key during installation and installs as Home edition rather than Professional. To avoid this conflict, you can use the Ei.cfg or Pid.txt file (see [Windows Setup Edition Configuration and Product ID Files](https://technet.microsoft.com/library/hh824952.aspx)) to explicitly instruct Windows setup to prompt for a product key, or you can enter a specific product key in the deployment task sequence. If you do not have a specific key, you can use the default product keys for Windows, which you can find in [Customize and deploy a Windows 10 operating system](https://dpcenter.microsoft.com/en/Windows/Build/cp-Windows-10-build) on the Device Partner Center.
+However, issues may arise when organizations intend to use versions of Windows that are compatible with the firmware embedded key. For example, an organization that wants to install Windows 10 Professional on a Surface 3 device that originally shipped with Windows 10 Home edition may encounter difficulty when Windows setup automatically reads the Home edition key during installation and installs as Home edition rather than Professional. To avoid this conflict, you can use the Ei.cfg or Pid.txt file to explicitly instruct Windows setup to prompt for a product key, or you can enter a specific product key in the deployment task sequence. For more information, see [Windows Setup Edition Configuration and Product ID Files](https://technet.microsoft.com/library/hh824952.aspx). If you do not have a specific key, you can use the default product keys for Windows, which you can find in [Customize and deploy a Windows 10 operating system](https://dpcenter.microsoft.com/en/Windows/Build/cp-Windows-10-build) on the Device Partner Center.
## Apply an asset tag during deployment
diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md
index 4218ee9ba8..46c321367b 100644
--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@@ -2,22 +2,24 @@
title: Customize the OOBE for Surface deployments (Surface)
description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.
ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87
+ms.reviewer:
+manager: dansimp
keywords: deploy, customize, automate, network, Pen, pair, boot
ms.localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.audience: itpro
+ms.date: 10/21/2019
---
# Customize the OOBE for Surface deployments
-
-This article walks you through the process of customizing the Surface out-of-box experience for end users in your organization.
+This article describes customizing the Surface out-of-box experience for end users in your organization.
It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE.
@@ -26,10 +28,13 @@ It is common practice in a Windows deployment to customize the user experience f
In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.
+> [!NOTE]
+> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image).
>[!NOTE]
->Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
+>Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or Microsoft Endpoint Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
>- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
>- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
@@ -55,7 +60,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
- %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png
>[!NOTE]
->You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4.
+>You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 7 to deploy to Surface Pro 7, and the files from Surface Book 2 to deploy Surface Book 2, but you should not use the files from a Surface Pro 7 to deploy Surface Book or Surface Pro 6.
diff --git a/devices/surface/deploy-surface-app-with-windows-store-for-business.md b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
index 491ca43c11..a03f6e46fa 100644
--- a/devices/surface/deploy-surface-app-with-windows-store-for-business.md
+++ b/devices/surface/deploy-surface-app-with-windows-store-for-business.md
@@ -6,21 +6,38 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, store
ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 09/21/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer:
+manager: dansimp
---
-#Deploy Surface app with Microsoft Store for Business and Education
+# Deploy Surface app with Microsoft Store for Business and Education
**Applies to**
-* Surface Pro 4
-* Surface Book
-* Surface 3
->[!NOTE]
->The Surface app ships in Surface Studio.
+- Surface Pro 7
+- Surface Laptop 3
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+
The Surface app is a lightweight Microsoft Store app that provides control of many Surface-specific settings and options, including:
@@ -32,15 +49,18 @@ The Surface app is a lightweight Microsoft Store app that provides control of ma
* Enable or disable Surface audio enhancements
-* Quick access to support documentation and information for your device
+* Quick access to support documentation and information for your device
-If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business.
+Customers using Windows Update will ordinarily receive Surface app as part of automatic updates. But if your organization is preparing images for deployment to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business.
-##Surface app overview
+> [!NOTE]
+> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
+## Surface app overview
The Surface app is available as a free download from the [Microsoft Store](https://www.microsoft.com/store/apps/Surface/9WZDNCRFJB8P). Users can download and install it from the Microsoft Store, but if your organization uses Microsoft Store for Business instead, you will need to add it to your store’s inventory and possibly include the app as part of your Windows deployment process. These processes are discussed throughout this article. For more information about Microsoft Store for Business, see [Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/) in the Windows TechCenter.
-##Add Surface app to a Microsoft Store for Business account
+## Add Surface app to a Microsoft Store for Business account
Before users can install or deploy an app from a company’s Microsoft Store for Business account, the desired app(s) must first be made available and licensed to the users of a business.
@@ -52,7 +72,7 @@ Before users can install or deploy an app from a company’s Microsoft Store for
*Figure 1. Enable apps for offline use*
-4. Add Surface app to your Microsoft Store for Business account by following this procedure:
+4. Add Surface app to your Microsoft Store for Business account by following this procedure:
* Click the **Shop** menu.
* In the search box, type **Surface app**, and then click the search icon.
* After the Surface app is presented in the search results, click the app’s icon.
@@ -70,18 +90,18 @@ Before users can install or deploy an app from a company’s Microsoft Store for
*Figure 3. Offline-licensed app acknowledgement*
* Click **OK**.
-##Download Surface app from a Microsoft Store for Business account
+## Download Surface app from a Microsoft Store for Business account
After you add an app to the Microsoft Store for Business account in Offline mode, you can download and add the app as an AppxBundle to a deployment share.
1. Log on to the Microsoft Store for Business account at https://businessstore.microsoft.com.
2. Click **Manage->Apps & software**. A list of all of your company’s apps is displayed, including the Surface app you added in the [Add Surface app to a Microsoft Store for Business account](#add-surface-app-to-a-microsoft-store-for-business-account) section of this article.
3. Under **Actions**, click the ellipsis (**…**), and then click **Download for offline use** for the Surface app.
4. Select the desired **Platform** and **Architecture** options from the available selections for the selected app, as shown in Figure 4.
- 
+ 
*Figure 4. Download the AppxBundle package for an app*
5. Click **Download**. The AppxBundle package will be downloaded. Make sure you note the path of the downloaded file because you’ll need that later in this article.
-6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like System Center Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT).
+6. Click either the **Encoded license** or **Unencoded license** option. Use the Encoded license option with management tools like Microsoft Endpoint Configuration Manager or when you use Windows Configuration Designer to create a provisioning package. Select the Unencoded license option when you use Deployment Image Servicing and Management (DISM) or deployment solutions based on imaging, including the Microsoft Deployment Toolkit (MDT).
7. Click **Generate** to generate and download the license for the app. Make sure you note the path of the license file because you’ll need that later in this article.
>[!NOTE]
@@ -89,7 +109,7 @@ After you add an app to the Microsoft Store for Business account in Offline mode
Figure 5 shows the required frameworks for the Surface app.
-
+
*Figure 5. Required frameworks for the Surface app*
@@ -97,21 +117,21 @@ Figure 5 shows the required frameworks for the Surface app.
>The version numbers of the Surface app and required frameworks will change as the apps are updated. Check for the latest version of Surface app and each framework in Microsoft Store for Business. Always use the Surface app and recommended framework versions as provided by Microsoft Store for Business. Using outdated frameworks or the incorrect versions may result in errors or application crashes.
To download the required frameworks for the Surface app, follow these steps:
-1. Click the **Download** button under **Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
-2. Click the **Download** button under **Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
+1. Click the **Download** button under **Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
+2. Click the **Download** button under **Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe**. This downloads the Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx file to your specified folder.
>[!NOTE]
>Only the 64-bit (x64) version of each framework is required for Surface devices. Surface devices are native 64-bit UEFI devices and are not compatible with 32-bit (x86) versions of Windows that would require 32-bit frameworks.
-##Install Surface app on your computer with PowerShell
+## Install Surface app on your computer with PowerShell
The following procedure provisions the Surface app onto your computer and makes it available for any user accounts created on the computer afterwards.
-1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
-2. Begin an elevated PowerShell session.
+1. Using the procedure described in the [How to download Surface app from a Microsoft Store for Business account](#download-surface-app-from-a-microsoft-store-for-business-account) section of this article, download the Surface app AppxBundle and license file.
+2. Begin an elevated PowerShell session.
>[!NOTE]
>If you don’t run PowerShell as an Administrator, the session won’t have the required permissions to install the app.
-3. In the elevated PowerShell session, copy and paste the following command:
+3. In the elevated PowerShell session, copy and paste the following command:
```
Add-AppxProvisionedPackage –Online –PackagePath \ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath \ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml
```
@@ -123,44 +143,44 @@ The following procedure provisions the Surface app onto your computer and makes
Add-AppxProvisionedPackage –Online –PackagePath c:\Temp\ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle –LicensePath c:\Temp\ Microsoft.SurfaceHub_8wekyb3d8bbwe_a53ef8ab-9dbd-dec1-46c5-7b664d4dd003.xml
```
-4. The Surface app will now be available on your current Windows computer.
+4. The Surface app will now be available on your current Windows computer.
Before the Surface app is functional on the computer where it has been provisioned, you must also provision the frameworks described earlier in this article. To provision these frameworks, use the following procedure in the elevated PowerShell session you used to provision the Surface app.
-5. In the elevated PowerShell session, copy and paste the following command:
-```
- Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
-```
-6. In the elevated PowerShell session, copy and paste the following command:
- ```
- Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx
- ```
+5. In the elevated PowerShell session, copy and paste the following command:
+ ```
+ Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.VCLibs.140.00_14.0.23816.0_x64__8wekyb3d8bbwe.Appx
+ ```
+6. In the elevated PowerShell session, copy and paste the following command:
+ ```
+ Add-AppxProvisionedPackage –Online –SkipLicense –PackagePath \Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe.Appx
+ ```
-##Install Surface app with MDT
+## Install Surface app with MDT
The following procedure uses MDT to automate installation of the Surface app at the time of deployment. The application is provisioned automatically by MDT during deployment and thus you can use this process with existing images. This is the recommended process to deploy the Surface app as part of a Windows deployment to Surface devices because it does not reduce the cross platform compatibility of the Windows image.
-1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file.
-2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
-3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:
+1. Using the procedure described [earlier in this article](#download-surface-app-from-a-microsoft-store-for-business-account), download the Surface app AppxBundle and license file.
+2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
+3. On the **Command Details** page of the New Application Wizard, specify the default **Working Directory** and for the **Command** specify the file name of the AppxBundle, as follows:
- * Command:
- ```
- Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle
- ```
- * Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
+ * Command:
+ ```
+ Microsoft.SurfaceHub_10.0.342.0_neutral_~_8wekyb3d8bbwe.AppxBundle
+ ```
+ * Working Directory: %DEPLOYROOT%\Applications\SurfaceApp
For the Surface app to function on the target computer, it will also require the frameworks described earlier in this article. Use the following procedure to import the frameworks required for the Surface app into MDT and to configure them as dependencies.
-1. Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder.
-2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
-3. On the **Command Details** page, type the file name of each application you downloaded in the **Command** field and the default Working Directory.
+1. Using the procedure described earlier in this article, download the framework files. Store each framework in a separate folder.
+2. Using the New Application Wizard in the MDT Deployment Workbench, import the downloaded files as a new **Application with source files**.
+3. On the **Command Details** page, type the file name of each application you downloaded in the **Command** field and the default Working Directory.
To configure the frameworks as dependencies of the Surface app, use this process:
-1. Open the properties of the Surface app in the MDT Deployment Workbench.
-2. Click the **Dependencies** tab, and then click **Add**.
-3. Select the check box for each framework using the name you provided in the New Application Wizard.
+1. Open the properties of the Surface app in the MDT Deployment Workbench.
+2. Click the **Dependencies** tab, and then click **Add**.
+3. Select the check box for each framework using the name you provided in the New Application Wizard.
After import, the Surface app will be available for selection in the **Applications** step of the Windows Deployment Wizard. You can also install the application automatically by specifying the application in the deployment task sequence by following this process:
-1. Open your deployment task sequence in the MDT Deployment Workbench.
-2. Add a new **Install Application** task in the **State Restore** section of deployment.
-3. Select **Install a single application** and specify the **Surface App** as the **Application to be installed**.
+1. Open your deployment task sequence in the MDT Deployment Workbench.
+2. Add a new **Install Application** task in the **State Restore** section of deployment.
+3. Select **Install a single application** and specify the **Surface App** as the **Application to be installed**.
For more information about including apps into your Windows deployments, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit).
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
deleted file mode 100644
index d0e16a8292..0000000000
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ /dev/null
@@ -1,71 +0,0 @@
----
-title: Download the latest firmware and drivers for Surface devices (Surface)
-description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
-ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
-keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
-ms.localizationpriority: medium
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: brecords
-ms.date: 11/15/2018
-ms.author: jdecker
-ms.topic: article
----
-
-# Deploying the latest firmware and drivers for Surface devices
-Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment.
-
-## Downloading MSI files
-To download MSI files, refer to the following Microsoft Support page:
-
-- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware-for-surface)
-Installation files for administrative tools, drivers for accessories, and updates for Windows are also available for some devices.
-
-## Deploying MSI files
-Driver and firmware updates for Surface devices containing all required cumulative updates are packaged in separate MSI files for specific versions of Windows 10.
-In the name of each of these files you will find a Windows build number, this number indicates the minimum supported build required to install the drivers and firmware contained within. Refer to [Windows 10 release information](https://docs.microsoft.com/windows/windows-10/release-information) for a list of the build numbers for each version. For example, to install the drivers contained in SurfacePro6_Win10_16299_1900307_0.msi file you must have Windows 10 Fall Creators Update version 1709, or newer installed on your Surface Pro 6.
-
-
-### Surface MSI naming convention
-Each .MSI file is named in accordance with a formula that begins with the product and Windows release information, followed by the Windows build number and version number, and ending with the revision of version number. SurfacePro6_Win10_16299_1900307_0.msi is classified as follows:
-
-**Example:**
-SurfacePro6_Win10_16299_1900307_0.msi :
-
-| Product | Windows release | Build | Version | Revision of version |
-| --- | --- | --- | --- | --- |
-| SurfacePro6 | Win10 | 16299 | 1900307 | 0 |
-| | | | Indicates key date and sequence information | Indicates release history of the MSI file |
-| | | | **19:** Signifies the year (2019) **003**: Signifies that it’s the third release of 2019 **07**: Signifies the product version number. (Surface Pro 6 is officially the seventh version of Surface Pro.) | **0:** Signifies it's the first release of version 1900307 and has not been re-released for any reason. |
-
-Look to the **version** number to determine the latest files that contain the most recent security updates. For example, you might need to install the newest file from the following list:
-
-
-- SurfacePro6_Win10_16299_1900307_0.msi
-- SurfacePro6_Win10_17134_1808507_3.msi
-- SurfacePro6_Win10_17763_1808707_3.msi
-
-The first file — SurfacePro6_Win10_16299_1900307_0.msi — is the newest because its VERSION field has the newest build in 2019; the other files are from 2018.
-
-## Supported devices
-Downloadable MSI files are available for Surface devices from Surface Pro 2 and later.
-
-
-[!NOTE]
-There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update.
-
-For more information about deploying Surface drivers and firmware, refer to:
-
-- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates).
-
-- [Microsoft Surface support for business](https://www.microsoft.com/surface/support/business).
-
-
-
-
-
-
-
-
diff --git a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
index 1f84f574f3..61fc8352df 100644
--- a/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
+++ b/devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md
@@ -6,22 +6,34 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface
ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 01/15/2020
+ms.reviewer:
+manager: dansimp
---
# Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit
**Applies to**
-- Surface Studio
-* Surface Pro 4
-* Surface Book
-* Surface 3
-* Windows 10
-This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
+- Surface Studio and later
+- Surface Pro 4 and later
+- Surface Book and later
+- Surface Laptop and later
+- Surface Go
+- Surface 3
+- Windows 10
+
+This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app.
+
+> [!NOTE]
+> MDT is not currently supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
+When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
By following the procedures in this article, you can create an up-to-date reference image and deploy this image to your Surface devices, a process known as *reimaging*. Reimaging will erase and overwrite the existing environment on your Surface devices. This process allows you to rapidly configure your Surface devices with identical environments that can be configured to precisely fit your organization’s requirements.
@@ -53,7 +65,7 @@ Before you can perform a deployment with MDT, you must first supply a set of ope
>[!NOTE]
->The installation media generated from the [Get Windows 10](https://www.microsoft.com/en-us/software-download/windows10/) page differs from physical media or media downloaded from the VLSC, in that it contains an image file in Electronic Software Download (ESD) format rather than in the Windows Imaging (WIM) format. Installation media with an image file in WIM format is required for use with MDT. Installation media from the Get Windows 10 page cannot be used for Windows deployment with MDT.
+>The installation media generated from the [Get Windows 10](https://www.microsoft.com/software-download/windows10/) page differs from physical media or media downloaded from the VLSC, in that it contains an image file in Electronic Software Download (ESD) format rather than in the Windows Imaging (WIM) format. Installation media with an image file in WIM format is required for use with MDT. Installation media from the Get Windows 10 page cannot be used for Windows deployment with MDT.
#### Windows Server
@@ -62,7 +74,7 @@ Although MDT can be installed on a Windows client, to take full advantage of Win
>[!NOTE]
->To evaluate the deployment process for Surface devices or to test the deployment process described in this article with the upcoming release of Windows Server 2016, you can download evaluation and preview versions from the [TechNet Evaluation Center](https://www.microsoft.com/en-us/evalcenter).
+>To evaluate the deployment process for Surface devices or to test the deployment process described in this article with the upcoming release of Windows Server 2016, you can download evaluation and preview versions from the [TechNet Evaluation Center](https://www.microsoft.com/evalcenter).
#### Windows Deployment Services
@@ -80,17 +92,14 @@ Because customizations are performed by MDT at the time of deployment, the goal
>[!NOTE]
->Hyper-V is available not only on Windows Server, but also on Windows clients, including Professional and Enterprise editions of Windows 8, Windows 8.1, and Windows 10. Find out more at [Client Hyper-V on Windows 10](https://msdn.microsoft.com/virtualization/hyperv_on_windows/windows_welcome) and [Client Hyper-V on Windows 8 and Windows 8.1](https://technet.microsoft.com/library/hh857623) in the TechNet Library. Hyper-V is also available as a standalone product, Microsoft Hyper-V Server, at no cost. You can download [Microsoft Hyper-V Server 2012 R2](https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2012-r2) or [Microsoft Hyper-V Server 2016 Technical Preview](https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-technical-preview) from the TechNet Evaluation Center.
+>Hyper-V is available not only on Windows Server, but also on Windows clients, including Professional and Enterprise editions of Windows 8, Windows 8.1, and Windows 10. Find out more at [Client Hyper-V on Windows 10](https://msdn.microsoft.com/virtualization/hyperv_on_windows/windows_welcome) and [Client Hyper-V on Windows 8 and Windows 8.1](https://technet.microsoft.com/library/hh857623) in the TechNet Library. Hyper-V is also available as a standalone product, Microsoft Hyper-V Server, at no cost. You can download [Microsoft Hyper-V Server 2012 R2](https://www.microsoft.com/evalcenter/evaluate-hyper-v-server-2012-r2) or [Microsoft Hyper-V Server 2016 Technical Preview](https://www.microsoft.com/evalcenter/evaluate-hyper-v-server-technical-preview) from the TechNet Evaluation Center.
#### Surface firmware and drivers
For your deployed Windows environment to function correctly on your Surface devices, you will need to install the drivers used by Windows to communicate with the components of your device. These drivers are available for download in the Microsoft Download Center for each Surface device. You can find the correct Microsoft Download Center page for your device at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
-When you browse to the specific Microsoft Download Center page for your device, you will notice that there are two files available for download. One file is a Windows Installer (.msi) file. This file is used to update drivers on devices that are already running Windows or that have device management solutions. The other file is an archive (.zip) file. This file contains the individual driver files that are used during deployment, or for manual installation with Device Manager. The file that you will need to download is the .zip archive file. You can read more about the difference between the firmware and driver pack file types at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
-
-
-In addition to the driver files that help Windows communicate with the hardware components of the Surface device, the .zip file you download will also contain firmware updates. These firmware updates will update the instructions used by the device hardware to communicate between components and Windows. The firmware of Surface device components is updated by installation of specific driver files and thus is installed along with the other drivers during deployment. The firmware of an out-of-date Surface device is thus updated when the device reboots during and after the Windows deployment process.
+When you browse to the specific Microsoft Download Center page for your device, you will find a Windows Installer (.msi) file. This file is used to update drivers on devices that are already running Windows or that have device management solutions. Firmware updates maintain the instructions used by the device hardware to communicate between components and Windows. The firmware of Surface device components is updated by installation of specific driver files and thus is installed along with the other drivers during deployment. For more information, see [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
>[!NOTE]
>Beginning in Windows 10, the drivers for Surface devices are included in the Windows Preinstallation Environment (WinPE). In earlier versions of Windows, specific drivers (like network drivers) had to be imported and configured in MDT for use in WinPE to successfully deploy to Surface devices.
@@ -119,13 +128,13 @@ To boot from the network with either your reference virtual machines or your Sur
Windows Deployment Services (WDS) is a Windows Server role. To add the WDS role to a Windows Server 2012 R2 environment, use the Add Roles and Features Wizard, as shown in Figure 1. Start the Add Roles and Features Wizard from the **Manage** button of **Server Manager**. Install both the Deployment Server and Transport Server role services.
-
+
*Figure 1. Install the Windows Deployment Services server role*
After the WDS role is installed, you need to configure WDS. You can begin the configuration process from the WDS node of Server Manager by right-clicking your server’s name and then clicking **Windows Deployment Services Management Console**. In the **Windows Deployment Services** window, expand the **Servers** node to find your server, right-click your server, and then click **Configure** in the menu to start the Windows Deployment Services Configuration Wizard, as shown in Figure 2.
-
+
*Figure 2. Configure PXE response for Windows Deployment Services*
@@ -146,7 +155,7 @@ To install Windows ADK, run the Adksetup.exe file that you downloaded from [Down
When you get to the **Select the features you want to install** page, you only need to select the **Deployment Tools** and **Windows Preinstallation Environment (Windows PE)** check boxes to deploy Windows 10 using MDT, as shown in Figure 3.
-
+
*Figure 3. Only Deployment Tools and Windows PE options are required for deployment with MDT*
@@ -176,24 +185,24 @@ To create the deployment share, follow these steps:
1. Open the Deployment Workbench from your Start menu or Start screen, as shown in Figure 5.
- 
+ 
*Figure 5. The MDT Deployment Workbench*
2. Right-click the **Deployment Shares** folder, and then click **New Deployment Share** to start the New Deployment Share Wizard, as shown in Figure 6.
- 
+ 
*Figure 6. The Summary page of the New Deployment Share Wizard*
3. Create a new deployment share with New Deployment Share Wizard with the following steps:
- * **Path** – Specify a local folder where the deployment share will reside, and then click **Next**.
+ * **Path** – Specify a local folder where the deployment share will reside, and then click **Next**.
>[!NOTE]
>Like the WDS remote installation folder, it is recommended that you put this folder on an NTFS volume that is not your system volume.
- * **Share** – Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
+ * **Share** – Specify a name for the network share under which the local folder specified on the **Path** page will be shared, and then click **Next**.
>[!NOTE]
>The share name cannot contain spaces.
@@ -201,11 +210,11 @@ To create the deployment share, follow these steps:
>[!NOTE]
>You can use a Dollar Sign (**$**) to hide your network share so that it will not be displayed when users browse the available network shares on the server in File Explorer.
- * **Descriptive Name** – Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
- * **Options** – You can accept the default options on this page. Click **Next**.
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
- * **Progress** – While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
- * **Confirmation** – When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
+ * **Descriptive Name** – Enter a descriptive name for the network share (this descriptive name can contain spaces), and then click **Next**. The descriptive name will be the name of the folder as it appears in the Deployment Workbench.
+ * **Options** – You can accept the default options on this page. Click **Next**.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the deployment share.
+ * **Progress** – While the deployment share is being created, a progress bar is displayed on this page to indicate the status of the deployment share creation process.
+ * **Confirmation** – When the deployment share creation process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Deployment Share Wizard.
4. When the New Deployment Share Wizard is complete, you can expand the Deployment Shares folder to find your newly created deployment share.
5. You can expand your deployment share, where you will find several folders for the resources, scripts, and components of your MDT deployment environment are stored.
@@ -222,36 +231,36 @@ You now have an empty deployment share that is ready for you to add the resource
The first resources that are required to perform a deployment of Windows are the installation files from Windows 10 installation media. Even if you have an already prepared reference image, you still need to supply the unaltered installation files from your installation media. The source of these files can be a physical disk, or it can be an ISO file like the download from the Volume Licensing Service Center (VLSC).
>[!NOTE]
->A 64-bit operating system is required for compatibility with Surface Studio, Surface Pro 4, Surface Book, Surface Pro 3, and Surface 3.
+>A 64-bit operating system is required for compatibility with Surface devices except Surface Pro X which cannot be managed with MDT.
To import Windows 10 installation files, follow these steps:
1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench, and then click **New Folder** to open the **New Folder** page, as shown in Figure 7.
- 
+ 
*Figure 7. Create a new folder on the New Folder page*
2. On the **New Folder** page a series of steps is displayed, as follows:
- * **General Settings** – Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
- * **Summary** – Review the specified configuration of the new folder on this page, and then click **Next**.
- * **Progress** – A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
- * **Confirmation** – When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
+ * **General Settings** – Enter a name for the folder in the **Folder Name** field (for example, Windows 10 Enterprise), add any comments you want in the **Comments** field, and then click **Next**.
+ * **Summary** – Review the specified configuration of the new folder on this page, and then click **Next**.
+ * **Progress** – A progress bar will be displayed on this page while the folder is created. This page will likely pass very quickly.
+ * **Confirmation** – When the new folder has been created, a **Confirmation** page displays the success of the operation. Click **Finish** to close the **New Folder** page.
3. Expand the Operating Systems folder to see the newly created folder.
4. Right-click the newly created folder, and then click **Import Operating System** to launch the Import Operating System Wizard, as shown in Figure 8.
- 
+ 
*Figure 8. Import source files with the Import Operating System Wizard*
5. The Import Operating System Wizard walks you through the import of your operating system files, as follows:
- * **OS Type** – Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
- * **Source** – Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
- * **Destination** – Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
- * **Confirmation** – When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
-6. Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
+ * **OS Type** – Click **Full Set of Source Files** to specify that you are importing the Windows source files from installation media, and then click **Next**.
+ * **Source** – Click **Browse**, move to and select the folder or drive where your installation files are found, and then click **Next**.
+ * **Destination** – Enter a name for the new folder that will be created to hold the installation files, and then click **Next**.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+ * **Confirmation** – When the operating system import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Operating System Wizard.
+6. Expand the folder you created in Step 1 to see the entry for your newly imported installation files for Windows 10.
Now that you’ve imported the installation files from the installation media, you have the files that MDT needs to create the reference image and you are ready to instruct MDT how to create the reference image to your specifications.
@@ -266,35 +275,35 @@ To create the reference image task sequence, follow these steps:
1. Right-click the **Task Sequences** folder under your deployment share in the Deployment Workbench, and then click **New Task Sequence** to start the New Task Sequence Wizard, as shown in Figure 9.
- 
+ 
*Figure 9. Create a new task sequence to deploy and update a Windows 10 reference environment*
2. The New Task Sequence Wizard presents a series of steps, as follows:
- * **General Settings** – Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
- >[!NOTE]
- >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
- * **Select Template** – Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
- * **Select OS** – Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
- * **Specify Product Key** – Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
- * **OS Settings** – Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
- * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
- >[!NOTE]
- >During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
- * **Progress** – While the task sequence is created, a progress bar is displayed on this page.
- * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
-2. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
-3. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
+ * **General Settings** – Enter an identifier for the reference image task sequence in the **Task Sequence ID** field, a name for the reference image task sequence in the **Task Sequence Name** field, and any comments for the reference image task sequence in the **Task Sequence Comments** field, and then click **Next**.
+ >[!NOTE]
+ >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
+ * **Select Template** – Select **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
+ * **Select OS** – Navigate to and select the Windows 10 image you imported with the Windows 10 installation files, and then click **Next**.
+ * **Specify Product Key** – Click **Do Not Specify a Product Key at This Time**, and then click **Next**.
+ * **OS Settings** – Enter a name, organization, and home page URL in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
+ * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
+ >[!NOTE]
+ >During creation of a reference image, any specified Administrator password will be automatically removed when the image is prepared for capture with Sysprep. During reference image creation, a password is not necessary, but is recommended to remain in line with best practices for production deployment environments.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
+ * **Progress** – While the task sequence is created, a progress bar is displayed on this page.
+ * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
+3. Select the **Task Sequences** folder, right-click the new task sequence you created, and then click **Properties**.
+4. Select the **Task Sequence** tab to view the steps that are included in the Standard Client Task Sequence template, as shown in Figure 10.
- 
+ 
*Figure 10. Enable Windows Update in the reference image task sequence*
-4. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
-5. Click the **Options** tab, and then clear the **Disable This Step** check box.
-6. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
-7. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
+5. Select the **Windows Update (Pre-Application Installation)** option, located under the **State Restore** folder.
+6. Click the **Options** tab, and then clear the **Disable This Step** check box.
+7. Repeat Step 4 and Step 5 for the **Windows Update (Post-Application Installation)** option.
+8. Click **OK** to apply changes to the task sequence, and then close the task sequence properties window.
### Generate and import MDT boot media
@@ -304,25 +313,25 @@ To update the MDT boot media, follow these steps:
1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard, as shown in Figure 11.
- 
+ 
*Figure 11. Generate boot images with the Update Deployment Share Wizard*
2. Use the Update Deployment Share Wizard to create boot images with the following process:
- * **Options** – Click **Completely Regenerate the Boot Images**, and then click **Next**.
- >[!NOTE]
- >Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
- * **Summary** – Review the specified options on this page before you click **Next** to begin generation of boot images.
- * **Progress** – While the boot images are being generated, a progress bar is displayed on this page.
- * **Confirmation** – When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
+ * **Options** – Click **Completely Regenerate the Boot Images**, and then click **Next**.
+ >[!NOTE]
+ >Because this is the first time the newly created deployment share has been updated, new boot images will be generated regardless of which option you select on the **Options** page.
+ * **Summary** – Review the specified options on this page before you click **Next** to begin generation of boot images.
+ * **Progress** – While the boot images are being generated, a progress bar is displayed on this page.
+ * **Confirmation** – When the boot images have been generated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
3. Confirm that boot images have been generated by navigating to the deployment share in File Explorer and opening the Boot folder. The following files should be displayed, as shown in Figure 12:
- * **LiteTouchPE_x86.iso**
- * **LiteTouchPE_x86.wim**
- * **LiteTouchPE_x64.iso**
- * **LiteTouchPE_x64.wim**
+ * **LiteTouchPE_x86.iso**
+ * **LiteTouchPE_x86.wim**
+ * **LiteTouchPE_x64.iso**
+ * **LiteTouchPE_x64.wim**
- 
+ 
*Figure 12. Boot images displayed in the Boot folder after completion of the Update Deployment Share Wizard*
@@ -332,21 +341,21 @@ To import the MDT boot media into WDS for PXE boot, follow these steps:
2. Expand **Servers** and your deployment server.
3. Click the **Boot Images** folder, as shown in Figure 13.
- 
+ 
*Figure 13. Start the Add Image Wizard from the Boot Images folder*
4. Right-click the **Boot Images** folder, and then click **Add Boot Image** to open the Add Image Wizard, as shown in Figure 14.
- 
+ 
*Figure 14. Import the LiteTouchPE_x86.wim MDT boot image*
5. The Add Image Wizard displays a series of steps, as follows:
- * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
- * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
- * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
- * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
+ * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, click **Open**, and then click **Next**.
+ * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
+ * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
+ * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
>[!NOTE]
>Only the 32-bit boot image, LiteTouchPE_x86.wim, is required to boot from BIOS devices, including Generation 1 Hyper-V virtual machines like the reference virtual machine.
@@ -377,7 +386,7 @@ Perform the reference image deployment and capture using the following steps:
1. Start your virtual machine and press the F12 key when prompted to boot to the WDS server via PXE, as shown in Figure 15.
- 
+ 
*Figure 15. Start network boot by pressing the F12 key*
@@ -385,18 +394,18 @@ Perform the reference image deployment and capture using the following steps:
3. Enter your MDT username and password, a user with rights to access the MDT deployment share over the network and with rights to write to the Captures folder in the deployment share.
4. After your credentials are validated, the Windows Deployment Wizard will start and process the boot and deployment share rules.
5. The Windows Deployment Wizard displays a series of steps, as follows:
- * **Task Sequence** – Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
- * **Computer Details** – Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
- * **Move Data and Settings** – Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
- * **User Data (Restore)** – Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
- * **Locale and Time** – Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
- * **Capture Image** – Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
+ * **Task Sequence** – Select the task sequence you created for reference image creation (it should be the only task sequence available), and then click **Next**.
+ * **Computer Details** – Leave the default computer name, workgroup name, and the **Join a Workgroup** option selected, and then click **Next**. The computer name and workgroup will be reset when the image is prepared by Sysprep and captured.
+ * **Move Data and Settings** – Leave the default option of **Do Not Move User Data and Settings** selected, and then click **Next**.
+ * **User Data (Restore)** – Leave the default option of **Do Not Restore User Data and Settings** selected, and then click **Next**.
+ * **Locale and Time** – Leave the default options for language and time settings selected. The locale and time settings will be specified during deployment of the image to other devices. Click **Next**.
+ * **Capture Image** – Click the **Capture an Image of this Reference Computer** option, as shown in Figure 16. In the **Location** field, keep the default location of the Captures folder. You can keep or change the name of the image file in the **File Name** field. When you are finished, click **Next**.
- 
+ 
- *Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
+ *Figure 16. Use the Capture Image page to capture an image of the reference machine after deployment*
- * **Ready** – You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
+ * **Ready** – You can review your selections by expanding **Details** on the **Ready** page. Click **Begin** when you are ready to perform the deployment and capture of your reference image.
6. Your reference task sequence will run with the specified options.
@@ -425,14 +434,14 @@ To import the reference image for deployment, use the following steps:
1. Right-click the **Operating Systems** folder under your deployment share in the Deployment Workbench or the folder you created in when you imported Windows 10 installation files, and then click **Import Operating System** to start the Import Operating System Wizard.
2. Import the custom image with the Import Operating System Wizard by using the following steps:
- * **OS Type** – Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
- * **Image** – Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**.
- * **Setup** – Click **Setup Files are not Neededf**, and then click **Next**.
- * **Destination** – Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- * **Progress** – While the image is imported, a progress bar is displayed on this page.
- * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
-3. Expand the folder in which you imported the image to verify that the import completed successfully.
+ * **OS Type** – Select Custom Image File to specify that you are importing the Windows source files from installation media, and then click **Next**.
+ * **Image** – Click **Browse**, and then navigate to and select the image file in the **Captures** folder in your deployment share. Select the **Move the Files to the Deployment Share Instead of Copying Them** checkbox if desired. Click **Next**.
+ * **Setup** – Click **Setup Files are not Neededf**, and then click **Next**.
+ * **Destination** – Enter a name for the new folder that will be created to hold the image file, and then click **Next**.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ * **Progress** – While the image is imported, a progress bar is displayed on this page.
+ * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Operating System Wizard.
+3. Expand the folder in which you imported the image to verify that the import completed successfully.
>[!NOTE]
>You can import the reference image into the same deployment share that you used to create your reference image, or you could import the reference image into a new deployment share for deployment to your Surface devices. If you chose to create a new deployment share for deployment of your reference image, remember that you still need to import a full set of installation files from installation media.
@@ -456,24 +465,24 @@ To import the Surface drivers (in this example, Surface Pro 4) into MDT, follow
* Microsoft Corporation
* Surface Pro 4
- 
+ 
*Figure 17. The recommended folder structure for drivers*
4. Right-click the **Surface Pro 4** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 18.
- 
+ 
*Figure 18. The Progress page during drivers import*
5. The Import Driver Wizard displays a series of steps, as follows:
- * **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- * **Progress** – While the drivers are imported, a progress bar is displayed on this page.
- * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
-6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
+ * **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 4 firmware and drivers in Step 1.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ * **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+ * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
+6. Click the **Surface Pro 4** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 19.
- 
+ 
*Figure 19. Drivers for Surface Pro 4 imported and organized in the MDT deployment share*
@@ -491,7 +500,7 @@ After you have downloaded the source files for your version of Office Click-to-R
1. Right-click the existing **Configuration.xml** file, and then click **Edit**.
2. This action opens the file in Notepad. Replace the existing text with the following:
- ```
+ ```
@@ -499,7 +508,7 @@ After you have downloaded the source files for your version of Office Click-to-R
-```
+ ```
3. Save the file.
@@ -512,22 +521,22 @@ Now that the installation and configuration files are prepared, the application
1. Open the Deployment Workbench.
2. Expand the deployment share, right-click the **Applications** folder, and then click **New Application** to start the New Application Wizard, as shown in Figure 20.
- 
+ 
*Figure 20. Enter the command and directory for Office 2016 Click-to-Run*
3. The New Application Wizard walks you through importing the Office 2016 Click-to-Run files, as follows:
- * **Application Type** – Click **Application with Source Files**, and then click **Next**.
- * **Details** – Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
- * **Source** – Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
- * **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
- * **Command Details** – Enter the Office Deployment Tool installation command line:
+ * **Application Type** – Click **Application with Source Files**, and then click **Next**.
+ * **Details** – Enter a name for the application (for example, Office 2016 Click-to-Run) in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
+ * **Source** – Click **Browse** to navigate to and select the folder where you downloaded the Office installation files with the Office Deployment Tool, and then click **Next**.
+ * **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
+ * **Command Details** – Enter the Office Deployment Tool installation command line:
`Setup.exe /configure configuration.xml`
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
- * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ * **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+ * **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
4. You should now see the **Office 2016 Click-to-Run** item under the **Applications** folder in the Deployment Workbench.
@@ -549,17 +558,17 @@ The next step in the process is to create the deployment task sequence. This tas
To create the deployment task sequence, follow these steps:
1. In the Deployment Workbench, under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
- * **General Settings** – Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
- >[!NOTE]
- >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
- * **Select Template** – Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
- * **Select OS** – Navigate to and select the reference image that you imported, and then click **Next**.
- * **Specify Product Key** – Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
- * **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
- * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
- * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
- * **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
- * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
+ * **General Settings** – Enter an identifier for the deployment task sequence in the **Task Sequence ID** field, a name for the deployment task sequence in the **Task Sequence Name** field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, then click **Next**.
+ >[!NOTE]
+ >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
+ * **Select Template** – Click **Standard Client Task Sequence** from the drop-down menu, and then click **Next**.
+ * **Select OS** – Navigate to and select the reference image that you imported, and then click **Next**.
+ * **Specify Product Key** – Select the product key entry that fits your organization's licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
+ * **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
+ * **Admin Password** – Click **Use the Specified Local Administrator Password**, enter a password in the provided field, and then click **Next**.
+ * **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
+ * **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
+ * **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete the New Task Sequence Wizard.
After the task sequence is created it can be modified for increased automation, such as the installation of applications without user interaction, the selection of drivers, and the installation of Windows updates.
@@ -571,35 +580,35 @@ After the task sequence is created it can be modified for increased automation,
6. Between the two **Windows Update** steps is the **Install Applications** step. Click the **Install Applications** step, and then click **Add**.
7. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 21.
- 
+ 
*Figure 21. A new Install Application step in the deployment task sequence*
8. On the **Properties** tab of the new **Install Application** step, enter **Install Microsoft Office 2016 Click-to-Run** in the **Name** field.
9. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
-10. Select Office 2016 Click-to-Run from the list of applications, and then click **OK**.
-11. Repeat Steps 6 through 10 for the Surface app.
-12. Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
-13. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
+10. Select Office 2016 Click-to-Run from the list of applications, and then click **OK**.
+11. Repeat Steps 6 through 10 for the Surface app.
+12. Expand the **Preinstall** folder, and then click the **Enable BitLocker (Offline)** step.
+13. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
14. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 22), configure the following options:
- * **Name** – Set DriverGroup001
- * **Task Sequence Variable** – DriverGroup001
- * **Value** – Windows 10 x64\%Make%\%Model%
+ * **Name** – Set DriverGroup001
+ * **Task Sequence Variable** – DriverGroup001
+ * **Value** – Windows 10 x64\%Make%\%Model%
- 
+ 
- *Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
+ *Figure 22. Configure a new Set Task Sequence Variable step in the deployment task sequence*
-15. Select the **Inject Drivers** step, the next step in the task sequence.
-16. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
- * In the **Choose a selection profile** drop-down menu, select **Nothing**.
- * Click the **Install all drivers from the selection profile** button.
+15. Select the **Inject Drivers** step, the next step in the task sequence.
+16. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 23), configure the following options:
+ * In the **Choose a selection profile** drop-down menu, select **Nothing**.
+ * Click the **Install all drivers from the selection profile** button.
- 
+ 
- *Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
+ *Figure 23. Configure the deployment task sequence not to choose the drivers to inject into Windows*
-17. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
+17. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
### Configure deployment share rules
@@ -615,20 +624,20 @@ To automate the boot media rules, follow these steps:
2. Click the **Rules** tab, and then click **Edit Bootstrap.ini** to open Bootstrap.ini in Notepad.
3. Replace the text of the Bootstrap.ini file with the following text:
- ```
- [Settings]
- Priority=Model,Default
+ ```
+ [Settings]
+ Priority=Model,Default
- [Surface Pro 4]
- DeployRoot=\\STNDeployServer\DeploymentShare$
- UserDomain=STNDeployServer
- UserID=MDTUser
- UserPassword=P@ssw0rd
- SkipBDDWelcome=YES
+ [Surface Pro 4]
+ DeployRoot=\\STNDeployServer\DeploymentShare$
+ UserDomain=STNDeployServer
+ UserID=MDTUser
+ UserPassword=P@ssw0rd
+ SkipBDDWelcome=YES
- [Surface Pro 4]
- DeployRoot=\\STNDeployServer\DeploymentShare$
- ```
+ [Surface Pro 4]
+ DeployRoot=\\STNDeployServer\DeploymentShare$
+ ```
4. Press Ctrl+S to save Bootstrap.ini, and then close Notepad.
@@ -648,7 +657,7 @@ Rules used in the text shown in Step 3 include:
The bulk of the rules used to automate the MDT deployment process are stored in the deployment share rules, or the Customsettings.ini file. In this file you can answer and hide all of the prompts from the Windows Deployment Wizard, which yields a deployment experience that mostly consists of a progress bar that displays the automated actions occurring on the device. The deployment share rules are shown directly in the **Rules** tab of the deployment share properties, as shown in Figure 24.
-
+
*Figure 24. Deployment share rules configured for automation of the Windows Deployment Wizard*
@@ -738,10 +747,10 @@ To update the MDT boot media, follow these steps:
1. Right-click the deployment share in the Deployment Workbench, and then click **Update Deployment Share** to start the Update Deployment Share Wizard.
2. The Update Deployment Share Wizard displays a series of steps, as follows:
- * **Options** – Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
- * **Summary** – Review the specified options on this page before you click **Next** to begin the update of boot images.
- * **Progress** – While the boot images are being updated a progress bar is displayed on this page.
- * **Confirmation** – When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
+ * **Options** – Choose between the **Completely Regenerate the Boot Images** or **Optimize the Boot Image Updating Process** options. Completely regenerating the boot images will take more time, but produces boot media that is not fragmented and does not contain out of date components. Optimizing the boot image updating process will proceed more quickly, but may result in longer load times when booting via PXE. Click **Next**.
+ * **Summary** – Review the specified options on this page before you click **Next** to begin the update of boot images.
+ * **Progress** – While the boot images are being updated a progress bar is displayed on this page.
+ * **Confirmation** – When the boot images have been updated, the success of the process is displayed on this page. Click **Finish** to complete the Update Deployment Share Wizard.
To import the updated MDT boot media into WDS for PXE boot, follow these steps:
@@ -750,17 +759,17 @@ To import the updated MDT boot media into WDS for PXE boot, follow these steps:
3. Click the **Boot Images** folder.
4. Right-click the existing MDT boot image, and then click **Replace Image** to open the Replace Boot Image Wizard.
5. Replace the previously imported MDT boot image with the updated version by using these steps in the Replace Boot Image Wizard:
- * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
- * **Available Images** – Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
- * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
- * **Summary** – Review your selections for importing a boot image into WDS, and then click **Next**.
- * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
+ * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, click **LiteTouchPE_x86.wim**, and then click **Open**. Click **Next**.
+ * **Available Images** – Only one image should be listed and selected **LiteTouch Windows PE (x86)**, click **Next**.
+ * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
+ * **Summary** – Review your selections for importing a boot image into WDS, and then click **Next**.
+ * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Replace Boot Image Wizard.
6. Right-click the **Boot Images** folder, and then click **Add Image** to open the Add Image Wizard.
7. Add the new 64-bit boot image for 64-bit UEFI device compatibility with the Add Image Wizard , as follows:
- * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
- * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
- * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
- * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
+ * **Image File** – Click **Browse** and navigate to the **Boot** folder in your deployment share, select **LiteTouchPE_x64.wim**, and then click **Open**. Click **Next**.
+ * **Image Metadata** – Enter a name and description for the MDT boot media, or click **Next** to accept the default options.
+ * **Summary** – Review your selections to import a boot image into WDS, and then click **Next**.
+ * **Task Progress** – A progress bar is displayed as the selected image file is copied into the WDS remote installation folder. Click **Finish** when the task is complete to close the Add Image Wizard.
>[!NOTE]
>Although it is a best practice to replace and update the boot images in WDS whenever the MDT deployment share is updated, for deployment to Surface devices the 32-bit boot image, LiteTouchPE_x86.wim, is not required. Only the 64-bit boot image is required for 64-bit UEFI devices.
@@ -772,7 +781,7 @@ With all of the automation provided by the deployment share rules and task seque
>[!NOTE]
>For the deployment to require only a single touch, the Surface devices must be connected to a keyboard, connected to the network with a Microsoft Surface USB Ethernet Adapter or Surface Dock, and configured with PXE boot as the first boot option, as shown in Figure 25.
-
+
*Figure 25. Setting boot priority for PXE boot*
diff --git a/devices/surface/deploy.md b/devices/surface/deploy.md
index 69865822f6..68749b654c 100644
--- a/devices/surface/deploy.md
+++ b/devices/surface/deploy.md
@@ -5,17 +5,30 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: brecords
+author: dansimp
ms.date: 10/02/2018
-ms.author: jdecker
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Deploy Surface devices
-Get deployment guidance for your Surface devices including information about Microsoft Deployment Toolkit (MDT), out-of-box-experience (OOBE) customization, Ethernet adaptors, Surface Deployment Accelerator, and the Battery Limit setting.
+Learn about about deploying ARM- and Intel-based Surface devices.
-## In this section
+## Deploying ARM-based devices
+
+| Topic | Description |
+| --- | --- |
+| [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md) | Get an overview of key considerations for deploying, managing, and servicing Surface Pro X running the Microsoft SQ1 ARM processor. |
+| [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) | Learn about Autopilot, the recommended method for deploying Surface Pro X. |
+| [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md) | Review app compatibility guidance for Surface Pro X. |
+
+
+## Deploying Intel-based devices
| Topic | Description |
| --- | --- |
@@ -28,22 +41,7 @@ Get deployment guidance for your Surface devices including information about Mic
| [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)| See how Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices. |
[Battery Limit setting](battery-limit.md) | Learn how to use Battery Limit, a UEFI setting that changes how the Surface device battery is charged and may prolong its longevity.
-
-
-
-
## Related topics
-
-[Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
+[Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json
index 9bae9c245d..42faacbcac 100644
--- a/devices/surface/docfx.json
+++ b/devices/surface/docfx.json
@@ -1,39 +1,58 @@
{
"build": {
- "content":
- [
- {
- "files": ["**/**.md", "**/**.yml"],
- "exclude": ["**/obj/**"]
- }
- ],
+ "content": [
+ {
+ "files": [
+ "**/**.md",
+ "**/**.yml"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
+ ],
"resource": [
- {
- "files": ["**/images/**"],
- "exclude": ["**/obj/**"]
- }
+ {
+ "files": [
+ "**/images/**"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
- "breadcrumb_path": "/surface/breadcrumb/toc.json",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.technology": "windows",
- "ms.topic": "article",
- "ms.author": "jdecker",
- "ms.date": "05/09/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.surface"
- }
- }
+ "breadcrumb_path": "/surface/breadcrumb/toc.json",
+ "ROBOTS": "INDEX, FOLLOW",
+ "ms.technology": "windows",
+ "audience": "ITPro",
+ "ms.topic": "article",
+ "manager": "laurawi",
+ "ms.date": "05/09/2017",
+ "feedback_system": "GitHub",
+ "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
+ "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
+ "_op_documentIdPathDepotMapping": {
+ "./": {
+ "depot_name": "Win.surface",
+ "folder_relative_path_in_docset": "./"
+ }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ],
+ "titleSuffix": "Surface"
},
- "externalReference": [
- ],
+ "externalReference": [],
"template": "op.html",
"dest": "devices/surface",
- "markdownEngineName": "dfm"
- }
-}
\ No newline at end of file
+ "markdownEngineName": "markdig"
+}
+}
diff --git a/devices/surface/documentation/surface-system-sku-reference.md b/devices/surface/documentation/surface-system-sku-reference.md
new file mode 100644
index 0000000000..55a45cdd43
--- /dev/null
+++ b/devices/surface/documentation/surface-system-sku-reference.md
@@ -0,0 +1,55 @@
+---
+title: Surface System SKU reference
+description: This topic provides a reference of System SKU names that you can use to quickly determine the machine state of a specific device.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: coveminer
+ms.author: v-jokai
+ms.topic: article
+ms.date: 03/12/2019
+---
+# Surface System SKU Reference
+This document provides a reference of System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI, and related tools.
+
+System SKU is a variable (along with System Model and others) stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. Use the System SKU name whenever you need to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
+
+| **Device**| **System Model** | **System SKU**|
+| --- | ---| --- |
+| Surface 3 WiFI | Surface 3 | Surface_3 |
+| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
+| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
+| Surface 3 LTE North America | Surface 3 | Surface_3_NAG |
+| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW |
+| Surface Pro | Surface Pro | Surface_Pro_1796 |
+| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 |
+| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 |
+| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
+| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
+| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
+| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
+| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
+| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
+| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
+
+## Using System SKU variables
+
+### PowerShell
+
+ gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU
+
+### System Information
+You can also find the System SKU and System Model for a device in System Information.
+- Click **Start** > **MSInfo32**.
+
+### WMI
+You can use System SKU variables in a Task Sequence WMI Condition in the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. For example:
+
+ - WMI Namespace – Root\WMI
+ - WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796"
+
+
+
+
+
+
diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
index 7b2265c6f4..49e1bc555b 100644
--- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
+++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
@@ -2,14 +2,16 @@
title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface)
description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D
+ms.reviewer:
+manager: dansimp
keywords: network, wireless, device, deploy, authentication, protocol
ms.localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
---
@@ -21,7 +23,7 @@ Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on yo
If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](https://technet.microsoft.com/network/bb643147).
-You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
+You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager.
## Download PEAP, EAP-FAST, or Cisco LEAP installation files
diff --git a/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
new file mode 100644
index 0000000000..b49b04d13a
--- /dev/null
+++ b/devices/surface/enable-surface-keyboard-for-windows-pe-deployment.md
@@ -0,0 +1,175 @@
+---
+title: How to enable the Surface Laptop keyboard during MDT deployment
+description: When you use MDT to deploy Windows 10 to Surface laptops, you need to import keyboard drivers to use in the Windows PE environment.
+keywords: windows 10 surface, automate, customize, mdt
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: surface
+ms.sitesec: library
+author: Teresa-Motiv
+ms.author: v-tea
+ms.topic: article
+ms.date: 01/30/2020
+ms.reviewer: scottmca
+ms.localizationpriority: medium
+ms.audience: itpro
+manager: jarrettr
+appliesto:
+- Surface Laptop (1st Gen)
+- Surface Laptop 2
+- Surface Laptop 3
+---
+
+# How to enable the Surface Laptop keyboard during MDT deployment
+
+This article addresses a deployment approach that uses Microsoft Deployment Toolkit (MDT). You can also apply this information to other deployment methodologies. On most types of Surface devices, the keyboard should work during Lite Touch Installation (LTI). However, Surface Laptop requires some additional drivers to enable the keyboard. For Surface Laptop (1st Gen) and Surface Laptop 2 devices, you must prepare the folder structure and selection profiles that allow you to specify keyboard drivers for use during the Windows Preinstallation Environment (Windows PE) phase of LTI. For more information about this folder structure, see [Deploy a Windows 10 image using MDT: Step 5: Prepare the drivers repository](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt?redirectedfrom=MSDN#step-5-prepare-the-drivers-repository).
+
+> [!NOTE]
+> It is currently not supported to add Surface Laptop 2 and Surface Laptop 3 keyboard drivers in the same Windows PE boot instance due to a driver conflict; use separate instances instead.
+
+> [!IMPORTANT]
+> If you are deploying a Windows 10 image to a Surface Laptop that has Windows 10 in S mode preinstalled, see KB [4032347, Problems when deploying Windows to Surface devices with preinstalled Windows 10 in S mode](https://support.microsoft.com/help/4032347/surface-preinstall-windows10-s-mode-issues).
+
+To add the keyboard drivers to the selection profile, follow these steps:
+
+1. Download the latest Surface Laptop MSI file from the appropriate locations:
+ - [Surface Laptop (1st Gen) Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=55489)
+ - [Surface Laptop 2 Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=57515)
+ - [Surface Laptop 3 with Intel Processor Drivers and Firmware](https://www.microsoft.com/download/details.aspx?id=100429)
+
+2. Extract the contents of the Surface Laptop MSI file to a folder that you can easily locate (for example, c:\surface_laptop_drivers). To extract the contents, open an elevated Command Prompt window and run the command from the following example:
+
+ ```cmd
+ Msiexec.exe /a SurfaceLaptop_Win10_15063_1703008_1.msi targetdir=c:\surface_laptop_drivers /qn
+ ```
+
+3. Open the Deployment Workbench and expand the **Deployment Shares** node and your deployment share, then navigate to the **WindowsPEX64** folder.
+
+ 
+
+4. Right-click the **WindowsPEX64** folder and select **Import Drivers**.
+5. Follow the instructions in the Import Driver Wizard to import the driver folders into the WindowsPEX64 folder.
+
+> [!NOTE]
+> Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released.
+
+To support Surface Laptop (1st Gen), import the following folders:
+
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+ - SurfacePlatformInstaller\Drivers\System\PreciseTouch
+
+Or for newer MSI files beginning with "SurfaceUpdate", use:
+
+- SurfaceUpdate\SerialIOGPIO
+- SurfaceUpdate\SurfaceHidMiniDriver
+- SurfaceUpdate\SurfaceSerialHubDriver
+- SurfaceUpdate\Itouch
+
+To support Surface Laptop 2, import the following folders:
+
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+ - SurfacePlatformInstaller\Drivers\System\I2C
+ - SurfacePlatformInstaller\Drivers\System\SPI
+ - SurfacePlatformInstaller\Drivers\System\UART
+ - SurfacePlatformInstaller\Drivers\System\PreciseTouch
+
+Or for newer MSI files beginning with "SurfaceUpdate", use:
+
+- SurfaceUpdate\SerialIOGPIO
+- SurfaceUpdate\IclSerialIOI2C
+- SurfaceUpdate\IclSerialIOSPI
+- SurfaceUpdate\IclSerialIOUART
+- SurfaceUpdate\SurfaceHidMini
+- SurfaceUpdate\SurfaceSerialHub
+- SurfaceUpdate\Itouch
+
+
+To support Surface Laptop 3 with Intel Processor, import the following folders:
+
+- SurfaceUpdate\IclSerialIOGPIO
+- SurfaceUpdate\IclSerialIOI2C
+- SurfaceUpdate\IclSerialIOSPI
+- SurfaceUpdate\IclSerialIOUART
+- SurfaceUpdate\SurfaceHidMini
+- SurfaceUpdate\SurfaceSerialHub
+- SurfaceUpdate\SurfaceHotPlug
+- SurfaceUpdate\Itouch
+ > [!NOTE]
+ > Check the downloaded MSI package to determine the format and directory structure. The directory structure will start with either SurfacePlatformInstaller (older MSI files) or SurfaceUpdate (Newer MSI files) depending on when the MSI was released.
+
+ To support Surface Laptop (1st Gen), import the following folders:
+
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHidMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+ - SurfacePlatformInstaller\Drivers\System\PreciseTouch
+
+ Or for newer MSI files beginning with "SurfaceUpdate", use:
+
+ - SurfaceUpdate\SerialIOGPIO
+ - SurfaceUpdate\SurfaceHidMiniDriver
+ - SurfaceUpdate\SurfaceSerialHubDriver
+ - SurfaceUpdate\Itouch
+
+ To support Surface Laptop 2, import the following folders:
+
+ - SurfacePlatformInstaller\Drivers\System\GPIO
+ - SurfacePlatformInstaller\Drivers\System\SurfaceHIDMiniDriver
+ - SurfacePlatformInstaller\Drivers\System\SurfaceSerialHubDriver
+ - SurfacePlatformInstaller\Drivers\System\I2C
+ - SurfacePlatformInstaller\Drivers\System\SPI
+ - SurfacePlatformInstaller\Drivers\System\UART
+ - SurfacePlatformInstaller\Drivers\System\PreciseTouch
+
+ Or for newer MSI files beginning with "SurfaceUpdate", use:
+
+ - SurfaceUpdate\SerialIOGPIO
+ - SurfaceUpdate\IclSerialIOI2C
+ - SurfaceUpdate\IclSerialIOSPI
+ - SurfaceUpdate\IclSerialIOUART
+ - SurfaceUpdate\SurfaceHidMini
+ - SurfaceUpdate\SurfaceSerialHub
+ - SurfaceUpdate\Itouch
+
+ To support Surface Laptop 3 with Intel Processor, import the following folders:
+
+ - SurfaceUpdate\IclSerialIOGPIO
+ - SurfaceUpdate\IclSerialIOI2C
+ - SurfaceUpdate\IclSerialIOSPI
+ - SurfaceUpdate\IclSerialIOUART
+ - SurfaceUpdate\SurfaceHidMini
+ - SurfaceUpdate\SurfaceSerialHub
+ - SurfaceUpdate\SurfaceHotPlug
+ - SurfaceUpdate\Itouch
+
+ > [!NOTE]
+ > For Surface Laptop 3 with Intel processor, the model is Surface Laptop 3. The remaining Surface Laptop drivers are located in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 3 folder.
+
+6. Verify that the WindowsPEX64 folder now contains the imported drivers. The folder should resemble the following:
+
+ 
+
+7. Configure a selection profile that uses the WindowsPEX64 folder. The selection profile should resemble the following:
+
+ 
+
+8. Configure the Windows PE properties of the MDT deployment share to use the new selection profile, as follows:
+
+ - For **Platform**, select **x64**.
+ - For **Selection profile**, select the new profile.
+ - Select **Include all drivers from the selection profile**.
+
+ 
+
+9. Verify that you have configured the remaining Surface Laptop drivers by using either a selection profile or a **DriverGroup001** variable.
+ - For Surface Laptop (1st Gen), the model is **Surface Laptop**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop folder as shown in the figure that follows this list.
+ - For Surface Laptop 2, the model is **Surface Laptop 2**. The remaining Surface Laptop drivers should reside in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 2 folder.
+ - For Surface Laptop 3 with Intel processor, the model is Surface Laptop 3. The remaining Surface Laptop drivers are located in the \MDT Deployment Share\Out-of-Box Drivers\Windows10\X64\Surface Laptop 3 folder.
+
+ 
+
+After configuring the MDT Deployment Share to use the new selection profile and related settings, continue the deployment process as described in [Deploy a Windows 10 image using MDT: Step 6: Create the deployment task sequence](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt#step-6-create-the-deployment-task-sequence).
diff --git a/devices/surface/enroll-and-configure-surface-devices-with-semm.md b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
index 0c64b39169..50ecb3cb35 100644
--- a/devices/surface/enroll-and-configure-surface-devices-with-semm.md
+++ b/devices/surface/enroll-and-configure-surface-devices-with-semm.md
@@ -6,10 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 01/06/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer:
+manager: dansimp
---
# Enroll and configure Surface devices with SEMM
@@ -18,6 +22,11 @@ With Microsoft Surface Enterprise Management Mode (SEMM), you can securely confi
For a more high-level overview of SEMM, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode).
+A streamlined method of managing firmware from the cloud on Surface Pro 7,Surface Pro X and Surface Laptop 3 is now available via public preview. For more information,refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+> [!NOTE]
+> SEMM is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md).
+
#### Download and install Microsoft Surface UEFI Configurator
The tool used to create SEMM packages is Microsoft Surface UEFI Configurator. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
Run the Microsoft Surface UEFI Configurator Windows Installer (.msi) file to start the installation of the tool. When the installer completes, find Microsoft Surface UEFI Configurator in the All Apps section of your Start menu.
@@ -35,13 +44,13 @@ To create a Surface UEFI configuration package, follow these steps:
2. Click **Start**.
3. Click **Configuration Package**, as shown in Figure 1.
- 
+ 
*Figure 1. Select Configuration Package to create a package for SEMM enrollment and configuration*
4. Click **Certificate Protection** to add your exported certificate file with private key (.pfx), as shown in Figure 2. Browse to the location of your certificate file, select the file, and then click **OK**.
- 
+ 
*Figure 2. Add the SEMM certificate and Surface UEFI password to a Surface UEFI configuration package*
@@ -50,31 +59,31 @@ To create a Surface UEFI configuration package, follow these steps:
7. When you are prompted, enter and confirm your chosen password for Surface UEFI, and then click **OK**. If you want to clear an existing Surface UEFI password, leave the password field blank.
8. If you do not want the Surface UEFI package to apply to a particular device, on the **Choose which Surface type you want to target** page, click the slider beneath the corresponding Surface Book or Surface Pro 4 image so that it is in the **Off** position. (As shown in Figure 3.)
- 
+ 
*Figure 3. Choose the devices for package compatibility*
9. Click **Next**.
10. If you want to deactivate a component on managed Surface devices, on the **Choose which components you want to activate or deactivate** page, click the slider next to any device or group of devices you want to deactivate so that the slider is in the **Off** position. (Shown in Figure 4.) The default configuration for each device is **On**. Click the **Reset** button if you want to return all sliders to the default position.
- 
+ 
- *Figure 4. Disable or enable individual Surface components*
+ *Figure 4. Disable or enable individual Surface components*
-11. Click **Next**.
-12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package.
+11. Click **Next**.
+12. To enable or disable advanced options in Surface UEFI or the display of Surface UEFI pages, on the **Choose the advanced settings for your devices** page, click the slider beside the desired setting to configure that option to **On** or **Off** (shown in Figure 5). In the **UEFI Front Page** section, you can use the sliders for **Security**, **Devices**, and **Boot** to control what pages are available to users who boot into Surface UEFI. (For more information about Surface UEFI settings, see [Manage Surface UEFI settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).) Click **Build** when you have finished selecting options to generate and save the package.
- 
+ 
- *Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
+ *Figure 5. Control advanced Surface UEFI settings and Surface UEFI pages with SEMM*
-13. In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**.
-14. When the package is created and saved, the **Successful** page is displayed.
+13. In the **Save As** dialog box, specify a name for the Surface UEFI configuration package, browse to the location where you would like to save the file, and then click **Save**.
+14. When the package is created and saved, the **Successful** page is displayed.
>[!NOTE]
>Record the certificate thumbprint characters that are displayed on this page, as shown in Figure 6. You will need these characters to confirm enrollment of new Surface devices in SEMM. Click **End** to complete package creation and close Microsoft Surface UEFI Configurator.
-
+
*Figure 6. The last two characters of the certificate thumbprint are displayed on the Successful page*
@@ -86,7 +95,7 @@ Now that you have created your Surface UEFI configuration package, you can enrol
## Enroll a Surface device in SEMM
When the Surface UEFI configuration package is executed, the SEMM certificate and Surface UEFI configuration files are staged in the firmware storage of the Surface device. When the Surface device reboots, Surface UEFI processes these files and begins the process of applying the Surface UEFI configuration or enrolling the Surface device in SEMM, as shown in Figure 7.
-
+
*Figure 7. The SEMM process for configuration of Surface UEFI or enrollment of a Surface device*
@@ -98,12 +107,12 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
2. Select the **I accept the terms in the License Agreement** check box to accept the End User License Agreement (EULA), and then click **Install** to begin the installation process.
3. Click **Finish** to complete the Surface UEFI configuration package installation and restart the Surface device when you are prompted to do so.
4. Surface UEFI will load the configuration file and determine that SEMM is not enabled on the device. Surface UEFI will then begin the SEMM enrollment process, as follows:
- * Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
- * Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
+ * Surface UEFI will verify that the SEMM configuration file contains a SEMM certificate.
+ * Surface UEFI will prompt you to enter to enter the last two characters of the certificate thumbprint to confirm enrollment of the Surface device in SEMM, as shown in Figure 8.
- 
+ 
- *Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
+ *Figure 8. Enrollment in SEMM requires the last two characters of the certificate thumbprint*
* Surface UEFI will store the SEMM certificate in firmware and apply the configuration settings that are specified in the Surface UEFI configuration file.
@@ -111,31 +120,31 @@ To enroll a Surface device in SEMM with a Surface UEFI configuration package, fo
You can verify that a Surface device has been successfully enrolled in SEMM by looking for **Microsoft Surface Configuration Package** in **Programs and Features** (as shown in Figure 9), or in the events stored in the **Microsoft Surface UEFI Configurator** log, found under **Applications and Services Logs** in Event Viewer (as shown in Figure 10).
-
+
*Figure 9. Verify the enrollment of a Surface device in SEMM in Programs and Features*
-
+
*Figure 10. Verify the enrollment of a Surface device in SEMM in Event Viewer*
You can also verify that the device is enrolled in SEMM in Surface UEFI – while the device is enrolled, Surface UEFI will contain the **Enterprise management** page (as shown in Figure 11).
-
+
*Figure 11. The Surface UEFI Enterprise management page*
## Configure Surface UEFI settings with SEMM
-After a device is enrolled in SEMM, you can run Surface UEFI configuration packages signed with the same SEMM certificate to apply new Surface UEFI settings. These settings are applied automatically the next time the device boots, without any interaction from the user. You can use application deployment solutions like System Center Configuration Manager to deploy Surface UEFI configuration packages to Surface devices to change or manage the settings in Surface UEFI.
+After a device is enrolled in SEMM, you can run Surface UEFI configuration packages signed with the same SEMM certificate to apply new Surface UEFI settings. These settings are applied automatically the next time the device boots, without any interaction from the user. You can use application deployment solutions like Microsoft Endpoint Configuration Manager to deploy Surface UEFI configuration packages to Surface devices to change or manage the settings in Surface UEFI.
-For more information about how to deploy Windows Installer (.msi) files with Configuration Manager, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/library/mt627959).
+For more information about how to deploy Windows Installer (.msi) files with Configuration Manager, see [Deploy and manage applications with Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt627959).
If you have secured Surface UEFI with a password, users without the password who attempt to boot to Surface UEFI will only have the **PC information**, **About**, **Enterprise management**, and **Exit** pages displayed to them.
If you have not secured Surface UEFI with a password or a user enters the password correctly, settings that are configured with SEMM will be dimmed (unavailable) and the text Some settings are managed by your organization will be displayed at the top of the page, as shown in Figure 12.
-
+
*Figure 12. Settings managed by SEMM will be disabled in Surface UEFI*
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index 46c4dda2d0..3c05a0d165 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -2,22 +2,25 @@
title: Ethernet adapters and Surface deployment (Surface)
description: This article provides guidance and answers to help you perform a network deployment to Surface devices.
ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0
+ms.reviewer:
+manager: dansimp
keywords: ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB
ms.localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.audience: itpro
+ms.date: 10/21/2019
---
# Ethernet adapters and Surface deployment
-This article provides guidance and answers to help you perform a network deployment to Surface devices.
+This article provides guidance and answers to help you perform a network deployment to Surface devices including Surface Pro 3 and later.
Network deployment to Surface devices can pose some unique challenges for system administrators. Due to the lack of a native wired Ethernet adapter, administrators must provide connectivity through a removable Ethernet adapter.
@@ -26,7 +29,7 @@ Network deployment to Surface devices can pose some unique challenges for system
Before you can address the concerns of how you will boot to your deployment environment or how devices will be recognized by your deployment solution, you have to use a wired network adapter.
-The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using System Center Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
+The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using Microsoft Endpoint Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
@@ -48,7 +51,6 @@ Third-party Ethernet adapters are also supported for network deployment, althoug
## Boot Surface devices from the network
-
To boot from the network or a connected USB stick, you must instruct the Surface device to boot from an alternate boot device. You can alter the boot order in the system firmware to prioritize USB boot devices, or you can instruct it to boot from an alternate boot device during the boot up process.
To boot a Surface device from an alternative boot device, follow these steps:
diff --git a/devices/surface/get-started.md b/devices/surface/get-started.md
new file mode 100644
index 0000000000..c81e994d70
--- /dev/null
+++ b/devices/surface/get-started.md
@@ -0,0 +1,169 @@
+---
+title: Get started with Surface devices
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+layout: LandingPage
+ms.assetid:
+ms.audience: itpro
+ms.tgt_pltfrm: na
+ms.devlang: na
+ms.topic: landing-page
+description: "Get started with Microsoft Surface devices"
+ms.localizationpriority: High
+---
+# Get started with Surface devices
+
+Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface for Business devices in your organization.
+
+
\ No newline at end of file
diff --git a/devices/surface/images/Surface-Devices-400x140.svg b/devices/surface/images/Surface-Devices-400x140.svg
new file mode 100644
index 0000000000..4414de0f16
--- /dev/null
+++ b/devices/surface/images/Surface-Devices-400x140.svg
@@ -0,0 +1,25 @@
+
+
+
diff --git a/devices/surface/images/Surface-Hub-400x140.svg b/devices/surface/images/Surface-Hub-400x140.svg
new file mode 100644
index 0000000000..f5a5c12a56
--- /dev/null
+++ b/devices/surface/images/Surface-Hub-400x140.svg
@@ -0,0 +1,51 @@
+
+
+
diff --git a/devices/surface/images/Surface-Workplace-400x140.svg b/devices/surface/images/Surface-Workplace-400x140.svg
new file mode 100644
index 0000000000..9bb3779192
--- /dev/null
+++ b/devices/surface/images/Surface-Workplace-400x140.svg
@@ -0,0 +1,33 @@
+
+
+
diff --git a/devices/surface/images/df1.png b/devices/surface/images/df1.png
new file mode 100644
index 0000000000..92aff587bc
Binary files /dev/null and b/devices/surface/images/df1.png differ
diff --git a/devices/surface/images/df2a.png b/devices/surface/images/df2a.png
new file mode 100644
index 0000000000..2a755ac374
Binary files /dev/null and b/devices/surface/images/df2a.png differ
diff --git a/devices/surface/images/df3.png b/devices/surface/images/df3.png
new file mode 100644
index 0000000000..c5263ce83f
Binary files /dev/null and b/devices/surface/images/df3.png differ
diff --git a/devices/surface/images/df3b.png b/devices/surface/images/df3b.png
new file mode 100644
index 0000000000..60370c5541
Binary files /dev/null and b/devices/surface/images/df3b.png differ
diff --git a/devices/surface/images/dfciconfig.png b/devices/surface/images/dfciconfig.png
new file mode 100644
index 0000000000..2e8b0b4fee
Binary files /dev/null and b/devices/surface/images/dfciconfig.png differ
diff --git a/devices/surface/images/fig1-downloads-msi.png b/devices/surface/images/fig1-downloads-msi.png
new file mode 100644
index 0000000000..4d8b1410ff
Binary files /dev/null and b/devices/surface/images/fig1-downloads-msi.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig10.png b/devices/surface/images/manage-surface-uefi-fig10.png
index 7d36f66808..daccc0efbb 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig10.png and b/devices/surface/images/manage-surface-uefi-fig10.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig11.png b/devices/surface/images/manage-surface-uefi-fig11.png
index daccc0efbb..34d2dc5342 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig11.png and b/devices/surface/images/manage-surface-uefi-fig11.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig12.png b/devices/surface/images/manage-surface-uefi-fig12.png
index 34d2dc5342..b7a58d16c2 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig12.png and b/devices/surface/images/manage-surface-uefi-fig12.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig13.png b/devices/surface/images/manage-surface-uefi-fig13.png
index b7a58d16c2..ee4691bf9e 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig13.png and b/devices/surface/images/manage-surface-uefi-fig13.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig14.png b/devices/surface/images/manage-surface-uefi-fig14.png
index 8845608fbd..8224fb5bab 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig14.png and b/devices/surface/images/manage-surface-uefi-fig14.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig15.png b/devices/surface/images/manage-surface-uefi-fig15.png
new file mode 100644
index 0000000000..8973b83528
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig15.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig16.png b/devices/surface/images/manage-surface-uefi-fig16.png
new file mode 100644
index 0000000000..cac0f7c1c1
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig16.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig17.png b/devices/surface/images/manage-surface-uefi-fig17.png
new file mode 100644
index 0000000000..8b66d3605f
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig17.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig18.png b/devices/surface/images/manage-surface-uefi-fig18.png
new file mode 100644
index 0000000000..8845608fbd
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig18.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig19.png b/devices/surface/images/manage-surface-uefi-fig19.png
new file mode 100644
index 0000000000..8845608fbd
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig19.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig4.png b/devices/surface/images/manage-surface-uefi-fig4.png
index 67866fcbf0..e956cefeaf 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig4.png and b/devices/surface/images/manage-surface-uefi-fig4.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig5.png b/devices/surface/images/manage-surface-uefi-fig5.png
index eae3212f76..00bb44ea76 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig5.png and b/devices/surface/images/manage-surface-uefi-fig5.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig5a.png b/devices/surface/images/manage-surface-uefi-fig5a.png
new file mode 100644
index 0000000000..7baecb2fff
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig5a.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig6.png b/devices/surface/images/manage-surface-uefi-fig6.png
index a06c845a9c..e424e84f4b 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig6.png and b/devices/surface/images/manage-surface-uefi-fig6.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig7.png b/devices/surface/images/manage-surface-uefi-fig7.png
index 9af6d1beed..b0a49134f3 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig7.png and b/devices/surface/images/manage-surface-uefi-fig7.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig7a.png b/devices/surface/images/manage-surface-uefi-fig7a.png
new file mode 100644
index 0000000000..62e6536ea8
Binary files /dev/null and b/devices/surface/images/manage-surface-uefi-fig7a.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig8.png b/devices/surface/images/manage-surface-uefi-fig8.png
index d8c078cf59..2269fe6c17 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig8.png and b/devices/surface/images/manage-surface-uefi-fig8.png differ
diff --git a/devices/surface/images/manage-surface-uefi-fig9.png b/devices/surface/images/manage-surface-uefi-fig9.png
index 2269fe6c17..7d36f66808 100644
Binary files a/devices/surface/images/manage-surface-uefi-fig9.png and b/devices/surface/images/manage-surface-uefi-fig9.png differ
diff --git a/devices/surface/images/manage-surface-uefi-figure-1.png b/devices/surface/images/manage-surface-uefi-figure-1.png
index b87279bdd5..cd5a789d70 100644
Binary files a/devices/surface/images/manage-surface-uefi-figure-1.png and b/devices/surface/images/manage-surface-uefi-figure-1.png differ
diff --git a/devices/surface/images/regeditDock.png b/devices/surface/images/regeditDock.png
new file mode 100644
index 0000000000..e074712665
Binary files /dev/null and b/devices/surface/images/regeditDock.png differ
diff --git a/devices/surface/images/sdt-install.png b/devices/surface/images/sdt-install.png
new file mode 100644
index 0000000000..ce0fe297d7
Binary files /dev/null and b/devices/surface/images/sdt-install.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-1.png b/devices/surface/images/surface-laptop-keyboard-1.png
new file mode 100644
index 0000000000..090ca2b58e
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-1.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-2.png b/devices/surface/images/surface-laptop-keyboard-2.png
new file mode 100644
index 0000000000..2a2cb8b3be
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-2.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-3.png b/devices/surface/images/surface-laptop-keyboard-3.png
new file mode 100644
index 0000000000..80ccc1fc3c
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-3.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-4.png b/devices/surface/images/surface-laptop-keyboard-4.png
new file mode 100644
index 0000000000..cf08e7a292
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-4.png differ
diff --git a/devices/surface/images/surface-laptop-keyboard-5.png b/devices/surface/images/surface-laptop-keyboard-5.png
new file mode 100644
index 0000000000..cf4bc9109c
Binary files /dev/null and b/devices/surface/images/surface-laptop-keyboard-5.png differ
diff --git a/devices/surface/images/uefidfci.png b/devices/surface/images/uefidfci.png
new file mode 100644
index 0000000000..ec95181145
Binary files /dev/null and b/devices/surface/images/uefidfci.png differ
diff --git a/devices/surface/images/wifi-band.png b/devices/surface/images/wifi-band.png
new file mode 100644
index 0000000000..38681a9dc8
Binary files /dev/null and b/devices/surface/images/wifi-band.png differ
diff --git a/devices/surface/images/wifi-roaming.png b/devices/surface/images/wifi-roaming.png
new file mode 100644
index 0000000000..eb539c9bd6
Binary files /dev/null and b/devices/surface/images/wifi-roaming.png differ
diff --git a/devices/surface/index.md b/devices/surface/index.md
index e559820d25..3d8e45e45e 100644
--- a/devices/surface/index.md
+++ b/devices/surface/index.md
@@ -1,63 +1,151 @@
+---
+title: Microsoft Surface documentation and resources
+layout: HubPage
+hide_bc: true
+description: Surface and Surface Hub documentation for admins & IT professionals
+author: greg-lindsay
+ms.author: greglin
+manager: laurawi
+ms.topic: hub-page
+keywords: Microsoft Surface, Microsoft Surface Hub, Surface documentation
+ms.localizationpriority: High
+audience: ITPro
+ms.prod: Surface
+description: Learn about Microsoft Surface and Surface Hub devices.
---
-title: Surface (Surface)
-description:
-ms.assetid: 2a6aec85-b8e2-4784-8dc1-194ed5126a04
-ms.localizationpriority: high
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: heatherpoulsen
-ms.author: jdecker
-ms.topic: article
-ms.date: 10/16/2017
----
-
-# Surface
-
-
-This library provides guidance to help you deploy Windows on Microsoft Surface devices, keep those devices up to date, and easily manage and support Surface devices in your organization.
-
-For more information on planning for, deploying, and managing Surface devices in your organization, see the [Surface TechCenter](https://technet.microsoft.com/windows/surface).
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [Deploy Surface devices](deploy.md) | Get deployment guidance for your Surface devices including information about MDT, OOBE customization, Ethernet adaptors, and Surface Deployment Accelerator. |
-| [Surface firmware and driver updates](update.md) | Find out how to download and manage the latest firmware and driver updates for your Surface device. |
-| [Considerations for Surface and System Center Configuration Manager](considerations-for-surface-and-system-center-configuration-manager.md) | Get guidance on how to deploy and manage Surface devices with System Center Configuration Manager. |
-| [Deploy Surface app with Microsoft Store for Business](deploy-surface-app-with-windows-store-for-business.md) | Find out how to add and download Surface app with Microsoft Store for Business, as well as install Surface app with PowerShell and MDT. |
-| [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md) | Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device. |
-| [Manage Surface UEFI settings](manage-surface-uefi-settings.md) | Use Surface UEFI settings to enable or disable devices, configure security settings, and adjust Surface device boot settings. |
-| [Surface Enterprise Management Mode](surface-enterprise-management-mode.md) | See how this feature of Surface devices with Surface UEFI allows you to secure and manage firmware settings within your organization. |
-| [Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md) | Learn how to investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. |
-| [Surface Data Eraser](microsoft-surface-data-eraser.md) | Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices. |
-| [Top support solutions for Surface devices](support-solutions-surface.md) | These are the top Microsoft Support solutions for common issues experienced using Surface devices in an enterprise. |
-| [Change history for Surface documentation](change-history-for-surface.md) | This topic lists new and updated topics in the Surface documentation library. |
-
-
-## Learn more
-
-[Certifying Surface Pro 4 and Surface Book as standard devices at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/849/Certifying-Surface-Pro-4-and-Surface-Book-as-standard-devices-at-Microsoft)
-
-
-
-
-
-
-## Related topics
-
-
-[Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
-
+
+
+
Microsoft Surface
+
Learn how to plan, deploy, and manage Microsoft Surface and Surface Hub devices.
diff --git a/devices/surface/ltsb-for-surface.md b/devices/surface/ltsb-for-surface.md
index 8c54cb0ffd..5e14c8444d 100644
--- a/devices/surface/ltsb-for-surface.md
+++ b/devices/surface/ltsb-for-surface.md
@@ -1,49 +1,36 @@
---
-title: Long-Term Servicing Branch for Surface devices (Surface)
+title: Long-Term Servicing Channel for Surface devices (Surface)
description: LTSB is not supported for general-purpose Surface devices and should be used for specialized devices only.
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 04/25/2017
+ms.reviewer:
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
-# Long-Term Servicing Branch (LTSB) for Surface devices
+# Long-Term Servicing Channel (LTSC) for Surface devices
>[!WARNING]
>For updated information on this topic, see [Surface device compatibility with Windows 10 Long-Term Servicing Channel](surface-device-compatibility-with-windows-10-ltsc.md). For additional information on this update, see the [Documentation Updates for Surface and Windows 10 LTSB Compatibility](https://blogs.technet.microsoft.com/surface/2017/04/11/documentation-updates-for-surface-and-windows-10-ltsb-compatibility) post on the Surface Blog for IT Pros.
-General-purpose Surface devices running Long-Term Servicing Branch (LTSB) are not supported. As a general guideline, if a Surface device runs productivity software, such as Microsoft Office, it is a general-purpose device that does not qualify for LTSB and should instead run Current Branch (CB) or Current Branch for Business (CBB).
+General-purpose Surface devices in the Long-Term Servicing Channel (LTSC) are not supported. As a general guideline, if a Surface device runs productivity software, such as Microsoft Office, it is a general-purpose device that does not qualify for LTSC and should instead be on the Semi-Annual Channel.
>[!NOTE]
>For more information about the servicing branches, see [Overview of Windows as a service](https://technet.microsoft.com/itpro/windows/manage/waas-overview).
-LTSB prevents Surface devices from receiving critical Windows 10 feature updates and certain non-security servicing updates. Customers with poor experiences using Surface devices in the LTSB configuration will be instructed to upgrade to CB or CBB. Furthermore, the Windows 10 Enterprise LTSB edition removes core features of Surface devices, including seamless inking and touch-friendly applications. It does not contain key in-box applications including Microsoft Edge, OneNote, Calendar or Camera. Therefore, productivity is impacted and functionality is limited. LTSB is not supported as a suitable servicing solution for general-purpose Surface devices.
-
-General-purpose Surface devices are intended to run CB or CBB to receive full servicing and firmware updates and forward compatibility with the introduction of new Surface features. With CB, feature updates are available as soon as Microsoft releases them. Customers in the CBB servicing model receive the same build of Windows 10 as those in CB, at a later date.
-
-Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–may consider the use of LTSB. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization.
-
-
+LTSC prevents Surface devices from receiving critical Windows 10 feature updates and certain non-security servicing updates. Customers with poor experiences using Surface devices in the LTSC configuration will be instructed to switch to the Semi-Annual Channel. Furthermore, the Windows 10 Enterprise LTSB edition removes core features of Surface devices, including seamless inking and touch-friendly applications. It does not contain key in-box applications including Microsoft Edge, OneNote, Calendar or Camera. Therefore, productivity is impacted and functionality is limited. LTSC is not supported as a suitable servicing solution for general-purpose Surface devices.
+General-purpose Surface devices are intended to run on the Semi-Annual Channel to receive full servicing and firmware updates and forward compatibility with the introduction of new Surface features. In the Semi-Annual Channel, feature updates are available as soon as Microsoft releases them.
+Surface devices in specialized scenarios–such as PCs that control medical equipment, point-of-sale systems, and ATMs–might consider the use of LTSC. These special-purpose systems typically perform a single task and do not require feature updates as frequently as other devices in the organization.
## Related topics
-- [Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-- [Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
-
-
+- [Surface IT Pro Blog](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/bg-p/SurfaceITPro)
diff --git a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
index ce172d5600..2631b5f837 100644
--- a/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
+++ b/devices/surface/maintain-optimal-power-settings-on-Surface-devices.md
@@ -1,16 +1,20 @@
---
-title: Maintain optimal power settings
-description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience.
+title: Best practice power settings for Surface devices
+description: This topic provides best practice recommendations for maintaining optimal power settings and explains how Surface streamlines the power management experience. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: coveminer
-ms.author: v-jokai
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 01/17/2019
+ms.reviewer:
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/28/2019
---
-# Maintain optimal power settings on Surface devices
+# Best practice power settings for Surface devices
Surface devices are designed to take advantage of the latest advances in
mobile device energy consumption to deliver a streamlined experience
@@ -20,9 +24,24 @@ components, momentarily waking up system components to handle background
tasks -- such as an incoming email or network traffic -- before returning to a
low power idle state (S0ix).
+## Summary of recommendations for IT administrators
+
+To ensure Surface devices across your organization fully benefit from Surface power optimization features:
+
+- Install the latest drivers and firmware from Windows Update or the Surface Driver and Firmware MSI. This creates the balanced power plan (aka power profile) by default and configures optimal power settings. For more information, refer to [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md).
+- Avoid creating custom power profiles or adjusting advanced power settings not visible in the default UI (**System** > **Power & sleep**).
+- If you must manage the power profile of devices across your network (such as in highly managed organizations), use the powercfg command tool to export the power plan from the factory image of the Surface device and then import it into the provisioning package for your Surface devices.
+
+ >[!NOTE]
+ >You can only export a power plan across the same type of Surface device. For example, you cannot export a power plan from Surface Laptop and import it on Surface Pro. For more information, refer to [Configure power settings](https://docs.microsoft.com/windows-hardware/customize/power-settings/configure-power-settings).
+
+- Exclude Surface devices from any existing power management policy settings.
+
+## Background
+
The way Surface implements power management differs significantly from
the earlier OS standard that gradually reduces and turns off power via a
-series of sleep states (S1, S2, S3).
+series of sleep states; for example, cycling through S1, S2, S3, and so on.
Instead, Surface is imaged with a custom power profile that replaces
legacy sleep and energy consumption functionality with modern standby
@@ -32,7 +51,12 @@ module (SAM). The SAM chip functions as the Surface device power-policy
owner, using algorithms to calculate optimal power requirements. It
works in conjunction with Windows power manager to allocate or throttle
only the exact amount of power required for hardware components to
-function.
+function. This article applies to all currently supported Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
+## Utilizing the custom power profile in Surface
+
+If you go into the power options on a surface device, you'll see that there's a single power plan available. This is the custom power profile. And if you go to the advanced power settings, you’ll see a much smaller subset of power options compared to a generic PC running Windows 10. Unlike generic devices, Surface has firmware and custom components to manage these power options.
+
## Modern Standby
@@ -42,14 +66,14 @@ instant on/instant off functionality typical of smartphones. S0ix, also
known as Deepest Runtime Idle Platform State (DRIPS), is the default
power mode for Surface devices. Modern standby has two modes:
- - **Connected standby.** The default mode for up-to-the minute
- delivery of emails, messaging, and cloud-synced data, connected
- standby keeps Wi-Fi on and maintains network connectivity.
+- **Connected standby.** The default mode for up-to-the minute
+ delivery of emails, messaging, and cloud-synced data, connected
+ standby keeps Wi-Fi on and maintains network connectivity.
- - **Disconnected standby.** An optional mode for extended battery
- life, disconnected standby delivers the same instant-on experience
- and saves power by turning off Wi-Fi, Bluetooth, and related network
- connectivity.
+- **Disconnected standby.** An optional mode for extended battery
+ life, disconnected standby delivers the same instant-on experience
+ and saves power by turning off Wi-Fi, Bluetooth, and related network
+ connectivity.
To learn more about modern standby, refer to the [Microsoft Hardware Dev
Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources).
@@ -59,13 +83,13 @@ Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/mo
Surface integrates the following features designed to help users
optimize the power management experience:
- - [Singular power plan](#singular-power-plan)
+- [Singular power plan](#singular-power-plan)
- - [Simplified power settings user
- interface](#simplified-power-settings-user-interface)
+- [Simplified power settings user
+ interface](#simplified-power-settings-user-interface)
- - [Windows performance power
- slider](#windows-performance-power-slider)
+- [Windows performance power
+ slider](#windows-performance-power-slider)
### Singular power plan
@@ -76,6 +100,7 @@ experience by delivering a single power plan (balanced) that replaces
the multiple power plans from standard Windows builds.
### Simplified power settings user interface
+
Surface provides a simplified UI in accord with best practice power
setting recommendations. In general, it's recommended to only adjust settings visible in the default user interface and avoid configuring advanced power settings or Group Policy settings. Using the default screen and sleep timeouts while avoiding maximum
brightness levels are the most effective ways for users to maintain
@@ -101,7 +126,7 @@ Power slider enables four states as described in the following table:
| Slider mode| Description |
|---|---|
-| Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/battery-saver).|
+| Battery saver| Helps conserve power and prolong battery life when the system is disconnected from a power source. When battery saver is on, some Windows features are disabled, throttled, or behave differently. Screen brightness is also reduced. Battery saver is only available when using battery power (DC). To learn more, see [Battery Saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver).|
| Recommended | Delivers longer battery life than the default settings in earlier versions of Windows. |
| Better Performance | Slightly favors performance over battery life, functioning as the default slider mode. |
| Best Performance | Favors performance over power for workloads requiring maximum performance and responsiveness, regardless of battery power consumption.|
@@ -141,15 +166,16 @@ To learn more, see:
| Check app usage | Your apps | Close apps.|
| Check your power cord for any damage.| Your power cord | Replace power cord if worn or damaged.|
-# Learn more
+## Learn more
-- [Modern
+- [Modern
standby](https://docs.microsoft.com/windows-hardware/design/device-experiences/modern-standby-wake-sources)
-- [Customize the Windows performance power
+- [Customize the Windows performance power
slider](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-power-slider)
-- [Battery
+- [Battery
saver](https://docs.microsoft.com/windows-hardware/design/component-guidelines/battery-saver)
+- [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
diff --git a/devices/surface/manage-surface-driver-and-firmware-updates.md b/devices/surface/manage-surface-driver-and-firmware-updates.md
new file mode 100644
index 0000000000..df0d5c2874
--- /dev/null
+++ b/devices/surface/manage-surface-driver-and-firmware-updates.md
@@ -0,0 +1,156 @@
+---
+title: Manage and deploy Surface driver and firmware updates
+description: This article describes the available options to manage and deploy firmware and driver updates for Surface devices.
+ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
+ms.reviewer:
+manager: dansimp
+keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: surface, devices
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.audience: itpro
+ms.date: 01/24/2020
+---
+
+# Manage and deploy Surface driver and firmware updates
+
+
+How you manage Surface driver and firmware updates varies depending on your environment and organizational requirements. On Surface devices, firmware is exposed to the operating system as a driver and is visible in Device Manager, enabling device firmware and drivers to be automatically updated using Windows Update or Windows Update for Business. Although this simplified approach may be feasible for startups and small or medium-sized businesses, larger organizations typically need IT admins to distributing updates internally. This may involve comprehensive planning, application compatibility testing, piloting and validating updates, before final approval and distribution across the network.
+
+> [!NOTE]
+> This article is intended for technical support agents and IT professionals and applies to Surface devices only. If you're looking for help to install Surface updates or firmware on a home device, see [Update Surface firmware and Windows 10](https://support.microsoft.com/help/4023505).
+
+While enterprise-grade software distribution solutions continue to evolve, the business rationale for centrally managing updates remains the same: Maintain the security of Surface devices and keep them updated with the latest operating system and feature improvements. This is essential for maintaining the stability of your production environment and enabling users to stay productive. This article provides an overview of recommended tools and processes for larger organizations to accomplish these goals.
+
+## Central update management in commercial environments
+
+Microsoft has streamlined tools for managing devices – including driver and firmware updates -- into a single unified experience called [Microsoft Endpoint Manager admin center](https://devicemanagement.microsoft.com/) accessed from devicemanagement.microsoft.com.
+
+### Manage updates with Configuration Manager and Intune
+
+Microsoft Endpoint Configuration Manager allows you to synchronize and deploy Surface firmware and driver updates with the Configuration Manager client. Integration with Microsoft Intune lets you see all your managed, co-managed and partner-managed devices in one place. This is the recommended solution for large organizations to manage Surface updates.
+
+For detailed steps, see the following resources:
+
+- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
+- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications).
+- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
+
+
+### Manage updates with Microsoft Deployment Toolkit
+
+Included in Microsoft Endpoint Configuration Manager, the Microsoft Deployment Toolkit (MDT) contains optional deployment tools that you may wish to use depending on your environment. MDT includes the Windows Assessment and Deployment Kit (Windows ADK), Windows System Image Manager (Windows SIM), Deployment Image Servicing and Management (DISM), and User State Migration Tool (USMT). You can download the latest version of MDT from the [Microsoft Deployment Toolkit download page](https://www.microsoft.com/download/details.aspx?id=54259).
+
+For detailed steps, see the following resources:
+
+Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+For instructions on how to deploy updates by using Microsoft Endpoint Configuration Manager refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
+- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt)
+
+**WindowsPE and Surface firmware and drivers**
+
+Microsoft Endpoint Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
+
+### Microsoft Endpoint Configuration Manager
+
+Starting in Microsoft Endpoint Configuration Manager, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
+## Supported devices
+Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release.
+
+
+## Managing firmware with DFCI
+With Device Firmware Configuration Interface (DFCI) profiles built into Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For more information, see:
+
+
+- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
+- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
+
+## Best practices for update deployment processes
+
+To maintain a stable environment and keep users productive, it’s strongly recommended to maintain parity with the most recent version of Windows 10. For best practice recommendations, see [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates).
+
+## Downloadable Surface update packages
+
+Specific versions of Windows 10 have separate .msi files, each containing all required cumulative driver and firmware updates for Surface devices. Update packages may include some or all of the following components:
+
+- Wi-Fi and LTE
+- Video
+- Solid state drive
+- System aggregator module (SAM)
+- Battery
+- Keyboard controller
+- Embedded controller (EC)
+- Management engine (ME)
+- Unified extensible firmware interface (UEFI)
+
+
+### Downloading .msi files
+1. Browse to [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware) on the Microsoft Download Center.
+2. Select the .msi file name that matches the Surface model and version of Windows. The .msi file name includes the minimum supported Windows build number required to install the drivers and firmware. For example, as shown in the following figure, to update a Surface Book 2 with build 18362 of Windows 10, choose **SurfaceBook2_Win10_18362_19.101.13994.msi.** For a Surface Book 2 with build 16299 of Windows 10, choose **SurfaceBook2_Win10_16299_1803509_3.msi**.
+
+ 
+
+ *Figure 1. Downloading Surface updates*
+
+
+### Surface .msi naming convention
+Since August 2019, .msi files have used the following naming convention:
+
+- *Product*_*Windows release*_*Windows build number*_*Version number*_*Revision of version number (typically zero)*.
+
+**Example**
+
+- SurfacePro6_Win10_18362_19.073.44195_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 18362
+- **Version:** 19.073.44195 – This shows the date and time that the file was created, as follows:
+ - **Year:** 19 (2019)
+ - **Month and week:** 073 (third week of July)
+ - **Minute of the month:** 44195
+- **Revision of version:** 0 (first release of this version)
+
+### Legacy Surface .msi naming convention
+Legacy .msi files (files built before August 2019) followed the same overall naming formula but used a different method to derive the version number.
+ ****
+**Example**
+
+- SurfacePro6_Win10_16299_1900307_0.msi
+
+This file name provides the following information:
+
+- **Product:** SurfacePro6
+- **Windows release:** Win10
+- **Build:** 16299
+- **Version:** 1900307 – This shows the date that the file was created and its position in the release sequence, as follows:
+ - **Year:** 19 (2019)
+ - **Number of release:** 003 (third release of the year)
+ - **Product version number:** 07 (Surface Pro 6 is officially the seventh version of Surface Pro)
+- **Revision of version:** 0 (first release of this version)
+
+
+
+## Learn more
+
+- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482/surface-download-drivers-and-firmware)
+- [How to manage Surface driver updates in Configuration Manager.](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager)
+- [Deploy applications with Configuration Manager](https://docs.microsoft.com/configmgr/apps/deploy-use/deploy-applications).
+- [Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/)
+- [Microsoft Deployment Toolkit documentation](https://docs.microsoft.com/configmgr/mdt/)
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+- [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://docs.microsoft.com/surface/deploy-windows-10-to-surface-devices-with-mdt)
+- [Intune management of Surface UEFI settings](https://docs.microsoft.com/surface/surface-manage-dfci-guide)
+- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
+- [Build deployment rings for Windows 10 updates](https://docs.microsoft.com/windows/deployment/update/waas-deployment-rings-windows-10-updates)
+
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
deleted file mode 100644
index 680e04d830..0000000000
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ /dev/null
@@ -1,75 +0,0 @@
----
-title: Manage Surface driver and firmware updates (Surface)
-description: This article describes the available options to manage firmware and driver updates for Surface devices.
-ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
-keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
-ms.localizationpriority: medium
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: jobotto
-ms.author: jdecker
-ms.topic: article
-ms.date: 07/27/2017
----
-
-# Manage Surface driver and firmware updates
-
-
-This article describes the available options to manage firmware and driver updates for Surface devices.
-
-For a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
-
-On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience to receive the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always apply to organizations and businesses. Automatic updates with Windows Update may not be applicable where updates are carefully managed, or when you deploy a new operating system to a Surface device.
-
-## Methods for firmware deployment
-
-
-Although firmware is provided automatically by Windows Update for computers that receive updates directly from Microsoft, in environments where updates are carefully managed by using Windows Server Update Services (WSUS), updating the firmware through Windows Update is not supported. For managed environments, there are a number of options you can use to deploy firmware updates.
-
-**Windows Update**
-
-The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS.
-
-Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators.
-
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](https://technet.microsoft.com/library/dn595129).
-
-**Windows Installer Package**
-
-The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](https://blogs.technet.microsoft.com/surface/2015/03/04/surface-pro-3-msi-now-available/) blog post.
-
-For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](https://technet.microsoft.com/library/gg682082). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](https://technet.microsoft.com/library/dn744279#sec04). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
-
-**Provisioning packages**
-
-New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
-
-**Windows PowerShell**
-
-Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](https://blogs.technet.microsoft.com/deploymentguys/2013/05/16/deploying-drivers-and-firmware-to-surface-pro/) blog post.
-
-## Operating system deployment considerations
-
-
-The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](https://www.microsoft.com/download/details.aspx?id=45292) from the Microsoft Download Center.
-
-The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device.
-
-**Windows PE and Surface firmware and drivers**
-
-A best practice for deployment with any solution that uses the Windows Preinstallation Environment (WinPE), such as System Center Configuration Manager or MDT, is to configure WinPE with only the drivers that are required during the WinPE stage of deployment. These usually include drivers for network adapters and storage controllers. This best practice helps to prevent errors with more complex drivers that rely on components that are not present in WinPE. For Surface Pro 3 devices, this is especially true of the Touch Firmware. The Touch Firmware should never be loaded in a WinPE environment on Surface Pro 3.
-
-**Update Surface Pro 3 firmware offline through USB**
-
-In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](https://blogs.technet.microsoft.com/askpfeplat/2014/10/19/how-to-update-the-surface-pro-3-firmware-offline-using-a-usb-drive/) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
-
-
-
-
-
-
-
-
-
diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md
index aa003e15fa..d205908048 100644
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@@ -7,26 +7,35 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: devices, surface
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 07/27/2017
+ms.reviewer:
+manager: dansimp
---
-#Manage Surface UEFI settings
+# Manage Surface UEFI settings
-Current and future generations of Surface devices, including Surface Pro 4, Surface Book, and Surface Studio, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings.
+All current and future generations of Surface devices use a unique Unified Extensible Firmware Interface (UEFI) engineered by Microsoft specifically for these devices. Surface UEFI settings provide the ability to enable or disable built-in devices and components, protect UEFI settings from being changed, and adjust the Surface device boot settings.
->[!NOTE]
->Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
+## Support for cloud-based management
-You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot.
+With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
-##PC information
+## Open Surface UEFI menu
-On the **PC information** page, detailed information about your Surface device is provided:
+To adjust UEFI settings during system startup:
-- **Model** – Your Surface device’s model will be displayed here, such as Surface Book or Surface Pro 4. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
+1. Shut down your Surface and wait about 10 seconds to make sure it's off.
+2. Press and hold the **Volume-up** button and - at the same time - press and release the **Power button.**
+3. As the Microsoft or Surface logo appears on your screen, continue to hold the **Volume-up** button until the UEFI screen appears.
+
+## UEFI PC information page
+
+The PC information page includes detailed information about your Surface device:
+
+- **Model** – Your Surface device’s model will be displayed here, such as Surface Book 2 or Surface Pro 7. The exact configuration of your device is not shown, (such as processor, disk size, or memory size).
- **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management.
- **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
@@ -50,9 +59,9 @@ You will also find detailed information about the firmware of your Surface devic
You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device.
-##Security
+## UEFI Security page
-On the **Security** page of Surface UEFI settings, you can set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
+The Security page allows you to set a password to protect UEFI settings. This password must be entered when you boot the Surface device to UEFI. The password can contain the following characters (as shown in Figure 2):
- Uppercase letters: A-Z
@@ -68,21 +77,21 @@ The password must be at least 6 characters and is case sensitive.
*Figure 2. Add a password to protect Surface UEFI settings*
-On the **Security** page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
+On the Security page you can also change the configuration of Secure Boot on your Surface device. Secure Boot technology prevents unauthorized boot code from booting on your Surface device, which protects against bootkit and rootkit-type malware infections. You can disable Secure Boot to allow your Surface device to boot third-party operating systems or bootable media. You can also configure Secure Boot to work with third-party certificates, as shown in Figure 3. Read more about [Secure Boot](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/secure-boot-overview) in the TechNet Library.
*Figure 3. Configure Secure Boot*
-You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
+You can also enable or disable the Trusted Platform Module (TPM) device on the Security page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library.
*Figure 4. Configure Surface UEFI security settings*
-##Devices
+## UEFI menu: Devices
-On the **Devices** page you can enable or disable specific devices and components of your Surface device. Devices that you can enable or disable on this page include:
+The Devices page allows you to enable or disable specific devices and components including:
- Docking and USB Ports
@@ -100,13 +109,13 @@ On the **Devices** page you can enable or disable specific devices and component
Each device is listed with a slider button that you can move to **On** (enabled) or **Off** (disabled) position, as shown in Figure 5.
-
+
*Figure 5. Enable and disable specific devices*
-##Boot configuration
+## UEFI menu: Boot configuration
-On the **Boot Configuration** page, you can change the order of your boot devices and/or enable or disable boot of the following devices:
+The Boot Configuration page allows you to change the order of your boot devices as well as enable or disable boot of the following devices:
- Windows Boot Manager
@@ -126,52 +135,83 @@ For the specified boot order to take effect, you must set the **Enable Alternate
You can also turn on and off IPv6 support for PXE with the **Enable IPv6 for PXE Network Boot** option, for example when performing a Windows deployment using PXE where the PXE server is configured for IPv4 only.
-##About
+## UEFI menu: Management
+The Management page allows you to manage use of Zero Touch UEFI Management and other features on eligible devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3.
-The **About** page displays regulatory information, such as compliance with FCC rules, as shown in Figure 7.
+
+*Figure 7. Manage access to Zero Touch UEFI Management and other features*
-
-*Figure 7. Regulatory information displayed on the About page*
+Zero Touch UEFI Management lets you remotely manage UEFI settings by using a device profile within Intune called Device Firmware Configuration Interface (DFCI). If you do not configure this setting, the ability to manage eligible devices with DFCI is set to **Ready**. To prevent DFCI, select **Opt-Out**.
-##Exit
+> [!NOTE]
+> The UEFI Management settings page and use of DFCI is only available on Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
+For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+## UEFI menu: Exit
Use the **Restart Now** button on the **Exit** page to exit UEFI settings, as shown in Figure 8.
-
+
*Figure 8. Click Restart Now to exit Surface UEFI and restart the device*
## Surface UEFI boot screens
-When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 9 through 13.
+When you update Surface device firmware, by using either Windows Update or manual installation, the updates are not applied immediately to the device, but instead during the next reboot cycle. You can find out more about the Surface firmware update process in [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates). The progress of the firmware update is displayed on a screen with progress bars of differing colors to indicate the firmware for each component. Each component’s progress bar is shown in Figures 9 through 18.
-
+
*Figure 9. The Surface UEFI firmware update displays a blue progress bar*
-
+
*Figure 10. The System Embedded Controller firmware update displays a green progress bar*
-
+
*Figure 11. The SAM Controller firmware update displays an orange progress bar*
-
+
*Figure 12. The Intel Management Engine firmware update displays a red progress bar*
-
+
*Figure 13. The Surface touch firmware update displays a gray progress bar*
+
+
+
+*Figure 14. The Surface KIP firmware update displays a light green progress bar*
+
+
+
+*Figure 15. The Surface ISH firmware update displays a light pink progress bar*
+
+
+
+*Figure 16. The Surface Trackpad firmware update displays a pink progress bar*
+
+
+
+*Figure 17. The Surface TCON firmware update displays a light gray progress bar*
+
+
+
+
+*Figure 18. The Surface TPM firmware update displays a purple progress bar*
+
+
>[!NOTE]
->An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 14.
+>An additional warning message that indicates Secure Boot is disabled is displayed, as shown in Figure 19.
-
+
-*Figure 14. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
+*Figure 19. Surface boot screen that indicates Secure Boot has been disabled in Surface UEFI settings*
## Related topics
-[Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
\ No newline at end of file
+- [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
+
+- [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
\ No newline at end of file
diff --git a/devices/surface/microsoft-surface-brightness-control.md b/devices/surface/microsoft-surface-brightness-control.md
index b9910dfc97..1761581ced 100644
--- a/devices/surface/microsoft-surface-brightness-control.md
+++ b/devices/surface/microsoft-surface-brightness-control.md
@@ -5,10 +5,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: coveminer
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 1/15/2019
+ms.date: 10/31/2019
+ms.reviewer: hachidan
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Surface Brightness Control
@@ -17,22 +21,21 @@ When deploying Surface devices in point of sale or other “always-on”
kiosk scenarios, you can optimize power management using the new Surface
Brightness Control app.
-Available for download with [Surface Tools for
-IT](https://www.microsoft.com/download/details.aspx?id=46703), Surface Brightness Control is
-designed to help reduce thermal load and lower the overall carbon
-footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
-includes the following configuration options:
+Available for download with [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703).
+Surface Brightness Control is designed to help reduce thermal load and lower the overall carbon footprint for deployed Surface devices.
+If you plan to get only this tool from the download page, select the file **Surface_Brightness_Control_v1.16.137.0.msi** in the available list.
+The tool automatically dims the screen when not in use and includes the following configuration options:
- - Period of inactivity before dimming the display.
+- Period of inactivity before dimming the display.
- - Brightness level when dimmed.
+- Brightness level when dimmed.
- - Maximum brightness level when in use.
+- Maximum brightness level when in use.
**To run Surface Brightness Control:**
- - Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
- will begin working immediately.
+- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
+ will begin working immediately.
## Configuring Surface Brightness Control
@@ -43,9 +46,14 @@ documentation](https://docs.microsoft.com/windows/desktop/sysinfo/registry).
1. Run regedit from a command prompt to open the Windows Registry
Editor.
- - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
+ - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Surface\Surface
Brightness Control\
-
+
+ If you're running an older version of Surface Brightness control, run the following command instead:
+
+ - Computer\HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Surface\Surface
+ Brightness Control\
+
| Registry Setting | Data| Description
|-----------|------------|---------------
@@ -56,9 +64,19 @@ Full Brightness | Default: 100 Option: Range of 0-100 percent of screen b
| Inactivity Timeout| Default: 30 seconds Option: Any numeric value Data Type: Integer Type: REG_DWORD | This setting allows you to manage the period of inactivity before dimming the device. If you do not configure this setting, the inactivity timeout is 30 seconds.|
| Telemetry Enabled | Default: 01 Option: 01, 00 Type: REG_BINARY | This setting allows you to manage the sharing of app usage information to improve software and provide better user experience. To disable telemetry, set the value to 00. If you do not configure this setting, telemetry information is shared with Microsoft in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). |
+## Changes and updates
+
+### Version 1.16.137
+*Release Date: 22 October 2019*
+This version of Surface Brightness Control adds support for the following:
+-Recompiled for x86, adding support for Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
+### Version 1.12.239.0
+*Release Date: 26 April 2019*
+This version of Surface Brightness Control adds support for the following:
+- Touch delay fixes.
## Related topics
- [Battery limit setting](battery-limit.md)
-
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index 23e0c2dd91..90b623c490 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -2,16 +2,19 @@
title: Microsoft Surface Data Eraser (Surface)
description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10
+ms.reviewer: hachidan
+manager: dansimp
ms.localizationpriority: medium
keywords: tool, USB, data, erase
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
-author: brecords
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 05/15/2018
+ms.audience: itpro
+ms.date: 11/13/2019
---
# Microsoft Surface Data Eraser
@@ -26,6 +29,9 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
Compatible Surface devices include:
+* Surface Pro 7
+* Surface Pro X
+* Surface Laptop 3
* Surface Pro 6
* Surface Laptop 2
* Surface Go
@@ -34,6 +40,7 @@ Compatible Surface devices include:
* Surface Pro (Model 1796)
* Surface Laptop
* Surface Studio
+* Surface Studio 2
* Surface Book
* Surface Pro 4
* Surface 3 LTE
@@ -66,7 +73,7 @@ Some scenarios where Microsoft Surface Data Eraser can be helpful include:
To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft Surface Data Eraser setup tool from the Microsoft Download Center using the link provided at the beginning of this article. You do not need a Surface device to *create* the USB stick. After you have downloaded the installation file to your computer, follow these steps to install the Microsoft Surface Data Eraser creation tool:
-1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=46703).
+1. Run the DataEraserSetup.msi installation file that you downloaded from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=46703).
2. Select the check box to accept the terms of the license agreement, and then click **Install**.
@@ -74,77 +81,77 @@ To create a Microsoft Surface Data Eraser USB stick, first install the Microsoft
After the creation tool is installed, follow these steps to create a Microsoft Surface Data Eraser USB stick. Before you begin these steps, ensure that you have a USB 3.0 stick that is 4 GB or larger connected to the computer.
-1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.
+1. Start Microsoft Surface Data Eraser from the Start menu or Start screen.
-2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
+2. Click **Build** to begin the Microsoft Surface Data Eraser USB creation process.
-3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
+3. Click **Start** to acknowledge that you have a USB stick of at least 4 GB connected, as shown in Figure 1.
- 
+ 
- *Figure 1. Start the Microsoft Surface Data Eraser tool*
+ *Figure 1. Start the Microsoft Surface Data Eraser tool*
-4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
+4. Select the USB drive of your choice from the **USB Thumb Drive Selection** page as shown in Figure 2, and then click **Start** to begin the USB creation process. The drive you select will be formatted and any existing data on this drive will be lost.
- >[!NOTE]
- >If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
-
- 
+ >[!NOTE]
+ >If the Start button is disabled, check that your removable drive has a total capacity of at least 4 GB.
+
+ 
- *Figure 2. USB thumb drive selection*
+ *Figure 2. USB thumb drive selection*
-5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
+5. After the creation process is finished, the USB drive has been formatted and all binaries are copied to the USB drive. Click **Success**.
-6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
+6. When the **Congratulations** screen is displayed, you can eject and remove the thumb drive. This thumb drive is now ready to be inserted into a Surface device, booted from, and wipe any data on the device. Click **Complete** to finish the USB creation process, as shown in Figure 3.
- 
+ 
- *Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
+ *Figure 3. Complete the Microsoft Surface Data Eraser USB creation process*
-7. Click **X** to close Microsoft Surface Data Eraser.
+7. Click **X** to close Microsoft Surface Data Eraser.
## How to use a Microsoft Surface Data Eraser USB stick
After you create a Microsoft Surface Data Eraser USB stick, you can boot a supported Surface device from the USB stick by following this procedure:
-1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
+1. Insert the bootable Microsoft Surface Data Eraser USB stick into the supported Surface device.
-2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
+2. Boot your Surface device from the Microsoft Surface Data Eraser USB stick. To boot your device from the USB stick follow these steps:
- a. Turn off your Surface device.
+ a. Turn off your Surface device.
- b. Press and hold the **Volume Down** button.
+ b. Press and hold the **Volume Down** button.
- c. Press and release the **Power** button.
+ c. Press and release the **Power** button.
- d. Release the **Volume Down** button.
+ d. Release the **Volume Down** button.
- >[!NOTE]
- >If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
+ >[!NOTE]
+ >If your device does not boot to USB using these steps, you may need to turn on the **Enable Alternate Boot Sequence** option in Surface UEFI. You can read more about Surface UEFI boot configuration in [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
-3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
+3. When the Surface device boots, a **SoftwareLicenseTerms** text file is displayed, as shown in Figure 4.
- 
+ 
- *Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
+ *Figure 4. Booting the Microsoft Surface Data Eraser USB stick*
-4. Read the software license terms, and then close the Notepad file.
+4. Read the software license terms, and then close the Notepad file.
-5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
+5. Accept or decline the software license terms by typing **Accept** or **Decline**. You must accept the license terms to continue.
-6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
+6. The Microsoft Surface Data Eraser script detects the storage devices that are present in your Surface device and displays the details of the native storage device. To continue, press **Y** (this action runs Microsoft Surface Data Eraser and removes all data from the storage device) or press **N** (this action shuts down the device without removing data).
- >[!NOTE]
- >The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
+ >[!NOTE]
+ >The Microsoft Surface Data Eraser tool will delete all data, including Windows operating system files required to boot the device, in a secure and unrecoverable way. To boot a Surface device that has been wiped with Microsoft Surface Data Eraser, you will first need to reinstall the Windows operating system. To remove data from a Surface device without removing the Windows operating system, you can use the **Reset your PC** function. However, this does not prevent your data from being recovered with forensic or data recovery capabilities. See [Recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options) for more information.
- 
+ 
- *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
+ *Figure 5. Partition to be erased is displayed in Microsoft Surface Data Eraser*
-7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
+7. If you pressed **Y** in step 6, due to the destructive nature of the data erasure process, an additional dialog box is displayed to confirm your choice.
-8. Click the **Yes** button to continue erasing data on the Surface device.
+8. Click the **Yes** button to continue erasing data on the Surface device.
>[!NOTE]
>When you run Surface Data Eraser on the Surface Data Eraser USB drive, a log file is generated in the **SurfaceDataEraserLogs** folder.
@@ -153,6 +160,18 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
+### 3.28.137
+*Release Date: 11 Nov 2019*
+This version of Surface Data Eraser:
+
+- Includes bug fixes
+
+### Version 3.21.137
+*Release Date: 21 Oct 2019*
+This version of Surface Data Eraser is compiled for x86 and adds support for the following devices:
+
+- Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3
+
### Version 3.2.78.0
*Release Date: 4 Dec 2018*
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index 8dfbc020a2..8fbc32d7df 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -2,29 +2,30 @@
title: Microsoft Surface Deployment Accelerator (Surface)
description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
-ms.date: 07/27/2017
+ms.reviewer: hachidan
+manager: dansimp
+ms.date: 10/31/2019
ms.localizationpriority: medium
keywords: deploy, install, tool
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
+ms.audience: itpro
---
# Microsoft Surface Deployment Accelerator
+Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools.
-Microsoft Surface Deployment Accelerator (SDA) provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
-
-SDA includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use SDA to create and capture a Windows reference image and then deploy it with the latest Windows updates.
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
-You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](https://technet.microsoft.com/windows/dn913725).
-
**Download Microsoft Surface Deployment Accelerator**
You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
@@ -79,7 +80,7 @@ For environments where the SDA server will not be able to connect to the Interne
*Figure 2. Specify a local source for Surface driver and app files*
-You can find a full list of available driver downloads at [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
+You can find a full list of available driver downloads at [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
>[!NOTE]
>Downloaded files do not need to be extracted. The downloaded files can be left as .zip files as long as they are stored in one folder.
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index e239bcea68..04d78253ee 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -2,25 +2,28 @@
title: Step by step Surface Deployment Accelerator (Surface)
description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices.
ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032
+ms.reviewer:
+manager: dansimp
ms.localizationpriority: medium
keywords: deploy, configure
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: miladCA
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 07/27/2017
+ms.date: 10/31/2019
---
# Step by step: Surface Deployment Accelerator
-
This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE).
-## How to install Surface Deployment Accelerator
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
+## How to install Surface Deployment Accelerator
For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
@@ -45,63 +48,58 @@ The tool installs in the SDA program group, as shown in Figure 2.
>[!NOTE]
>At this point, the tool has not yet prepared any deployment environment or downloaded any materials from the Internet.
-
-
## Create a deployment share
-
-The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
+The following steps show you how to create a deployment share for Windows 10 that supports Surface 3, Surface Pro 3, Surface Pro 4, Surface Book, the Surface Firmware Tool, the Surface Asset Tag Tool, and Office 365. As you follow the steps below, make the selections that are applicable for your organization. For example, you could choose to deploy Windows 10 to Surface Book only, without any of the Surface apps.
>[!NOTE]
->SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
+>SDA lets you create deployment shares for both Windows 8.1 and Windows 10 deployments, but you can only create a single deployment share at a time. Therefore, to create both Windows 8.1 and Windows 10 deployment shares, you will need to run the tool twice.
-
+1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
-1. Open the SDA wizard by double-clicking the icon in the **Surface Deployment Accelerator** program group on the Start screen.
+2. On the **Welcome** page, click **Next** to continue.
-2. On the **Welcome** page, click **Next** to continue.
-
-3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
+3. On the **Verify System** page, the SDA wizard verifies the prerequisites required for an SDA deployment share. This process also checks for the presence of the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10 and the Microsoft Deployment Toolkit (MDT) 2013 Update 2. If these tools are not detected, they are downloaded and installed automatically. Click **Next** to continue.
>[!NOTE]
>As of SDA version 1.96.0405, SDA will install only the components of the Windows ADK that are required for deployment, as follows:
> * Deployment tools
- > * User State Migration Tool (USMT)
- > * Windows Preinstallation Environment (WinPE)
+ > * User State Migration Tool (USMT)
+ > * Windows Preinstallation Environment (WinPE)
- >[!NOTE]
- >As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
+ > [!NOTE]
+ > As of SDA version 1.96.0405, SDA will install and use MDT 2013 Update 2. Earlier versions of SDA are compatible only with MDT 2013 Update 1.
-4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
+4. On the **Windows 8.1** page, to create a Windows 10 deployment share, do not select the **Would you like to support Windows 8.1** check box. Click **Next** to continue.
-5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
+5. On the **Windows 10** page, to create a Windows 10 deployment share, select the **Would you like to support Windows 10** check box. Supply the following information before you click **Next** to continue:
- - **Configure Deployment Share for Windows 10**
+ - **Configure Deployment Share for Windows 10**
- - **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
+ - **Local Path** – Specify or browse to a location on the local storage device where you would like to store the deployment share files for the Windows 10 SDA deployment share. For example, **E:\\SDAWin10\\** is the location specified in Figure 3.
- **Share Name** – Specify a name for the file share that will be used to access the deployment share on this server from the network. For example, **SDAWin10** is the deployment share name shown in Figure 3. The local path folder is automatically shared by the SDA scripts under this name to the group **Everyone** with a permission level of **Full Control**.
- - **Windows 10 Deployment Services**
+ - **Windows 10 Deployment Services**
- Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/library/jj648426.aspx) for more information about how to configure Windows Deployment Services for PXE boot.
- - **Windows 10 Source Files**
+ - **Windows 10 Source Files**
- - **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
+ - **Local Path** – Specify or browse to the root directory of Windows 10 installation files. If you have an ISO file, mount it and browse to the root of the mounted drive. You must have a full set of source files, not just **Install.wim**.
- 
+ 
- *Figure 3. Specify Windows 10 deployment share options*
+ *Figure 3. Specify Windows 10 deployment share options*
-6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
+6. On the **Configure** page, select the check box next to each device or app that you want to include in your deployment share. Note that Surface Pro 4 and Surface Book only support Windows 10 and are not available for the deployment of Windows 8.1. The Surface Firmware Tool is only applicable to Surface 3 and Surface Pro 3 and cannot be selected unless Surface 3 or Surface Pro 3 drivers are selected, as shown in Figure 4. Click **Next** to continue.
- 
+ 
- *Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
+ *Figure 4. Selecting Surface Firmware Tool requires Surface Pro 3 drivers*
- >[!NOTE]
- >You cannot select both Surface 3 and Surface 3 LTE models at the same time.
+ >[!NOTE]
+ >You cannot select both Surface 3 and Surface 3 LTE models at the same time.
7. On the **Summary** page confirm your selections and click **Finish** to begin the creation of your deployment share. The process can take several minutes as files are downloaded, the tools are installed, and the deployment share is created. While the SDA scripts are creating your deployment share, an **Installation Progress** window will be displayed, as shown in Figure 5. A typical SDA process includes:
@@ -123,84 +121,85 @@ The following steps show you how to create a deployment share for Windows 10 th
- Creation of rules and task sequences for Windows deployment
- 
+ 
*Figure 5. The Installation Progress window*
->[!NOTE]
->The following error message may be hit while Installing the latest ADK or MDT: "An exception occurred during a WebClient request.". This is due to incompatibility between SDA and BITS. Here is the workaround for this:
+
+ ### Optional: Workaround for Webclient exception
+
+ You may see this error message while installing the latest version of ADK or MDT: _An exception occurred during a WebClient request._ This is due to incompatibility between the Surface Deployment Accelerator (SDA) and Background Intelligent Transfer Service (BITS). To work around this issue, do the following.
- ```
-In the following two PowerShell scripts:
-%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
-%ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
+ In the two PowerShell scripts:
-Edit the $BITSTransfer variable in the input parameters to $False as shown below:
+ ```PowerShell
+ %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\Install-MDT.ps1
+ %ProgramFiles%\Microsoft\Surface\Deployment Accelerator\Data\PowerShell\INSTALL-WindowsADK.ps1
+ ```
-Param(
- [Parameter(
- Position=0,
- Mandatory=$False,
- HelpMessage="Download via BITS bool true/false"
+ Edit the $BITSTransfer variable in the input parameters to $False as shown below:
+
+ ```PowerShell
+ Param(
+ [Parameter(
+ Position=0,
+ Mandatory=$False,
+ HelpMessage="Download via BITS bool true/false"
)]
[string]$BITSTransfer = $False
)
- ```
-
-8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
+ ```
-### Optional: Create a deployment share without an Internet connection
+8. When the SDA process completes the creation of your deployment share, a **Success** window is displayed. Click **Finish** to close the window. At this point your deployment share is now ready to perform a Windows deployment to Surface devices.
-If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver an app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.
+ ### Optional: Create a deployment share without an Internet connection
->[!NOTE]
->All of the downloaded driver and applications files must be located in the same folder. If a required driver or application file is missing from the selected folder when you click **Next**, a warning is displayed and the wizard will not proceed to the next step.
+ If you are unable to connect to the Internet with your deployment server, or if you want to download the Surface drivers and apps separately, you can specify a local source for the driver and app files at the time of deployment share creation. On the **Configure** page of the SDA wizard, select the **Copy from a Local Directory** check box, as shown in Figure 6. The **Download from the Internet** check box will be automatically deselected. Enter the folder location where you have placed the driver and app files in the **Local Path** field, as shown in Figure 6.
->[!NOTE]
->The driver and app files do not need to be extracted from the downloaded .zip files.
+ >[!NOTE]
+ >All of the downloaded driver and applications files must be located in the same folder. If a required driver or application file is missing from the selected folder when you click **Next**, a warning is displayed and the wizard will not proceed to the next step.
->[!NOTE]
->Including Office 365 in your deployment share requires an Internet connection and cannot be performed if you use local files.
+ >[!NOTE]
+ >The driver and app files do not need to be extracted from the downloaded .zip files.
-
+ >[!NOTE]
+ >Including Office 365 in your deployment share requires an Internet connection and cannot be performed if you use local files.
-*Figure 6. Specify the Surface driver and app files from a local path*
+ 
->[!NOTE]
->The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
+ *Figure 6. Specify the Surface driver and app files from a local path*
-
+ >[!NOTE]
+ >The **Copy from a Local Directory** check box is only available in SDA version 1.90.0221 or later.
-### Optional: Prepare offline USB media
+ ### Optional: Prepare offline USB media
-You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.
+ You can use USB media to perform an SDA deployment if your Surface device is unable to boot from the network. For example, if you do not have a Microsoft Surface Ethernet Adapter or Microsoft Surface dock to facilitate network boot (PXE boot). The USB drive produced by following these steps includes a complete copy of the SDA deployment share and can be run on a Surface device without a network connection.
->[!NOTE]
->The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
+ >[!NOTE]
+ >The offline media files for the complete SDA deployment share are approximately 9 GB in size. Your USB drive must be at least 9 GB in size. A 16 GB USB drive is recommended.
-
+ Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
-Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
+ 1. **diskpart** – Opens DiskPart to manage disks and partitions.
-1. **diskpart** – Opens DiskPart to manage disks and partitions.
+ 2. **list disk** – Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive.
-2. **list disk** – Displays a list of the disks available in your system; use this list to identify the disk number that corresponds with your USB drive.
+ 3. **sel disk 2** – Selects your USB drive; use the number that corresponds with the disk in your system.
-3. **sel disk 2** – Selects your USB drive; use the number that corresponds with the disk in your system.
-
-4. **clean** – Removes all configuration from your USB drive.
+ 4. **clean** – Removes all configuration from your USB drive.
>[!WARNING]
>This step will remove all information from your drive. Verify that your USB drive does not contain any needed data before you perform the **clean** command.
-5. **create part pri** – Creates a primary partition on the USB drive.
+ 5. **create part pri** – Creates a primary partition on the USB drive.
-6. **format fs=fat32 quick** – Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices.
+ 6. **format fs=fat32 quick** – Formats the partition with the FAT32 file system, performing a quick format. FAT32 is required to boot the device from UEFI systems like Surface devices.
-7. **assign** – Assigns the next available drive letter to the newly created FAT32 volume.
+ 7. **assign** – Assigns the next available drive letter to the newly created FAT32 volume.
-8. **active** – Sets the partition to be active, which is required to boot the volume.
+ 8. **active** – Sets the partition to be active, which is required to boot the volume.
-9. **exit** – Exits DiskPart, after which you can close the PowerShell or Command Prompt window.
+ 9. **exit** – Exits DiskPart, after which you can close the PowerShell or Command Prompt window.
@@ -209,15 +208,13 @@ Before you can create bootable media files within the MDT Deployment Workbench o
>[!NOTE]
>You can format your USB drive with FAT32 from Disk Management, but you must still use DiskPart to set the partition as active for the drive to boot properly.
-
+ After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
-After you have prepared the USB drive for boot, the next step is to generate offline media from the SDA deployment share. To create this media, follow these steps:
+ 1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen.
-1. Open the **Deployment Workbench** from the **Microsoft Deployment Toolkit** group on your Start screen.
+ 2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share.
-2. Expand the **Deployment Shares** node and the **Microsoft Surface Deployment Accelerator** deployment share.
-
-3. Expand the folder **Advanced Configuration** and select the **Media** folder.
+ 3. Expand the folder **Advanced Configuration** and select the **Media** folder.
4. Right-click the **Media** folder and click **New Media** as shown in Figure 8 to start the New Media Wizard.
@@ -225,79 +222,78 @@ After you have prepared the USB drive for boot, the next step is to generate off
*Figure 8. The Media folder of the SDA deployment share*
-5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**.
+ 5. On the **General Settings** page in the **Media path** field, enter or browse to a folder where you will create the files for the new offline media. See the example **E:\\SDAMedia** in Figure 9. Leave the default profile **Everything** selected in the **Selection profile** drop-down menu, and then click **Next**.
*Figure 9. Specify a location and selection profile for your offline media*
-6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media.
+ 6. On the **Summary** page verify your selections, and then click **Next** to begin creation of the media.
-7. A **Progress** page is displayed while the media is created.
+ 7. A **Progress** page is displayed while the media is created.
-8. On the **Confirmation** page, click **Finish** to complete creation of the media.
+ 8. On the **Confirmation** page, click **Finish** to complete creation of the media.
-9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10.
+ 9. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab as shown in Figure 10.
*Figure 10. Rules of the SDA deployment share*
-10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text.
+ 10. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+C** to copy the text.
-11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties.
+ 11. Click **OK** to close the **Microsoft Surface Deployment Accelerator** deployment share properties.
-12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab.
+ 12. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab.
-13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules.
+ 13. Use your mouse to highlight all of the text displayed in the text box of the **Rules** tab, and then press **Ctrl+V** to paste the text you copied from the **Microsoft Surface Deployment Accelerator** deployment share rules.
-14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
+ 14. Right-click the **Microsoft Surface Deployment Accelerator** deployment share folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
-15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text.
+ 15. Press **Ctrl+A** to select all of the text in the window, and then press **Ctrl+C** to copy the text.
-16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window.
+ 16. Close Bootstrap.ini and click **OK** in **Microsoft Surface Deployment Accelerator** deployment share properties to close the window.
-17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
+ 17. Right-click the newly created **MEDIA001** item in the **Media** folder, click **Properties**, and then click the **Rules** tab again. Click the **Bootstrap.ini** button to open Bootstrap.ini in Notepad.
-18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
+ 18. Press **Ctrl+A** to select all of the text in the window, then press **Ctrl+V** to paste the text from the SDA deployment share Bootstrap.ini file.
-19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
+ 19. Delete the following lines from the Bootstrap.ini as shown in Figure 11, and then save the file:
- ```
- UserID=
- UserDomain=
- UserPassword=
- DeployRoot=\\SDASERVER\SDAWin10
- UserID=
- UserDomain=
- UserPassword=
- ```
+ ```PowerShell
+ UserID=
+ UserDomain=
+ UserPassword=
+ DeployRoot=\\SDASERVER\SDAWin10
+ UserID=
+ UserDomain=
+ UserPassword=
+ ```
*Figure 11. The Bootstrap.ini file of MEDIA001*
-20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window.
+ 20. Close Bootstrap.ini and click **OK** in **MEDIA001** deployment share properties to close the window.
-21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share.
+ 21. In the **Deployment Workbench** under the **Media** folder, right-click the newly created **MEDIA001** and click **Update Media Content**, as shown in Figure 12. This will update the media files with the content of the **Microsoft Surface Deployment Accelerator** deployment share.
*Figure 12. Select the Update Media Content option*
-22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
+ 22. The **Update Media Content** window is displayed and shows the progress as the media files are created. When the process completes, click **Finish.**
-The final step is to copy the offline media files to your USB drive.
+ The final step is to copy the offline media files to your USB drive.
-1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**.
+ 1. In File Explorer, open the path you specified in Step 5, for example **E:\\SDAMedia**.
-2. Copy all of the files from the Content folder to the root of the USB drive.
+ 2. Copy all of the files from the Content folder to the root of the USB drive.
-Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device.
+ Your USB drive is now configured as bootable offline media that contains all of the resources required to perform a deployment to a Surface device.
## SDA task sequences
-
The SDA deployment share is configured with all of the resources required to perform a Windows deployment to a Surface device. These resources include Windows source files, image, Surface drivers, and Surface apps. The deployment share also contains two pre-configured task sequences, as shown in Figure 13. These task sequences contain the steps required to perform a deployment to a Surface device using the default Windows image from the installation media or to create a reference image complete with Windows updates and applications. To learn more about task sequences, see [MDT 2013 Update 2 Lite Touch components](https://technet.microsoft.com/itpro/windows/deploy/mdt-2013-lite-touch-components).
@@ -332,8 +328,7 @@ The **2 – Create Windows Reference Image** task sequence is used to perform a
Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.
>[!NOTE]
->Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
-
+>Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and Microsoft Endpoint Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
In addition to the information required by the **1 – Deploy Microsoft Surface** task sequence, you will also be prompted to capture an image when you run this task sequence on your reference virtual machine. The **Location** and **File name** fields are automatically populated with the proper information for your deployment share. All that you need to do is select the **Capture an image of this reference computer** option when you are prompted on the **Capture Image** page of the Windows Deployment Wizard.
@@ -354,7 +349,7 @@ To perform a deployment from the SDA deployment share, follow this process on th
### Boot the Surface device from the network
-To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
+To boot the Surface device from the network, the Microsoft Surface Deployment Accelerator wizard must have been run on a Windows Server 2012 R2 or later environment that was configured with the Windows Deployment Services (WDS). WDS must have been configured to respond to network boot (PXE boot) requests and the boot files must have been imported into WDS. The SDA wizard will import these file automatically if the **Import boot media into the local Windows Deployment Service** check box was selected on the page for the version of Windows you intend to deploy.
To boot the Surface device from the network, you must also use a Microsoft Surface Ethernet Adapter or the Ethernet port on a Microsoft Surface Dock. Third-party Ethernet adapters are not supported for network boot (PXE boot). A keyboard is also required. Both the Microsoft Surface Type Cover and keyboards connected via USB to the device or dock are supported.
@@ -364,7 +359,7 @@ To instruct your Surface device to boot from the network, start with the device
2. Press **Enter** when prompted by the dialog on the screen. This prompt indicates that your device has found the WDS PXE server over the network.
-3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
+3. If you have configured more than one deployment share on this device, you will be prompted to select between the boot images for each deployment share. For example, if you created both a Windows 10 and a Windows 8.1 deployment share, you will be prompted to choose between these two options.
4. Enter the domain credentials that you use to log on to the server where SDA is installed when you are prompted, as shown in Figure 14.
@@ -413,12 +408,3 @@ To run the Deploy Microsoft Surface task sequence:
*Figure 17. The Installation Progress window*
8. When the deployment task sequence completes, a **Success** window is displayed. Click **Finish** to complete the deployment and begin using your Surface device.
-
-
-
-
-
-
-
-
-
diff --git a/devices/surface/support-solutions-surface.md b/devices/surface/support-solutions-surface.md
index 2ee030e7da..b311e28937 100644
--- a/devices/surface/support-solutions-surface.md
+++ b/devices/surface/support-solutions-surface.md
@@ -2,20 +2,26 @@
title: Top support solutions for Surface devices
description: Find top solutions for common issues using Surface devices in the enterprise.
ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
+ms.reviewer:
+manager: dansimp
keywords: Troubleshoot common problems, setup issues
ms.prod: w10
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: surfacehub
-author: kaushika-msft
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 09/08/2017
+ms.date: 09/26/2019
ms.localizationpriority: medium
+ms.audience: itpro
---
# Top support solutions for Surface devices
+> [!Note]
+> **Home users**: This article is only intended for use by IT professionals and technical support agents, and applies only to Surface devices. If you're looking for help with a problem with your home device, please see [Surface Devices Help](https://support.microsoft.com/products/surface-devices).
+
Microsoft regularly releases both updates and solutions for Surface devices. To ensure your devices can receive future updates, including security updates, it's important to keep your Surface devices updated. For a complete listing of the update history, see [Surface update history](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) and [Install Surface and Windows updates](https://www.microsoft.com/surface/support/performance-and-maintenance/install-software-updates-for-surface?os=windows-10&=undefined).
@@ -23,43 +29,54 @@ These are the top Microsoft Support solutions for common issues experienced when
## Screen cracked or scratched issues
-- [Cracked screen and physical damage](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-is-damaged)
+- [Contact Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection)
+## Surface Power or battery Issues
-##Device cover or keyboard issues
+- [How to Charge Surface(Surface PSU information)](https://support.microsoft.com/help/4023496)
+
+- [Surface battery won’t charge or Surface won’t run on battery](https://support.microsoft.com/help/4023536)
+
+- [Surface won’t turn on or wake from sleep](https://support.microsoft.com/help/4023537)
+
+- [Maximize your Surface battery life](https://support.microsoft.com/help/4483194)
+
+## Device cover or keyboard issues
- [Troubleshoot your Surface Type Cover or keyboard](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-surface-keyboards)
-- [Troubleshoot problems with Surface Keyboard, Surface Ergonomic Keyboard, and Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/surface-keyboard-troubleshooting)
-- [Set up Microsoft Modern Keyboard with Fingerprint ID](https://www.microsoft.com/surface/support/touch-mouse-and-search/microsoft-modern-keyboard-fingerprintid-set-up)
-- [Enabling Surface Laptop keyboard during MDT deployment](https://blogs.technet.microsoft.com/askcore/2017/08/18/enabling-surface-laptop-keyboard-during-mdt-deployment/)
-
-## Device won't wake from sleep or hibernation issues
+## Surface Dock Issues
-- [Surface won’t turn on or wake from sleep](https://www.microsoft.com/surface/support/warranty-service-and-recovery/surface-wont-turn-on-or-wake-from-sleep?os=windows-10&=undefined)
-- [Surface Pro 4 or Surface Book doesn't hibernate in Windows 10](https://support.microsoft.com/help/3122682)
-- [Surface Pro 3 doesn't hibernate after four hours in connected standby](https://support.microsoft.com/help/2998588/surface-pro-3-doesn-t-hibernate-after-four-hours-in-connected-standby)
-- [Surface Pro 3 Hibernation Doesn’t Occur on Enterprise Install](https://blogs.technet.microsoft.com/askcore/2014/11/05/surface-pro-3-hibernation-doesnt-occur-on-enterprise-install/)
+- [Troubleshoot Surface Dock and docking stations](https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations)
+- [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
-## Other common issues
+- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
-- [Trouble installing Surface updates](https://www.microsoft.com/surface/support/performance-and-maintenance/troubleshoot-updates?os=windows-10&=undefined)
-- [Troubleshooting common Surface Pro 3 issues post-deployment](http://blogs.technet.com/b/askcore/archive/2015/03/19/troubleshooting-common-surface-pro-3-issues-post-deployment.aspx)
-- [Surface Pro 3 hibernation doesn't occur on enterprise install](https://blogs.technet.microsoft.com/askcore/2014/11/05/surface-pro-3-hibernation-doesnt-occur-on-enterprise-install/)
-- [Reusing the same NIC for multiple PXE initiated deployments in System Center Configuration Manger OSD](https://blogs.technet.microsoft.com/system_center_configuration_manager_operating_system_deployment_support_blog/2015/08/27/reusing-the-same-nic-for-multiple-pxe-initiated-deployments-in-system-center-configuration-manger-osd)
-- [Troubleshoot docking stations for Surface Pro and Surface 3](https://www.microsoft.com/surface/support/hardware-and-drivers/troubleshoot-docking-station?os=windows-8.1-update-1&=undefined)
-- [What to do if Surface is running slower](https://www.microsoft.com/surface/support/performance-and-maintenance/what-to-do-if-surface-is-running-slower?os=windows-10&=undefined)
+## Surface Drivers and Firmware
+- [Surface Update History](https://support.microsoft.com/help/4036283)
+- [Download drivers and firmware for Surface](https://support.microsoft.com/help/4023482)
+- [Deploy the latest firmware and drivers for Surface devices](https://docs.microsoft.com/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices)
-
+- [Manage Surface driver and firmware updates](https://docs.microsoft.com/surface/manage-surface-pro-3-firmware-updates)
+- [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906)
-
+## Deployment Issues
+- [DISK0 not found when you deploy Windows on Surface Pro Model 1796 or Surface Laptop](https://support.microsoft.com/help/4046108)
+- [Surface Pro Model 1796 and Surface Laptop 1TB display two drives](https://support.microsoft.com/help/4046105)
+- [System SKU reference](https://docs.microsoft.com/surface/surface-system-sku-reference)
+## Reset device
+- [Creating and using a USB recovery drive for Surface](https://support.microsoft.com/help/4023512)
+
+- [FAQ: Protecting your data if you send your Surface in for Service](https://support.microsoft.com/help/4023508)
+
+- [Microsoft Surface Data Eraser](https://docs.microsoft.com/surface/microsoft-surface-data-eraser)
diff --git a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
index 52bef60ccd..d57966b6cf 100644
--- a/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
+++ b/devices/surface/surface-device-compatibility-with-windows-10-ltsc.md
@@ -6,10 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: brecords
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 01/03/2018
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer: scottmca
+manager: dansimp
---
# Surface device compatibility with Windows 10 Long-Term Servicing Channel (LTSC)
@@ -53,8 +57,8 @@ Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices,
* Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise with the SAC servicing option.
>[!NOTE]
->Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
+>Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware such as Surface Pro 7, Surface Pro X, or Surface Laptop 3 without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option.
-Devices can be changed from Windows 10 Enterprise LTSC to a more recent version of Windows 10 Enterprise, with support for the SAC servicing option, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt).
+Devices can be changed from Windows 10 Enterprise LTSC to a more recent version of Windows 10 Enterprise, with support for the SAC servicing option, without the loss of user data by performing an upgrade installation. You can also perform an upgrade installation on multiple devices by leveraging the Upgrade Task Sequence Templates available in the Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. For more information, see [Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/upgrade-surface-devices-to-windows-10-with-mdt).
diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md
index 0a73499333..62c4129d08 100644
--- a/devices/surface/surface-diagnostic-toolkit-business.md
+++ b/devices/surface/surface-diagnostic-toolkit-business.md
@@ -1,16 +1,20 @@
---
-title: Surface Diagnostic Toolkit for Business
+title: Deploy Surface Diagnostic Toolkit for Business
description: This topic explains how to use the Surface Diagnostic Toolkit for Business.
ms.prod: w10
ms.mktglfcycl: manage
+ms.localizationpriority: medium
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 11/15/2018
+ms.date: 10/31/2019
+ms.reviewer: hachidan
+manager: dansimp
+ms.audience: itpro
---
-# Surface Diagnostic Toolkit for Business
+# Deploy Surface Diagnostic Toolkit for Business
The Microsoft Surface Diagnostic Toolkit for Business (SDT) enables IT administrators to quickly investigate, troubleshoot, and resolve hardware, software, and firmware issues with Surface devices. You can run a range of diagnostic tests and software repairs in addition to obtaining device health insights and guidance for resolving issues.
@@ -27,18 +31,18 @@ Specifically, SDT for Business enables you to:
To run SDT for Business, download the components listed in the following table.
->[!NOTE]
->In contrast to the way you typically install MSI packages, the SDT distributable MSI package can only be created by running Windows Installer (msiexec.exe) at a command prompt and setting the custom flag `ADMINMODE = 1`. For details, see [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md).
Mode | Primary scenarios | Download | Learn more
--- | --- | --- | ---
Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues. Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package: Microsoft Surface Diagnostic Toolkit for Business Installer [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
-Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands: `-DataCollector` collects all log files `-bpa` runs health diagnostics using Best Practice Analyzer. `-windowsupdate` checks Windows update for missing firmware or driver updates.
**Note:** Support for the ability to confirm warranty information will be available via the command `-warranty` | SDT console app: Microsoft Surface Diagnostics App Console [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
+Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands: `-DataCollector` collects all log files `-bpa` runs health diagnostics using Best Practice Analyzer. `-windowsupdate` checks Windows Update for missing firmware or driver updates. `-warranty` checks warranty information.
| SDT console app: Microsoft Surface Diagnostics App Console [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
## Supported devices
SDT for Business is supported on Surface 3 and later devices, including:
+- Surface Pro 7
+- Surface Laptop 3
- Surface Pro 6
- Surface Laptop 2
- Surface Go
@@ -57,16 +61,40 @@ SDT for Business is supported on Surface 3 and later devices, including:
## Installing Surface Diagnostic Toolkit for Business
-To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
+To create an SDT package that you can distribute to users in your organization:
+
+1. Sign in to your Surface device using the Administrator account.
+2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
+3. The SDT setup wizard appears, as shown in figure 1. Click **Next**.
+
+ >[!NOTE]
+ >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer.
+
+ 
+
+ *Figure 1. Surface Diagnostic Toolkit setup wizard*
+
+4. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA)
+
+5. On the Install Options screen, change the default install location if desired.
+6. Under Setup Type, select **Advanced**.
+
+ >[!NOTE]
+ >The standard option allows users to run the diagnostic tool directly on their Surface device provided they are signed into their device using an Administrator account.
+
+ 
+
+7. Click **Next** and then click **Install**.
+
+## Installing using the command line
+If desired, you can install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags:
- `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry.
- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`.
-**To install SDT in ADMINMODE:**
+### To install SDT from the command line:
-1. Sign in to your Surface device using the Administrator account.
-2. Download SDT Windows Installer Package (.msi) from the [Surface Tools for IT download page](https://www.microsoft.com/download/details.aspx?id=46703) and copy it to a preferred location on your Surface device, such as Desktop.
-3. Open a command prompt and enter:
+1. Open a command prompt and enter:
```
msiexec.exe /i ADMINMODE=1.
@@ -77,19 +105,6 @@ To create an SDT package that you can distribute to users in your organization,
C:\Users\Administrator> msiexec.exe/I"C:\Users\Administrator\Desktop\Microsoft_Surface_Diagnostic_Toolkit_for_Business_Installer.msi" ADMINMODE=1
```
-4. The SDT setup wizard appears, as shown in figure 1. Click **Next**.
-
- >[!NOTE]
- >If the setup wizard does not appear, ensure that you are signed into the Administrator account on your computer.
-
- 
-
- *Figure 1. Surface Diagnostic Toolkit setup wizard*
-
-5. When the SDT setup wizard appears, click **Next**, accept the End User License Agreement (EULA), and select a location to install the package.
-
-6. Click **Next** and then click **Install**.
-
## Locating SDT on your Surface device
Both SDT and the SDT app console are installed at `C:\Program Files\Microsoft\Surface\Microsoft Surface Diagnostic Toolkit for Business`.
@@ -105,28 +120,29 @@ In addition to the .exe file, SDT installs a JSON file and an admin.dll file (mo
Creating a custom package allows you to target the tool to specific known issues.
-1. Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**.
-2. When the tool opens, click **Create Custom Package**, as shown in figure 3.
+1. Click **Start > Run**, enter **Surface** and then click **Surface Diagnostic Toolkit for Business**.
+2. When the tool opens, click **Create Custom Package**, as shown in figure 3.
*Figure 3. Create custom package*
-### Language and telemetry page
+### Language and telemetry settings
-
-When you start creating the custom package, you’re asked whether you agree to send data to Microsoft to help improve the application. For more information,see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). Sharing is on by default, so uncheck the box if you wish to decline.
+ When creating a package, you can select language settings or opt out of sending telemetry information to Microsoft. By default, SDT sends telemetry to Microsoft that is used to improve the application in accordance with the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement). If you wish to decline, clear the check box when creating a custom package, as shown below. Or clear the **Send telemetry to Microsoft** check box on the **Install Options** page during SDT Setup.
>[!NOTE]
->This setting is limited to only sharing data generated while running packages.
+>This setting does not affect the minimal telemetry automatically stored on Microsoft servers when running tests and repairs that require an Internet connection, such as Windows Update and Software repair, or providing feedback using the Smile or Frown buttons in the app toolbar.
+
*Figure 4. Select language and telemetry settings*
+
### Windows Update page
-Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows update packages or WSUS, enter the path as appropriate.
+Select the option appropriate for your organization. Most organizations with multiple users will typically select to receive updates via Windows Server Update Services (WSUS), as shown in figure 5. If using local Windows Update packages or WSUS, enter the path as appropriate.
@@ -153,13 +169,31 @@ You can select to run a wide range of logs across applications, drivers, hardwar
- [Use Surface Diagnostic Toolkit for Business in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
- [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
+## Changes and updates
+### Version 2.43.139.0
+*Release date: October 21, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+
+- Surface Pro 7
+- Surface Laptop 3
+
+### Version 2.42.139.0
+*Release date: September 24, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+- Ability to download hardware reports.
+- Ability to contact Microsoft Support directly from the tool.
+
+### Version 2.41.139.0
+*Release date: June 24, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+- Driver version information included in logs and report.
+- Ability to provide feedback about the app.
-
-
-
-
-
-
-
-
+### Version 2.36.139.0
+*Release date: April 26, 2019*
+This version of Surface Diagnostic Toolkit for Business adds support for the following:
+- Advanced Setup option to unlock admin capabilities through the installer UI, without requiring command line configuration.
+- Accessibility improvements.
+- Surface brightness control settings included in logs.
+- External monitor compatibility support link in report generator.
diff --git a/devices/surface/surface-diagnostic-toolkit-command-line.md b/devices/surface/surface-diagnostic-toolkit-command-line.md
index 8d5cf4009c..6ea9d9ac55 100644
--- a/devices/surface/surface-diagnostic-toolkit-command-line.md
+++ b/devices/surface/surface-diagnostic-toolkit-command-line.md
@@ -4,18 +4,22 @@ description: How to run Surface Diagnostic Toolkit in a command console
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 11/15/2018
+ms.reviewer: hachidan
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Run Surface Diagnostic Toolkit for Business using commands
-Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features.
+Running the Surface Diagnostic Toolkit (SDT) at a command prompt requires downloading the STD app console. After it's installed, you can run SDT at a command prompt via the Windows command console (cmd.exe) or using Windows PowerShell, including PowerShell Integrated Scripting Environment (ISE), which provides support for autocompletion of commands, copy/paste, and other features. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
>[!NOTE]
->To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.
+>To run SDT using commands, you must be signed in to the Administrator account or signed in to an account that is a member of the Administrator group on your Surface device.
## Running SDT app console
@@ -39,7 +43,7 @@ Command | Notes
>[!NOTE]
->To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organization’s software distribution processes.
+>To run the SDT app console remotely on target devices, you can use a configuration management tool such as Microsoft Endpoint Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organization’s software distribution processes.
## Running Best Practice Analyzer
diff --git a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
index ee76845656..738ec1ecae 100644
--- a/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
+++ b/devices/surface/surface-diagnostic-toolkit-desktop-mode.md
@@ -4,35 +4,37 @@ description: How to use SDT to help users in your organization run the tool to i
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: jdeckerms
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 11/15/2018
+ms.date: 10/31/2019
+ms.reviewer: hachidan
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Use Surface Diagnostic Toolkit for Business in desktop mode
-This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error.
+This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help users in your organization run the tool to identify and diagnose issues with the Surface device. Successfully running SDT can quickly determine if a reported issue is caused by failed hardware or user error. For a list of supported Surface devices in SDT, refer to [Deploy Surface Diagnostic Toolkit for Business](surface-diagnostic-toolkit-business.md).
-1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
-2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
+1. Direct the user to install [the SDT package](surface-diagnostic-toolkit-business.md#create-custom-sdt) from a software distribution point or network share. After it is installed, you’re ready to guide the user through a series of tests.
+
+2. Begin at the home page, which allows users to enter a description of the issue, and click **Continue**, as shown in figure 1.
-
- *Figure 1. SDT in desktop mode*
+*Figure 1. SDT in desktop mode*
3. When SDT indicates the device has the latest updates, click **Continue** to advance to the catalog of available tests, as shown in figure 2.
-
- *Figure 2. Select from SDT options*
+*Figure 2. Select from SDT options*
4. You can choose to run all the diagnostic tests. Or, if you already suspect a particular issue such as a faulty display or a power supply problem, click **Select** to choose from the available tests and click **Run Selected**, as shown in figure 3. See the following table for details of each test.
-
- *Figure 3. Select hardware tests*
+*Figure 3. Select hardware tests*
Hardware test | Description
--- | ---
@@ -51,6 +53,7 @@ This topic explains how to use the Surface Diagnostic Toolkit (SDT) to help user
+
## Running multiple hardware tests to troubleshoot issues
SDT is designed as an interactive tool that runs a series of tests. For each test, SDT provides instructions summarizing the nature of the test and what users should expect or look for in order for the test to be successful. For example, to diagnose if the display brightness is working properly, SDT starts at zero and increases the brightness to 100 percent, asking users to confirm – by answering **Yes** or **No** -- that brightness is functioning as expected, as shown in figure 4.
@@ -58,12 +61,11 @@ SDT is designed as an interactive tool that runs a series of tests. For each tes
For each test, if functionality does not work as expected and the user clicks **No**, SDT generates a report of the possible causes and ways to troubleshoot it.
-
*Figure 4. Running hardware diagnostics*
-1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**.
-2. If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**.
-3. Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution.
+1. If the brightness successfully adjusts from 0-100 percent as expected, direct the user to click **Yes** and then click **Continue**.
+2. If the brightness fails to adjust from 0-100 percent as expected, direct the user to click **No** and then click **Continue**.
+3. Guide users through remaining tests as appropriate. When finished, SDT automatically provides a high-level summary of the report, including the possible causes of any hardware issues along with guidance for resolution.
### Repairing applications
@@ -71,24 +73,18 @@ For each test, if functionality does not work as expected and the user clicks **
SDT enables you to diagnose and repair applications that may be causing issues, as shown in figure 5.
-
*Figure 5. Running repairs*
-
-
-
-
+
### Generating logs for analyzing issues
SDT provides extensive log-enabled diagnosis support across applications, drivers, hardware, and operating system issues, as shown in figure 6.
-
*Figure 6. Generating logs*
-
-
+
### Generating detailed report comparing device vs. optimal configuration
Based on the logs, SDT generates a report for software- and firmware-based issues that you can save to a preferred location.
diff --git a/devices/surface/surface-diagnostic-toolkit-for-business-intro.md b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
new file mode 100644
index 0000000000..df3918d715
--- /dev/null
+++ b/devices/surface/surface-diagnostic-toolkit-for-business-intro.md
@@ -0,0 +1,43 @@
+---
+title: Fix common Surface problems using the Surface Diagnostic Toolkit for Business
+description: This page provides an introduction to the Surface Diagnostic Toolkit for Business for use in commercial environments.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 06/11/2019
+ms.reviewer: cottmca
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
+---
+
+# Fix common Surface problems using the Surface Diagnostic Toolkit for Business
+
+If your Surface isn’t working properly, the Microsoft Surface Diagnostic Toolkit for Business can help you or your administrator find and solve problems.
+
+> [!NOTE]
+> Surface Diagnostic Toolkit for Business is built for commercial devices. If your device is a personal device and not managed by your work or school run the [Surface Diagnostic Toolkit](https://support.microsoft.com/en-us/help/4037239/surface-fix-common-surface-problems-using-surface-diagnostic-toolkit) instead.
+
+## Run the Surface Diagnostic Toolkit for Business
+
+Before you run the diagnostic tool, make sure you have the latest Windows updates. Go to [Install Surface and Windows 10 updates](https://support.microsoft.com/en-us/help/4023505/surface-install-surface-and-windows-updates) for more information. If that doesn't solve the problem, you'll need to run the diagnostic tool.
+
+> [!NOTE]
+> The Surface Diagnostic Toolkit for Business only works on Surface devices running Windows 10. It does not work on Surface Pro, Surface Pro 2, or Surface devices configured in S mode.
+
+**To run the Surface Diagnostic Toolkit for Business:**
+
+1. Download the [Surface Diagnostic Toolkit for Business](https://aka.ms/SDT4B).
+2. Select Run and follow the on-screen instructions. For full details, refer to [Deploy Surface Diagnostic Toolkit for Business](https://docs.microsoft.com/surface/surface-diagnostic-toolkit-business).
+
+The diagnosis and repair time averages 15 minutes but could take an hour or longer, depending on internet connection speed and the number of updates or repairs required.
+# If you still need help
+
+If the Surface Diagnostic Toolkit for Business didn’t fix the problem, you can also:
+
+- Make an in-store appointment: We might be able to fix the problem or provide a replacement Surface at your local Microsoft Store. [Locate a Microsoft Store near you](https://www.microsoft.com/store/locations/find-a-store?WT.mc_id=MSC_Solutions_en_us_scheduleappt).
+- Contact customer support: If you want to talk to someone about how to fix your problem, [contact us](https://support.microsoft.com/en-us/help/4037645/contact-surface-warranty-and-software-support-for-business).
+- Get your Surface serviced: If your Surface product needs service, [request it online](https://mybusinessservice.surface.com/).
diff --git a/devices/surface/surface-dock-firmware-update.md b/devices/surface/surface-dock-firmware-update.md
new file mode 100644
index 0000000000..dc3e5b41f0
--- /dev/null
+++ b/devices/surface/surface-dock-firmware-update.md
@@ -0,0 +1,207 @@
+---
+title: Microsoft Surface Dock Firmware Update
+description: This article explains how to use Microsoft Surface Dock Firmware Update, newly redesigned to update Surface Dock firmware while running in the background on your Surface device.
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 10/09/2019
+ms.reviewer: scottmca
+manager: dansimp
+ms.audience: itpro
+---
+# Microsoft Surface Dock Firmware Update
+
+This article explains how to use Microsoft Surface Dock Firmware Update, newly redesigned to update Surface Dock firmware while running in the background on your Surface device. Once installed, it will update any Surface Dock attached to your Surface device.
+
+> [!NOTE]
+>Microsoft Surface Dock Firmware Update supersedes the earlier Microsoft Surface Dock Updater tool, previously available for download as part of Surface Tools for IT. It was named Surface_Dock_Updater_vx.xx.xxx.x.msi (where x indicates the version of the tool). The earlier tool has been retired, is no longer available for download, and should not be used.
+
+## To run Surface Dock Firmware Update
+
+1. Download and install [Microsoft Surface Dock Firmware Update](https://www.microsoft.com/download/details.aspx?id=46703).
+ - The file is released in the following naming format: **Surface_Dock_FwUpdate_X.XX.XXX_Win10_XXXXX_XX.XXX.XXXXX_X.MSI** and installs by default to C:\Program Files\SurfaceUpdate.
+ - Requires Surface devices running at least Windows 10 version 1803 or later.
+
+2. After you connect Surface Dock to your Surface device, the tool checks the firmware status while running in the background.
+
+4. After several seconds, disconnect your Surface Dock from your device and then wait for 5 seconds before reconnecting. The Surface Dock Firmware Update will normally update the dock silently in background after you disconnect from the dock and reconnect. The process can take a few minutes to complete and will continue even if interrupted.
+
+### Manual installation
+If preferred, you can manually complete the update as follows:
+
+- Reconnect your Surface Dock for 2 minutes and then disconnect it from your device. The DisplayPort firmware update will be installed while the hardware is disconnected. The LED in the Ethernet port of the dock will blink while the update is in progress. Please wait until the LED stops blinking before you unplug your Surface Dock from power.
+
+> [!NOTE]
+>
+> - Manually installing the MSI file may prompt you to restart Surface; however, restarting is optional and not required.
+> - You will need to disconnect and reconnect the dock twice before the update fully completes.
+> - To create a log file, specify the path in the Msiexec command. For example, append /l*v %windir%\logs\ SurfaceDockFWI.log".
+
+## Network deployment
+
+You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firmware Update to multiple devices across your network. When using Microsoft Endpoint Configuration Manager or other deployment tool, enter the following syntax to ensure the installation is silent:
+
+- **Msiexec.exe /i /quiet /norestart**
+
+> [!NOTE]
+> A log file is not created by default. In order to create a log file, you will need to append "/l*v [path]"
+
+For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
+
+> [!IMPORTANT]
+> If you want to keep your Surface Dock updated using any other method, refer to [Update your Surface Dock](https://support.microsoft.com/help/4023478/surface-update-your-surface-dock) for details.
+
+## Intune deployment
+You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management).
+
+Use the following command:
+ - **msiexec /i /quiet /q**
+
+## How to verify completion of firmware update
+
+Surface dock firmware consists of two components:
+
+- **Component10:** Micro controller unit (MCU) firmware
+- **Component20:** Display port (DP) firmware.
+
+Successful completion of Surface Dock Firmware Update results in new registry key values for these firmware components.
+
+**To verify updates:**
+
+1. Open Regedit and navigate to the following registry path:
+
+- **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WUDF\Services\SurfaceDockFwUpdate\Parameters**
+
+2. Look for the registry keys: **Component10CurrentFwVersion and Component20CurrentFwVersion**, which refer to the firmware that is currently on the device.
+
+ 
+
+3. Verify the new registry key values match the updated registry key values listed in the Versions reference at the end of this document. If the values match, the firmware was updated successfully.
+
+4. If unable to verify, review Event logging and Troubleshooting tips in the next section.
+
+## Event logging
+
+**Table 1. Log files for Surface Dock Firmware Update**
+
+| Log | Location | Notes |
+| -------------------------------- | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Surface Dock Firmware Update log | Path needs to be specified (see note) | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater. |
+| Windows Device Install log | %windir%\inf\setupapi.dev.log | For more information about using Device Install Log, refer to [SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. |
+
+
+**Table 2. Event log IDs for Surface Dock Firmware Update**
+Events are logged in the Application Event Log. Note: Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.
+
+| Event ID | Event type |
+| -------- | -------------------------------------------------------------------- |
+| 2001 | Dock firmware update has started. |
+| 2002 | Dock firmware update skipped because dock is known to be up to date. |
+| 2003 | Dock firmware update failed to get firmware version. |
+| 2004 | Querying the firmware version. |
+| 2005 | Dock firmware failed to start update. |
+| 2006 | Failed to send offer/payload pairs. |
+| 2007 | Firmware update finished. |
+| 2008 | BEGIN dock telemetry. |
+| 2011 | END dock telemetry. |
+
+## Troubleshooting tips
+
+- Completely disconnect power for Surface dock from the AC power to reset the Surface Dock.
+- Disconnect all peripherals except for the Surface Dock.
+- Uninstall any current Surface Dock Firmware Update and then install the latest version.
+- Ensure that the Surface Dock is disconnected, and then allow enough time for the update to complete as monitored via an LED in the Ethernet port of the dock. Wait until the LED stops blinking before you unplug Surface Dock from power.
+- Connect the Surface Dock to a different device to see if it is able to update the dock.
+
+## Changes and updates
+
+Microsoft periodically releases new versions of Surface Dock Firmware Update.Note that the MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version of the MSI.
+
+## Versions reference
+### Version 1.42.139
+*Release Date: September 18 2019*
+
+This version, contained in Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.31680_0.MSI, updates firmware in the background.
+**Updated registry key values:**
+
+- Component10CurrentFwVersion updated to **4ac3970**.
+- Component20CurrentFwVersion updated to **4a1d570**.
+
+It adds support for Surface Pro 7 and Surface Laptop 3.
+
+## Legacy versions
+
+### Version 2.23.139.0
+*Release Date: 10 October 2018*
+
+This version of Surface Dock Updater adds support for the following:
+
+- Add support for Surface Pro 6
+- Add support for Surface Laptop 2
+
+
+### Version 2.22.139.0
+*Release Date: 26 July 2018*
+
+This version of Surface Dock Updater adds support for the following:
+
+- Increase update reliability
+- Add support for Surface Go
+
+### Version 2.12.136.0
+*Release Date: 29 January 2018*
+
+This version of Surface Dock Updater adds support for the following:
+* Update for Surface Dock Main Chipset Firmware
+* Update for Surface Dock DisplayPort Firmware
+* Improved display stability for external displays when used with Surface Book or Surface Book 2
+
+Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following:
+* Update for Surface Book Base Firmware
+* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices
+
+
+### Version 2.9.136.0
+*Release date: November 3, 2017*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock DisplayPort Firmware
+* Resolves an issue with audio over passive display port adapters
+
+### Version 2.1.15.0
+*Release date: June 19, 2017*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Surface Laptop
+* Surface Pro
+
+### Version 2.1.6.0
+*Release date: April 7, 2017*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock DisplayPort firmware
+* Requires Windows 10
+
+### Version 2.0.22.0
+*Release date: October 21, 2016*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock USB firmware
+* Improved reliability of Ethernet, audio, and USB ports
+
+### Version 1.0.8.0
+*Release date: April 26, 2016*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock Main Chipset firmware
+* Update for Surface Dock DisplayPort firmware
+
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
deleted file mode 100644
index 10b49c4719..0000000000
--- a/devices/surface/surface-dock-updater.md
+++ /dev/null
@@ -1,197 +0,0 @@
----
-title: Microsoft Surface Dock Updater (Surface)
-description: This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
-ms.assetid: 1FEFF277-F7D1-4CB4-8898-FDFE8CBE1D5C
-keywords: install, update, firmware
-ms.localizationpriority: medium
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: brecords
-ms.date: 02/23/2018
-ms.author: jdecker
-ms.topic: article
----
-
-# Microsoft Surface Dock Updater
-
-
-This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
-
-The [Microsoft Surface Dock Updater](https://www.microsoft.com/download/details.aspx?id=46703) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
-
-When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA).
-
->[!NOTE]
->Updating Surface Dock firmware requires connectivity to the Surface Dock via the Surface Connect™ port. Installation of the Microsoft Surface Dock Updater is only supported on devices that feature the Surface Connect™ port.
-
->[!NOTE]
->The Surface Dock Updater tool is unable to run on Windows 10 S. To manually update a Surface Dock for use with Surface Laptop and Windows 10 S, connect the Surface Dock to another Surface device with a Windows 10 Pro or Windows 10 Enterprise environment.
-
-## Update a Surface Dock with Microsoft Surface Dock Updater
-
-
-After you install the [Microsoft Surface Dock Updater](https://www.microsoft.com/download/details.aspx?id=46703) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
-
-To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps:
-
-1. Click Start to begin the firmware update process. If you do not have a Surface Dock connected, you will be prompted to connect a Surface Dock.
-
-2. Microsoft Surface Dock Updater checks the status of your Surface Dock firmware.
-
- - If the tool determines that the firmware of your Surface Dock is up to date, a **You have the latest firmware for this Surface Dock** message is displayed, as shown in Figure 1.
-
- 
-
- *Figure 1. Your Surface Dock firmware is up to date*
-
- - If Microsoft Surface Dock Updater determines that the firmware of your Surface Dock is not up to date, a **This Surface Dock is not running the latest firmware** message is displayed, as shown in Figure 2.
-
- 
-
- *Figure 2. Your Surface Dock firmware needs to be updated*
-
-3. To begin the firmware update process, click **Update** on the **Surface Dock Firmware** page.
-
-4. Before the firmware update process begins, you will be prompted for confirmation. Click **OK** to proceed or **Cancel** to return to the **Surface Dock Firmware** page displaying the status of your Surface Dock firmware.
-
-5. As the firmware update is uploaded to the Surface Dock, a **Progress** page is displayed, as shown in Figure 3. Do not disconnect the Surface Dock while firmware is being uploaded.
-
- 
-
- *Figure 3. Progress of firmware update upload to Surface Dock*
-
-6. After the firmware update has successfully uploaded to the Surface Dock, you are prompted to disconnect and then reconnect the Surface Dock from the Surface device, as shown in Figure 4. The main chipset firmware update will be applied while the Surface Dock is disconnected.
-
- 
-
- *Figure 4. Disconnect and reconnect Surface Dock when prompted*
-
-7. When the main chipset firmware update is verified, the DisplayPort chipset firmware update will be uploaded to the Surface Dock. Upon completion, a **Success** page is displayed and you will again be prompted to disconnect the Surface Dock, as shown in Figure 5.
-
- 
-
- *Figure 5. Successful upload of Surface Dock firmware*
-
-8. After you disconnect the Surface Dock the DisplayPort firmware update will be installed. This process occurs on the Surface Dock hardware while it is disconnected. The Surface Dock must remain powered for up to 3 minutes after it has been disconnected for the firmware update to successfully install. An **Update in Progress** page is displayed (as shown in Figure 6), with a countdown timer to show the estimated time remaining to complete the firmware update installation.
-
- 
-
- *Figure 6. Countdown timer to complete firmware installation on Surface Dock*
-
-9. If you want to update multiple Surface Docks in one sitting, you can click the **Update another Surface Dock** button to begin the process on the next Surface Dock.
-
- >[!NOTE]
- >The LED in the Ethernet port of the dock will blink while the update is in progress. Please wait until the LED stops blinking before you unplug your Surface Dock from power.
-
-
-
-## Troubleshooting Microsoft Surface Dock Updater
-
-
-If the Surface Dock firmware update process encounters an installation error with either firmware update, the **Encountered an unexpected error** page may be displayed, as shown in Figure 7.
-
-
-
-*Figure 7. Firmware update installation has encountered an error*
-
-Microsoft Surface Dock Updater logs its progress into the Event Log, as shown in Figure 8. If you need to troubleshoot an update through this tool, you will find Surface Dock events recorded with the following event IDs:
-
-| Event ID | Event type |
-|----------|----------------------------------------------------------|
-| 12100 | Up-to-date confirmation |
-| 12101 | Event in the main chipset firmware update process |
-| 12102 | Event in the DisplayPort chipset firmware update process |
-| 12105 | Error |
-
-
-
-
-*Figure 8. Surface Dock Updater events in Event Viewer*
-
-## Changes and updates
-
-Microsoft periodically updates Surface Dock Updater.
-
->[!Note]
->Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
-
-### Version 2.23.139.0
-*Release Date: 10 October 2018*
-
-This version of Surface Dock Updater adds support for the following:
-
-- Add support for Surface Pro 6
-- Add support for Surface Laptop 2
-
-
-### Version 2.22.139.0
-*Release Date: 26 July 2018*
-
-This version of Surface Dock Updater adds support for the following:
-
-- Increase update reliability
-- Add support for Surface Go
-
-### Version 2.12.136.0
-*Release Date: 29 January 2018*
-
-This version of Surface Dock Updater adds support for the following:
-* Update for Surface Dock Main Chipset Firmware
-* Update for Surface Dock DisplayPort Firmware
-* Improved display stability for external displays when used with Surface Book or Surface Book 2
-
-Additionally, installation of this version of Surface Dock Updater on Surface Book devices includes the following:
-* Update for Surface Book Base Firmware
-* Added support for Surface Dock firmware updates with improvements targeted to Surface Book devices
-
->[!Note]
->Before the Surface Dock firmware update applied by Surface Dock Updater v2.12.136.0 will take effect on a Surface Book device, a firmware update for the Surface Book Base is required. If you install Surface Dock Updater v2.12.136.0 on a Surface Book and update an attached Surface Dock from that same device, the firmware of the Surface Book Base will automatically be updated when installing the Surface Dock Updater. However, if you update a Surface Dock using Surface Dock Updater v2.12.136.0 on different device, and then connect that Surface Dock to a Surface Book where Surface Dock Updater v2.12.136.0 has not been installed, the benefits of the updated Surface Dock will not be enabled. To enable the benefits of the updated Surface Dock on a Surface Book device, Surface Book Base firmware must also be updated by installing Surface Dock Updater v2.12.136.0 on the Surface Book device. Surface Book Base firmware update is not required on a Surface Book 2 device.
-
-
-### Version 2.9.136.0
-*Release date: November 3, 2017*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Update for Surface Dock DisplayPort Firmware
-* Resolves an issue with audio over passive display port adapters
-
-### Version 2.1.15.0
-*Release date: June 19, 2017*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Surface Laptop
-* Surface Pro
-
-### Version 2.1.6.0
-*Release date: April 7, 2017*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Update for Surface Dock DisplayPort firmware
-* Requires Windows 10
-
-### Version 2.0.22.0
-*Release date: October 21, 2016*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Update for Surface Dock USB firmware
-* Improved reliability of Ethernet, audio, and USB ports
-
-### Version 1.0.8.0
-*Release date: April 26, 2016*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Update for Surface Dock Main Chipset firmware
-* Update for Surface Dock DisplayPort firmware
-
-
-
-
-
-
diff --git a/devices/surface/surface-enterprise-management-mode.md b/devices/surface/surface-enterprise-management-mode.md
index e42a925b72..52e193b6dd 100644
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@@ -6,10 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 01/06/2017
+ms.date: 12/02/2019
+ms.reviewer: scottmca
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Microsoft Surface Enterprise Management Mode
@@ -17,22 +21,21 @@ ms.date: 01/06/2017
Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
>[!NOTE]
->SEMM is only available on devices with Surface UEFI firmware such as Surface Pro 4 and later, Surface Go, Surface Laptop, Surface Book, and Surface Studio. For more information about Surface UEFI, see [Manage Surface UEFI Settings](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings).
+>SEMM is only available on devices with Surface UEFI firmware. This includes most Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 commercial SKUs with an Intel processor. SEMM is not supported on the 15" Surface Laptop 3 SKU with AMD processor (only available as a retail SKU).
When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
-There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with System Center Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with System Center Configuration Manager, see [Use System Center Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
+There are two administrative options you can use to manage SEMM and enrolled Surface devices – a standalone tool or integration with Microsoft Endpoint Configuration Manager. The SEMM standalone tool, called the Microsoft Surface UEFI Configurator, is described in this article. For more information about how to manage SEMM with Microsoft Endpoint Configuration Manager, see [Use Microsoft Endpoint Configuration Manager to manage devices with SEMM](https://technet.microsoft.com/itpro/surface/use-system-center-configuration-manager-to-manage-devices-with-semm).
+
## Microsoft Surface UEFI Configurator
The primary workspace of SEMM is Microsoft Surface UEFI Configurator, as shown in Figure 1. Microsoft Surface UEFI Configurator is a tool that is used to create Windows Installer (.msi) packages or WinPE images that are used to enroll, configure, and unenroll SEMM on a Surface device. These packages contain a configuration file where the settings for UEFI are specified. SEMM packages also contain a certificate that is installed and stored in firmware and used to verify the signature of configuration files before UEFI settings are applied.
-
+
*Figure 1. Microsoft Surface UEFI Configurator*
->[!NOTE]
->Windows 10 is required to run Microsoft Surface UEFI Configurator
You can use the Microsoft Surface UEFI Configurator tool in three modes:
@@ -49,7 +52,7 @@ You can download Microsoft Surface UEFI Configurator from the [Surface Tools for
Surface UEFI configuration packages are the primary mechanism to implement and manage SEMM on Surface devices. These packages contain a configuration file of UEFI settings specified during creation of the package in Microsoft Surface UEFI Configurator and a certificate file, as shown in Figure 2. When a configuration package is run for the first time on a Surface device that is not already enrolled in SEMM, it provisions the certificate file in the device’s firmware and enrolls the device in SEMM. When enrolling a device in SEMM, you will be prompted to confirm the operation by providing the last two digits of the SEMM certificate thumbprint before the certificate file is stored and the enrollment can complete. This confirmation requires that a user be present at the device at the time of enrollment to perform the confirmation.
-
+
*Figure 2. Secure a SEMM configuration package with a certificate*
@@ -60,17 +63,9 @@ See the [Surface Enterprise Management Mode certificate requirements](#surface-e
After a device is enrolled in SEMM, the configuration file is read and the settings specified in the file are applied to UEFI. When you run a configuration package on a device that is already enrolled in SEMM, the signature of the configuration file is checked against the certificate that is stored in the device firmware. If the signature does not match, no changes are applied to the device.
-You can use Surface UEFI settings to enable or disable the operation of individual components, such as cameras, wireless communication, or docking USB port (as shown in Figure 3), and configure advanced settings (as shown in Figure 4).
+### Enable or disable devices in Surface UEFI with SEMM
-
-
-*Figure 3. Enable or disable devices in Surface UEFI with SEMM*
-
-
-
-*Figure 4. Configure advanced settings with SEMM*
-
-You can enable or disable the following devices with SEMM:
+The following list shows all the available devices you can manage in SEMM:
* Docking USB Port
* On-board Audio
@@ -84,31 +79,40 @@ You can enable or disable the following devices with SEMM:
* Wi-Fi and Bluetooth
* LTE
-You can configure the following advanced settings with SEMM:
+ >[!NOTE]
+>The built-in devices that appear in the UEFI Devices page may vary depending on your device or corporate environment. For example, the UEFI Devices page is not supported on Surface Pro X; LTE only appears on LTE-equipped devices.
+### Configure advanced settings with SEMM
+**Table 1. Advanced settings**
+
+| Setting | Description |
+| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| IPv6 for PXE Boot | Allows you to manage Ipv6 support for PXE boot. If you do not configure this setting, IPv6 support for PXE boot is disabled. |
+| Alternate Boot | Allows you to manage use of an Alternate boot order to boot directly to a USB or Ethernet device by pressing both the Volume Down button and Power button during boot. If you do not configure this setting, Alternate boot is enabled. |
+| Boot Order Lock | Allows you to lock the boot order to prevent changes. If you do not configure this setting, Boot Order Lock is disabled. |
+| USB Boot | Allows you to manage booting to USB devices. If you do not configure this setting, USB Boot is enabled. |
+| Network Stack | Allows you to manage Network Stack boot settings. If you do not configure this setting, the ability to manage Network Stack boot settings is disabled. |
+| Auto Power On | Allows you to manage Auto Power On boot settings. If you do not configure this setting, Auto Power on is enabled. |
+| Simultaneous Multi-Threading (SMT) | Allows you to manage Simultaneous Multi-Threading (SMT) to enable or disable hyperthreading. If you do not configure this setting, SMT is enabled. |
+|Enable Battery limit| Allows you to manage Battery limit functionality. If you do not configure this setting, Battery limit is enabled |
+| Security | Displays the Surface UEFI **Security** page. If you do not configure this setting, the Security page is displayed. |
+| Devices | Displays the Surface UEFI **Devices** page. If you do not configure this setting, the Devices page is displayed. |
+| Boot | Displays the Surface UEFI **Boot** page. If you do not configure this setting, the DateTime page is displayed. |
+| DateTime | Displays the Surface UEFI **DateTime** page. If you do not configure this setting, the DateTime page is displayed. |
+
-* IPv6 support for PXE boot
-* Alternate boot order, where the Volume Down button and Power button can be pressed together during boot, to boot directly to a USB or Ethernet device
-* Lock the boot order to prevent changes
-* Support for booting to USB devices
-* Enable Network Stack boot settings
-* Enable Auto Power On boot settings
-* Display of the Surface UEFI **Security** page
-* Display of the Surface UEFI **Devices** page
-* Display of the Surface UEFI **Boot** page
-* Display of the Surface UEFI **DateTime** page
>[!NOTE]
->When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 5.
+>When you create a SEMM configuration package, two characters are shown on the **Successful** page, as shown in Figure 3.
-
+
-*Figure 5. Display of the last two characters of the certificate thumbprint on the Successful page*
+*Figure 3. Display of the last two characters of the certificate thumbprint on the Successful page*
-These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 6.
+These characters are the last two characters of the certificate thumbprint and should be written down or recorded. The characters are required to confirm enrollment in SEMM on a Surface device, as shown in Figure 4.
-
+
-*Figure 6. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
+*Figure 4. Enrollment confirmation in SEMM with the SEMM certificate thumbprint*
>[!NOTE]
>Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
@@ -120,7 +124,7 @@ These characters are the last two characters of the certificate thumbprint and s
>6. **All** or **Properties Only** must be selected in the **Show** drop-down menu.
>7. Select the field **Thumbprint**.
-To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file with administrative privileges on the intended Surface device. You can use application deployment or operating system deployment technologies such as [System Center Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM.
+To enroll a Surface device in SEMM or to apply the UEFI configuration from a configuration package, all you need to do is run the .msi file with administrative privileges on the intended Surface device. You can use application deployment or operating system deployment technologies such as [Microsoft Endpoint Configuration Manager](https://technet.microsoft.com/library/mt346023) or the [Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741). When you enroll a device in SEMM you must be present to confirm the enrollment on the device. User interaction is not required when you apply a configuration to devices that are already enrolled in SEMM.
For a step-by-step walkthrough of how to enroll a Surface device in SEMM or apply a Surface UEFI configuration with SEMM, see [Enroll and configure Surface devices with SEMM](https://technet.microsoft.com/itpro/surface/enroll-and-configure-surface-devices-with-semm).
@@ -130,11 +134,11 @@ A Surface UEFI reset package is used to perform only one task — to unenroll a
### Recovery request
-In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 7) with a Recovery Request operation.
+In some scenarios, it may be impossible to use a Surface UEFI reset package. (For example, if Windows becomes unusable on the Surface device.) In these scenarios you can unenroll the Surface device from SEMM through the **Enterprise Management** page of Surface UEFI (shown in Figure 5) with a Recovery Request operation.
-
+
-*Figure 7. Initiate a SEMM recovery request on the Enterprise Management page*
+*Figure 5. Initiate a SEMM recovery request on the Enterprise Management page*
When you use the process on the **Enterprise Management** page to reset SEMM on a Surface device, you are provided with a Reset Request. This Reset Request can be saved as a file to a USB drive, copied as text, or read as a QR Code with a mobile device to be easily emailed or messaged. Use the Microsoft Surface UEFI Configurator Reset Request option to load a Reset Request file or enter the Reset Request text or QR Code. Microsoft Surface UEFI Configurator will generate a verification code that can be entered on the Surface device. If you enter the code on the Surface device and click **Restart**, the device will be unenrolled from SEMM.
@@ -154,7 +158,7 @@ Packages created with the Microsoft Surface UEFI Configurator tool are signed wi
* **Key Length** – 2048
* **Hash Algorithm** – SHA-256
* **Type** – SSL Server Authentication
-* **Key Usage** – Key Encipherment
+* **Key Usage** – Digital signature, Key Encipherment
* **Provider** – Microsoft Enhanced RSA and AES Cryptographic Provider
* **Expiration Date** – 15 Months from certificate creation
* **Key Export Policy** – Exportable
@@ -212,9 +216,7 @@ valid.
machines that have it?**
If you want SEMM reset or recovery to work, the certificate needs to be
-valid and not expired. You can use the current valid ownership
-certificate to sign a package that updates to a new certificate for
-ownership. You do not need to create a reset package.
+valid and not expired.
**Can bulk reset packages be created for each surface that we order? Can
one be built that resets all machines in our environment?**
@@ -226,8 +228,22 @@ create a reset package using PowerShell to reset SEMM.
## Version History
+### Version 2.59.
+* Support to Surface Pro 7, Surface Pro X, and Surface Laptop 3 13.5" and 15" models with Intel processor. Note: Surface Laptop 3 15" AMD processor is not supported.
+- Support to Wake on Power feature
+
+### Version 2.54.139.0
+* Support to Surface Hub 2S
+* Bug fixes
+
+### Version 2.43.136.0
+* Support to enable/disable simulatenous multithreating
+* Separate options for WiFi and Bluetooth for some devices
+* Battery Limit removed for Surface Studio
+
### Version 2.26.136.0
* Add support to Surface Studio 2
+* Battery Limit feature
### Version 2.21.136.0
* Add support to Surface Pro 6
diff --git a/devices/surface/surface-manage-dfci-guide.md b/devices/surface/surface-manage-dfci-guide.md
new file mode 100644
index 0000000000..efb5fa93b5
--- /dev/null
+++ b/devices/surface/surface-manage-dfci-guide.md
@@ -0,0 +1,188 @@
+---
+title: Intune management of Surface UEFI settings
+description: This article explains how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 11/13/2019
+ms.reviewer: jesko
+manager: dansimp
+ms.audience: itpro
+---
+# Intune management of Surface UEFI settings
+
+## Introduction
+
+The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in [public preview](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. For answers to frequently asked questions, see [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333).
+
+### Background
+
+Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are known as firmware (while programs stored in dynamic media are known as software).
+
+In contrast to other Windows 10 devices available in the market today, Surface provides IT admins with the ability to configure and manage firmware through a rich set of UEFI configuration settings. This provides a layer of hardware control on top of software-based policy management as implemented via mobile device management (MDM) policies, Configuration Manager or Group Policy. For example, organizations deploying devices in highly secure areas with sensitive information can prevent camera use by removing functionality at the hardware level. From a device standpoint, turning the camera off via a firmware setting is equivalent to physically removing the camera. Compare the added security of managing at the firmware level to relying only on operating system software settings. For example, if you disable the Windows audio service via a policy setting in a domain environment, a local admin could still re-enable the service.
+
+### DFCI versus SEMM
+
+Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use.
+
+Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console, now unified as [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). The following figure shows UEFI settings viewed directly on the device (left) and viewed in the Endpoint Manager console (right).
+
+
+
+Crucially, DFCI enables zero touch management, eliminating the need for manual interaction by IT admins. DFCI is deployed via Windows Autopilot using the device profiles capability in Intune. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain on-premises infrastructure.
+
+## Supported devices
+
+At this time, DFCI is supported in the following devices:
+
+- Surface Pro 7
+- Surface Pro X
+- Surface Laptop 3
+
+> [!NOTE]
+> Surface Pro X does not support DFCI settings management for built-in camera, audio, and Wi-Fi/Bluetooth.
+
+## Prerequisites
+
+- Devices must be registered with Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider) or OEM distributor.
+
+- Before configuring DFCI for Surface, you should be familiar with Autopilot configuration requirements in [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD).
+
+## Before you begin
+
+Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-your-azure-ad-security-groups).
+
+## Configure DFCI management for Surface devices
+
+A DFCI environment requires setting up a DFCI profile that contains the settings and an Autopilot profile to apply the settings to registered devices. An enrollment status profile is also recommended to ensure settings are pushed down during OOBE setup when users first start the device. This guide explains how to configure the DFCI environment and manage UEFI configuration settings for targeted Surface devices.
+
+## Create DFCI profile
+
+Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices.
+
+1. Sign into your tenant at devicemanagement.microsoft.com.
+2. In the Microsoft Endpoint Manager Admin Center, select **Devices > Configuration profiles > Create profile** and enter a name; for example, **DFCI Configuration Policy.**
+3. Select **Windows 10 and later** for platform type.
+4. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 1 on this page or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile.
+
+ 
+
+5. Click **OK** and then select **Create**.
+6. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**.
+
+ 
+
+## Create Autopilot profile
+
+1. In Endpoint Manager at devicemanagement.microsoft.com, select **devices > Windows enrollment** and scroll down to **Deployment profiles**.
+2. Select **Create profile** and enter a name; for example, **My Autopilot profile**, and select **Next**.
+3. Select the following settings:
+
+ - Deployment mode: **User-Driven**.
+ - Join type: Azure **AD joined**.
+
+4. Leave the remaining default settings unchanged and select **Next**, as shown in the following figure.
+
+ 
+
+5. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
+6. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
+
+## Configure Enrollment Status Page
+
+To ensure that devices apply the DFCI configuration during OOBE before users sign in, you need to configure enrollment status.
+
+For more information, refer to [Set up an enrollment status page](https://docs.microsoft.com/intune/enrollment/windows-enrollment-status).
+
+
+## Configure DFCI settings on Surface devices
+
+DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level).
+
+You configure DFCI policy settings by editing the DFCI profile from Endpoint Manager, as shown in the figure below.
+
+- In Endpoint Manager at devicemanagement.microsoft.com, select **Devices > Windows > Configuration Profiles > “DFCI profile name” > Properties > Settings**.
+
+ 
+
+### Block user access to UEFI settings
+
+For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in Table 1, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.**
+The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also.
+
+### Table 1. DFCI scenarios
+
+| Device management goal | Configuration steps |
+| --------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| Block local users from changing UEFI settings | Under **Security Features > Allow local user to change UEFI settings**, select **None**. |
+| Disable cameras | Under **Built in Hardware > Cameras**, select **Disabled**. |
+| Disable Microphones and speakers | Under **Built in Hardware > Microphones and speakers**, select **Disabled**. |
+| Disable radios (Bluetooth, Wi-Fi) | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**. |
+| Disable Boot from external media (USB, SD) | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. |
+
+> [!CAUTION]
+> The **Disable radios (Bluetooth, Wi-Fi)** setting should only be used on devices that have a wired Ethernet connection.
+
+> [!NOTE]
+> DFCI in Intune includes two settings that do not currently apply to Surface devices: (1) CPU and IO virtualization and (2) Disable Boot from network adapters.
+
+Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows).
+
+## Register devices in Autopilot
+
+As stated above, DFCI can only be applied on devices registered in Windows Autopilot by your reseller or distributor and is only supported, at this time, on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For security reasons, it’s not possible to “self-provision” your devices into Autopilot.
+
+## Manually Sync Autopilot devices
+
+Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices.
+
+- In Endpoint Manager at devicemanagement.microsoft.com, go to **Devices > Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**.
+
+ For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows).
+
+> [!NOTE]
+> When adjusting settings directly in UEFI, you need to ensure the device fully restarts to the standard Windows login.
+
+## Verifying UEFI settings on DFCI-managed devices
+
+In a test environment, you can verify settings in the Surface UEFI interface.
+
+1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time.
+2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure.
+
+ 
+
+ Note how:
+
+ - The settings are greyed out because **Allow local user to change UEFI setting** is set to None.
+ - Audio is set to off because **Microphones and speakers** are set to **Disabled**.
+
+## Removing DFCI policy settings
+
+When you create a DFCI profile, all configured settings will remain in effect across all devices within the profile’s scope of management. You can only remove DFCI policy settings by editing the DFCI profile directly.
+
+If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate.
+
+## Removing DFCI management
+
+**To remove DFCI management and return device to factory new state:**
+
+1. Retire the device from Intune:
+ 1. In Endpoint Manager at devicemanagement.microsoft.com, choose **Groups > All Devices**. Select the devices you want to retire, and then choose **Retire/Wipe.** To learn more refer to [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/remote-actions/devices-wipe).
+2. Delete the Autopilot registration from Intune:
+ 1. Choose **Device enrollment > Windows enrollment > Devices**.
+ 2. Under Windows Autopilot devices, choose the devices you want to delete, and then choose **Delete**.
+3. Connect device to wired internet with Surface-branded ethernet adapter. Restart device and open the UEFI menu (press and hold the volume-up button while also pressing and releasing the power button).
+4. Select **Management > Configure > Refresh from Network** and then choose **Opt-out.**
+
+To keep managing the device with Intune, but without DFCI management, self-register the device to Autopilot and enroll it to Intune. DFCI will not be applied to self-registered devices.
+
+## Learn more
+- [Ignite 2019: Announcing remote management of Surface UEFI settings from Intune](https://techcommunity.microsoft.com/t5/Surface-IT-Pro-Blog/Ignite-2019-Announcing-remote-management-of-Surface-UEFI/ba-p/978333)
+[Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot)
+- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+- [Use DFCI profiles on Windows devices in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)
diff --git a/devices/surface/surface-pro-arm-app-management.md b/devices/surface/surface-pro-arm-app-management.md
new file mode 100644
index 0000000000..fd98f72368
--- /dev/null
+++ b/devices/surface/surface-pro-arm-app-management.md
@@ -0,0 +1,174 @@
+---
+title: Deploying, managing, and servicing Surface Pro X
+description: This article provides an overview of key considerations for deploying, managing, and servicing Surface Pro X.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.localizationpriority: high
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 1/22/2020
+ms.reviewer: jessko
+manager: dansimp
+ms.audience: itpro
+---
+# Deploying, managing, and servicing Surface Pro X
+
+## Introduction
+
+Built to handle high performance commercial requirements, Surface Pro X breaks new ground by incorporating the most powerful processor ever released on an ARM device, the Microsoft SQ1 ARM chipset.
+
+Powered by a 3GHz CPU and a 2.1 teraflop GPU, Surface Pro X provides a full Windows experience. Its 13-hour battery life and built-in 4G LTE make it ideally suited for mobile first-line workers and professionals across the financial, legal, and medical fields or any role demanding extended battery life and continuous connectivity capabilities.
+
+Surface Pro X is designed almost exclusively for a modern, cloud-based environment centered around Microsoft 365, Intune and Windows Autopilot. This article highlights what that looks like and outlines key considerations for deploying, managing, and servicing Surface Pro X.
+
+## Deploying Surface Pro X
+
+For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to:
+
+- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot)
+
+Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus.
+
+Organizations already using modern management, security, and productivity solutions are well positioned to take advantage of the unique performance features in Surface Pro X. Customers using modernized line of business apps, Microsoft store (UWP) apps, or remote desktop solutions also stand to benefit.
+
+## Image-based deployment considerations
+
+Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager) currently do not support Surface Pro X for operating system deployment. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+
+## Managing Surface Pro X devices
+
+### Intune
+
+A component of Microsoft Enterprise Mobility + Security, Intune integrates with Azure Active Directory for identity and access control and provides granular management of enrolled Surface Pro X devices. Intune mobile device management (MDM) policies have a number of advantages over older on-premises tools such as Windows Group Policy. This includes faster device login times and a more streamlined catalog of policies enabling full device management from the cloud. For example, you can manage LTE using eSIM profiles to configure data plans and deploy activation codes to multiple devices.
+
+For more information about setting up Intune, refer to the [Intune documentation](https://docs.microsoft.com/intune/).
+
+### Co-management
+
+Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
+
+### Third party MDM solutions
+
+You may be able to use third-party MDM tools to manage Surface Pro X devices. For details, contact your MDM provider.
+
+### Antivirus software
+
+Windows Defender will help protect Windows 10 on ARM-based PCs for the supported lifetime of the Windows 10 device.
+
+Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available.
+
+## Servicing Surface Pro X
+
+Surface Pro X supports Windows 10, version 1903 and later. As an ARM-based device, it has specific requirements for maintaining the latest drivers and firmware.
+
+Surface Pro X was designed to use Windows Update to simplify the process of keeping drivers and firmware up to date for both home users and small business users. Use the default settings to receive Automatic updates. To verify:
+
+1. Go to **Start** > **Settings > Update & Security > Windows Update** > **Advanced Options.**
+2. Under **Choose how updates are installed,** select **Automatic (recommended)**.
+
+### Recommendations for commercial customers
+
+- Use Windows Update or Windows Update for Business for maintaining the latest drivers and firmware. For more information, see [Deploy Updates using Windows Update for Business](https://docs.microsoft.com/windows/deployment/update/waas-manage-updates-wufb).
+- If your procedures require using a Windows Installer .msi file, contact [Surface for Business support](https://support.microsoft.com/help/4037645).
+- For more information about deploying and managing updates on Surface devices, see [Manage and deploy Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md).
+- Note that Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
+
+## Running apps on Surface Pro X
+
+Most apps run on ARM-based Windows 10 PCs with limited exclusions.
+
+### Supported apps
+
+- Most x86 Win32 apps run on Surface Pro X.
+- Native ARM64 and Microsoft Store UWP apps provide an excellent user experience utilizing the full native speed of the ARM-based processor while optimizing battery life.
+- Apps that use drivers designed for a Windows 10 PC running on an ARM-based processor.
+
+### Not supported
+
+- x64 apps won't run on a Windows 10 PC on an ARM-based processor.
+
+For more information about running apps on Surface Pro X, refer to:
+
+- [Windows 10 ARM-based PCs Support FAQ](https://support.microsoft.com/help/4521606)
+- [Windows 10 on ARM documentation](https://docs.microsoft.com/windows/arm)
+
+## Virtual Desktops (VDI)
+
+Windows Virtual Desktop enables access to Windows desktops,applications, and data on any computing device or platform, from any location. To learn more, refer to the [Windows Virtual Desktop site](https://aka.ms/wvd).
+
+## Browsing with Surface Pro X
+
+Popular browsers run on Surface Pro X:
+
+- In-box Edge, Firefox, Chrome, and Internet Explorer all run on Surface Pro X.
+- In-box Edge and Firefox run natively and therefore have enhanced performance on a Windows 10 PC on an ARM-based processor.
+
+## Installing and using Microsoft Office
+
+- Use Office 365 for the best experience on a Windows 10 PC on an ARM-based processor.
+- Office 365 “click-to-run” installs Outlook, Word, Excel, and PowerPoint, optimized to run on a Windows 10 PC on an ARM-based processor.
+- Microsoft Teams runs great on Surface Pro X.
+- For “perpetual versions” of Office such as Office 2019, install the 32-bit version.
+
+## VPN
+
+To confirm if a specific third-party VPN supports a Windows 10 PC on an ARM-based processor, contact the VPN provider.
+
+## Comparing key features
+
+The following tables show the availability of selected key features on Surface Pro X with Windows 10 on ARM compared to Intel-based Surface Pro 7.
+
+| Deployment | Surface Pro 7 | Surface Pro X | Notes |
+| --------------------------------------- | ------------- | ------------- | ------------------------------------------------------------------------------------------------------------------------------- |
+| Windows Autopilot | Yes | Yes | |
+| Support for Network Boot (PXE) | Yes | No | |
+| Windows Configuration Designer | Yes | No | Not recommended for Surface Pro X. |
+| WinPE | Yes | Yes | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. |
+| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes | No | Not supported on Surface Pro X. |
+| MDT | Yes | No | Not supported on Surface Pro X. |
+
+
+| Management | Surface Pro 7 | Surface Pro X | Notes |
+| --------------------------------------------- | ------------------- | ------------- | ------------------------------------------------------------------------------------- |
+| Intune | Yes | Yes | Manage LTE with eSIM profiles. |
+| Windows Autopilot | Yes | Yes | |
+| Azure AD (co-management) | Yes | Yes | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). |
+| Endpoint Configuration Manager | Yes | Yes | |
+| Power on When AC Restore | Yes | Yes | |
+| Surface Diagnostic Toolkit (SDT) for Business | Yes | Yes | |
+| Surface Dock Firmware Update | Yes | Yes | |
+| Asset Tag Utility | Yes | Yes | |
+| Surface Enterprise management Mode (SEMM) | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. |
+| Surface UEFI Configurator | Yes | | No option to disable hardware. on Surface Pro X at the firmware level. |
+| Surface UEFI Manager | Yes | Partial | No option to disable hardware on Surface Pro X at the firmware level. |
+
+
+| Security | Surface Pro 7 | Surface Pro X | Notes |
+| --------------------------------- | ------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| BitLocker | Yes | Yes | |
+| Windows Defender | Yes | Yes | |
+| Support for third-party antivirus | Yes | See note |Some third-party antivirus software cannot be installed on a Windows 10 PC running on an ARM-based processor. Collaboration with third-party antivirus software providers is continuing for AV app readiness on ARM-based PCs. Contact your antivirus software provider to understand when their apps will be available. |
+| Conditional Access | Yes | Yes | |
+| Secure Boot | Yes | Yes | |
+| Windows Information Protection | Yes | Yes | |
+| Surface Data Eraser (SDE) | Yes | Yes |
+## FAQ
+
+### Can I deploy Surface Pro X with MDT or Endpoint Configuration Manager?
+
+The Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager currently do not support Surface Pro X for operating system deployment.Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+
+### How can I deploy Surface Pro X?
+
+Deploy Surface Pro X using Windows Autopilot.
+
+### Will a BMR be available?
+
+Yes.
+
+### Is Intune required to manage Surface Pro X?
+
+Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
diff --git a/devices/surface/surface-pro-arm-app-performance.md b/devices/surface/surface-pro-arm-app-performance.md
new file mode 100644
index 0000000000..baa547d04b
--- /dev/null
+++ b/devices/surface/surface-pro-arm-app-performance.md
@@ -0,0 +1,27 @@
+---
+title: Surface Pro X app compatibility
+description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs.
+ms.prod: w10
+ms.localizationpriority: medium
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 10/03/2019
+ms.reviewer: jessko
+manager: dansimp
+ms.audience: itpro
+---
+# Surface Pro X app compatibility
+
+Applications run differently on ARM-based Windows 10 PCs such as Surface Pro X. Limitations include the following:
+
+- **Drivers for hardware, games and apps will only work if they're designed for a Windows 10 ARM-based PC**. For more info, check with the hardware manufacturer or the organization that developed the driver. Drivers are software programs that communicate with hardware devices—they're commonly used for antivirus and antimalware software, printing or PDF software, assistive technologies, CD and DVD utilities, and virtualization software. If a driver doesn’t work, the app or hardware that relies on it won’t work either (at least not fully). Peripherals and devices only work if the drivers they depend on are built into Windows 10, or if the hardware developer has released ARM64 drivers for the device.
+- **64-bit (x64) apps won’t work**. You'll need 64-bit (ARM64) apps, 32-bit (ARM32) apps, or 32-bit (x86) apps. You can usually find 32-bit (x86) versions of apps, but some app developers only offer 64-bit (x64) apps.
+- **Certain games won’t work**. Games and apps won't work if they use a version of OpenGL greater than 1.1, or if they rely on "anti-cheat" drivers that haven't been made for Windows 10 ARM-based PCs. Check with your game publisher to see if a game will work.
+- **Apps that customize the Windows experience might have problems**. This includes some input method editors (IMEs), assistive technologies, and cloud storage apps. The organization that develops the app determines whether their app will work on a Windows 10 ARM-based PC.
+- **Some third-party antivirus software can’t be installed**. You won't be able to install some third-party antivirus software on a Windows 10 ARM-based PC. However, Windows Security will help keep you safe for the supported lifetime of your Windows 10 device.
+- **Windows Fax and Scan isn’t available**. This feature isn’t available on a Windows 10 ARM-based PC.
+
+For more information about app compatibility, refer to [Windows 10 ARM-based PCs FAQ](https://support.microsoft.com/en-us/help/4521606)
diff --git a/devices/surface/surface-system-sku-reference.md b/devices/surface/surface-system-sku-reference.md
index cf5960ded6..dbcb9648b0 100644
--- a/devices/surface/surface-system-sku-reference.md
+++ b/devices/surface/surface-system-sku-reference.md
@@ -6,54 +6,69 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
-author: coveminer
-ms.author: v-jokai
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 03/20/2019
+ms.date: 10/31/2019
+ms.reviewer:
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# System SKU reference
-This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell or WMI.
+This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device by using PowerShell or WMI.
-System Model and System SKU are variables stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
+System Model and System SKU are variables that are stored in the System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices that have the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
| Device | System Model | System SKU |
| ---------- | ----------- | -------------- |
+| AMD Surface Laptop 3 | Surface 3 | Surface_Laptop_3_1873 |
+| Surface Laptop 3 | Surface 3 | Surface_Laptop_3_1867:1868 |
+| Surface Laptop 3 | Surface 3 | Surface_3
| Surface 3 WiFI | Surface 3 | Surface_3 |
| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
| Surface 3 LTE North America | Surface 3 | Surface_3_NAG |
-| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW |
+| Surface 3 LTE Outside of North America and Y!mobile In Japan | Surface 3 | Surface_3_ROW |
| Surface Pro | Surface Pro | Surface_Pro_1796 |
| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 |
| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 |
| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
+| Surface Go LTE Consumer | Surface Go | Surface_Go_1825_Consumer |
+| Surface Go LTE Commercial | System Go | Surface_Go_1825_Commercial |
| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
+| Surface Pro 7 | Surface Pro 7 | Surface_Pro_7_1866 |
+| Surface Pro X | Surface Pro X | Surface_Pro_X_1876 |
+| Surface Laptop 3 13" Intel | Surface Laptop 3 | Surface_Laptop_3_1867:1868 |
+| Surface Laptop 3 15" Intel | Surface Laptop 3 | Surface_Laptop_3_1872 |
+| Surface Laptop 3 15" AMD | Surface Laptop 3 | Surface_Laptop_3_1873 |
## Examples
-**PowerShell**
- Use the following PowerShell command to pull System SKU:
+**Retrieving the SKU by using PowerShell**
+Use the following PowerShell command to pull the System SKU information:
- ```
+ ``` powershell
gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU
```
-**System Information**
-You can also find the System SKU and System Model for a device in System Information.
+**Retrieving the SKU by using System Information**
+You can also find the System SKU and System Model for a device in **System Information**. To do this, follow these steps:
-- Go to **Start** > **MSInfo32**.
-
-One example of how you could use this in Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager is as part of a Task Sequence WMI Condition. For example:
-
-**Task Sequence WMI Condition**
+1. Select **Start**, and then type **MSInfo32** in the search box.
+1. Select **System Information**.
+**Using the SKU in a task sequence WMI condition**
+You can use the System SKU information in the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager as part of a task sequence WMI condition.
+ ``` powershell
- WMI Namespace – Root\WMI
- WQL Query – SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796"
+ ```
diff --git a/devices/surface/surface-wireless-connect.md b/devices/surface/surface-wireless-connect.md
new file mode 100644
index 0000000000..6e225137c2
--- /dev/null
+++ b/devices/surface/surface-wireless-connect.md
@@ -0,0 +1,84 @@
+---
+title: Optimize Wi-Fi connectivity for Surface devices
+description: This topic describes recommended Wi-Fi settings to ensure Surface devices stay connected in congested network environments and mobile scenarios.
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.audience: itpro
+ms.localizationpriority: medium
+ms.author: dansimp
+ms.topic: article
+ms.date: 10/31/2019
+ms.reviewer: tokatz
+manager: dansimp
+---
+# Optimize Wi-Fi connectivity for Surface devices
+
+
+To stay connected with all-day battery life, Surface devices implement wireless connectivity settings that balance performance and power conservation. Outside of the most demanding mobility scenarios, users can maintain sufficient wireless connectivity without modifying default network adapter or related settings.
+
+In congested network environments, organizations can implement purpose-built wireless protocols across multiple network access points to facilitate roaming. This page highlights key wireless connectivity considerations in mobile scenarios utilizing Surface Pro 3 and later, Surface Book, Surface Laptop, and Surface Go.
+
+## Prerequisites
+
+This document assumes you have successfully deployed a wireless network that supports 802.11n (Wi-Fi 4) or later in accordance with best practice recommendations from leading equipment vendors.
+
+## Configuring access points for optimal roaming capabilities
+
+If you’re managing a wireless network that’s typically accessed by many different types of client devices, it’s recommended to enable specific protocols on access points (APs) in your WLAN, as described in [Fast Roaming with 802.11k, 802.11v, and 802.11r](https://docs.microsoft.com/windows-hardware/drivers/network/fast-roaming-with-802-11k--802-11v--and-802-11r). Surface devices can take advantage of the following wireless protocols:
+
+- **802.11r.** “**Fast BSS Transition”** accelerates connecting to new wireless access points by reducing the number of frames required before your device can access another AP as you move around with your device.
+- **802.11k.** **“Neighbor Reports”** provides devices with information on current conditions at neighboring access points. It can help your Surface device choose the best AP using criteria other than signal strength such as AP utilization.
+
+Specific Surface devices can also use 802.11v “BSS Transition Management Frames,” which functions much like 802.11k in providing information on nearby candidate APs. These include Surface Go, Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
+## Managing user settings
+
+You can achieve optimal roaming capabilities through a well-designed network that supports 802.11r and 802.11k across all access points. Ensuring that your network is properly configured to provide users with the best wireless experience is the recommended approach versus attempting to manage user settings on individual devices. Moreover, in many corporate environments Surface device users won’t be able to access advanced network adapter settings without explicit permissions or local admin rights. In other lightly managed networks, users can benefit by knowing how specific settings can impact their ability to remain connected.
+
+### Recommended user settings and best practices
+
+In certain situations, modifying advanced network adapter settings built into Surface devices may facilitate a more reliable connection. Keep in mind however that an inability to connect to wireless resources is more often due to an access point issue, networking design flaw, or environmental site issue.
+
+> [!NOTE]
+> How you hold your Surface Pro or Surface Go can also affect signal strength. If you’re experiencing a loss of bandwidth, check that you’re not holding the top of the display, where the Wi-Fi radio receiver is located. Although holding the top of the display does not block wireless signals, it can trigger the device driver to initiate changes that reduce connectivity.
+
+### Keep default Auto setting for dual bandwidth capability
+On most Surface devices, you can configure client network adapter settings to only connect to wireless APs over 5 gigahertz (GHz), only connect over 2.4 GHz, or let the operating system choose the best option (default Auto setting).
+
+**To access network adapter settings go to:**
+
+- **Start** > **Control panel** > **Network and Sharing Center** > **your Wi-Fi adapter** > **Properties** > **Configure** > **Advanced**.
+
+
+
+Keep in mind that 2.4 GHz has some advantages over 5 GHz: It extends further and more easily penetrates through walls or other solid objects. Unless you have a clear use case that warrants connecting to 5 GHz, it’s recommended to leave the Band setting in the default state to avoid possible adverse consequences. For example:
+
+
+- Many hotspots found in hotels, coffee shops, and airports still only use 2.4 GHz, effectively blocking access to devices if Band is set to 5 GHz Only.
+- Since Miracast wireless display connections require the initial handshake to be completed over 2.4 GHz channels, devices won’t be able to connect at 5 GHz Only.
+
+> [!NOTE]
+> By default Surface devices will prefer connecting to 5 GHz if available. However, to preserve power in a low battery state, Surface will first look for a 2.4 GHz connection.
+
+You can also toggle the band setting as needed to suit your environment. For example, users living in high density apartment buildings with multiple Wi-Fi hotspots — amid the presence of consumer devices all broadcasting via 2.4 GHz — will likely benefit by setting their Surface device to connect on 5 GHz only and then revert to Auto when needed.
+
+### Roaming aggressiveness settings on Surface Go
+
+Front-line workers using Surface Go may wish to select a signal strength threshold that prompts the device to search for a new access point when signal strength drops (roaming aggressiveness). By default, Surface devices attempt to roam to a new access point if the signal strength drops below **Medium** (50 percent signal strength). Note that whenever you increase roaming aggressiveness, you accelerate battery power consumption.
+
+Leave the roaming aggressiveness setting in the default state unless you’re encountering connectivity issues in specific mobile scenarios such as conducting environmental site inspections while also maintaining voice and video connectivity during a conference meeting. If you don’t notice any improvement revert to the default **Medium** state.
+
+**To enable roaming aggressiveness on Surface Go:**
+
+1. Go to **Start > Control Panel** > **Network and Internet** > **Network and Sharing Center.**
+2. Under **Connections** select **Wi-Fi** and then select **Properties.**
+3. Select **Client for Microsoft Networks** and then select **Configure**
+4. Select **Advanced** > **Roaming Aggressiveness** and choose your preferred value from the drop-down menu.
+
+
+
+## Conclusion
+
+Surface devices are designed with default settings for optimal wireless connectivity balanced alongside the need to preserve battery life. The most effective way of enabling reliable connectivity for Surface devices is through a well-designed network that supports 802.11r and 802.11k. Users can adjust network adapter settings or roaming aggressiveness but should only do so in response to specific environmental factors and revert to default state if there’s no noticeable improvement.
diff --git a/devices/surface/surface.yml b/devices/surface/surface.yml
deleted file mode 100644
index 8287763c1e..0000000000
--- a/devices/surface/surface.yml
+++ /dev/null
@@ -1,61 +0,0 @@
-### YamlMime:YamlDocument
-
-documentType: LandingData
-title: Surface devices
-metadata:
- document_id:
- title: Surface devices
- description: Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
- keywords: Windows 10, issues, fixes, announcements, Windows Server, advisories
- ms.localizationpriority: medium
- author: lizap
- ms.author: elizapo
- manager: dougkim
- ms.topic: article
- ms.devlang: na
-
-sections:
-- items:
- - type: markdown
- text: "
- Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
- "
-- title: Explore
-- items:
- - type: markdown
- text: "
- Evaluate the Surface device portfolio, review the tools and technologies for management of your Surface devices, and learn about Surface technologies and devices with engineering walkthroughs.
-
**Surface Pro** Light enough to take anywhere. Powerful enough to use as a full desktop workstation. See spec
**Surface Book** Built for extreme performance. Lightning fast access to apps. Up to 16 hours of battery life. See spec
**Surface Studio** Professional-grade power and performance. Use it upright or draw on it like a drafting table. See spec
-
- "
-- title: Plan
-- items:
- - type: markdown
- text: "
- Explore essential concepts for the deployment of Windows 10 to Surface devices.
-
**Try Windows 10 Enterprise free for 90 days** Try the latest features. Test your apps, hardware, and deployment strategies. Get started
**Windows 10 upgrade paths** Upgrade to Windows 10 from a previous version, or from one edition to another. Explore paths
**Prepare for Windows 10 deployment** Get familiar with current deployment options and best practices. Review options
-
- "
-- title: Deploy
-- items:
- - type: markdown
- text: "
- Download deployment tools and get step-by-step guidance on how to upgrade a Surface device or deploy a new image.
-
**Microsoft Deployment Toolkit (MDT)** Automate Windows 10 deployment, and more easily manage security and configurations. Download the toolkit
**System Center Configuration Manager** Use in tandem with MDT to deploy Windows 10 and manage PCs and devices moving forward. Download an eval
**Surface Deployment Accelerator** Automate the creation and configuration of Windows images for Surface devices. Download the accelerator
-
- "
-- title: Manage
-- items:
- - type: markdown
- text: "
- Learn how to more easily manage and secure Surface devices in your organization.
-
**Surface IT Pro Blog** Get insight into new Surface products plus tips and tricks for IT professionals. Learn more
**Surface on Microsoft Mechanics** View technical demos and walkthroughs of Surface devices, features, and functionality. Get started
**Follow us on Twitter** Keep up with the latest news and see the latest product demonstrations. Visit Twitter
-
- "
diff --git a/devices/surface/unenroll-surface-devices-from-semm.md b/devices/surface/unenroll-surface-devices-from-semm.md
index 323624a34f..39b70f6006 100644
--- a/devices/surface/unenroll-surface-devices-from-semm.md
+++ b/devices/surface/unenroll-surface-devices-from-semm.md
@@ -6,10 +6,14 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
-author: jobotto
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
ms.date: 01/06/2017
+ms.reviewer:
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
# Unenroll Surface devices from SEMM
@@ -27,7 +31,7 @@ The Surface UEFI reset package is the primary method you use to unenroll a Surfa
Reset packages are created specifically for an individual Surface device. To begin the process of creating a reset package, you will need the serial number of the device you want to unenroll, as well as the SEMM certificate used to enroll the device. You can find the serial number of your Surface device on the **PC information** page of Surface UEFI, as shown in Figure 1. This page is displayed even if Surface UEFI is password protected and the incorrect password is entered.
-
+
*Figure 1. The serial number of the Surface device is displayed on the Surface UEFI PC information page*
@@ -40,20 +44,20 @@ To create a Surface UEFI reset package, follow these steps:
2. Click **Start**.
3. Click **Reset Package**, as shown in Figure 2.
- 
+ 
*Figure 2. Click Reset Package to create a package to unenroll a Surface device from SEMM*
4. Click **Certificate Protection** to add your SEMM certificate file with private key (.pfx), as shown in Figure 3. Browse to the location of your certificate file, select the file, and then click **OK**.
- 
+ 
*Figure 3. Add the SEMM certificate to a Surface UEFI reset package*
5. Click **Next**.
6. Type the serial number of the device you want to unenroll from SEMM (as shown in Figure 4), and then click **Build** to generate the Surface UEFI reset package.
- 
+ 
*Figure 4. Use the serial number of your Surface device to create a Surface UEFI reset package*
@@ -62,7 +66,7 @@ To create a Surface UEFI reset package, follow these steps:
Run the Surface UEFI reset package Windows Installer (.msi) file on the Surface device to unenroll the device from SEMM. The reset package will require a reboot to perform the unenroll operation. After the device has been unenrolled, you can verify the successful removal by ensuring that the **Microsoft Surface Configuration Package** item in **Programs and Features** (shown in Figure 5) is no longer present.
-
+
*Figure 5. The presence of the Microsoft Surface Configuration Package item in Programs and Features indicates that the device is enrolled in SEMM*
@@ -78,7 +82,7 @@ To initiate a Recovery Request, follow these steps:
2. Type the Surface UEFI password if you are prompted to do so.
3. Click the **Enterprise management** page, as shown in Figure 6.
- 
+ 
*Figure 6. The Enterprise management page is displayed in Surface UEFI on devices enrolled in SEMM*
@@ -88,17 +92,17 @@ To initiate a Recovery Request, follow these steps:
>A Recovery Request expires two hours after it is created. If a Recovery Request is not completed in this time, you will have to restart the Recovery Request process.
6. Select **SEMM Certificate** from the list of certificates displayed on the **Choose a SEMM reset key** page (shown in Figure 7), and then click or press **Next**.
- 
+ 
*Figure 7. Choose SEMM Certificate for your Recovery Request (Reset Request)*
7. On the **Enter SEMM reset verification code** page you can click the **QR Code** or **Text** buttons to display your Recovery Request (Reset Request) as shown in Figure 8, or the **USB** button to save your Recovery Request (Reset Request) as a file to a USB drive, as shown in Figure 9.
- 
+ 
*Figure 8. A Recovery Request (Reset Request) displayed as a QR Code*
- 
+ 
*Figure 9. Save a Recovery Request (Reset Request) to a USB drive*
@@ -112,44 +116,44 @@ To initiate a Recovery Request, follow these steps:
9. Click **Start**.
10. Click **Recovery Request**, as shown in Figure 10.
- 
+ 
- *Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
+ *Figure 10. Click Recovery Request to begin the process to approve a Recovery Request*
-11. Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate.
-12. Browse to and select your SEMM certificate file, and then click **OK**.
-13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**.
+11. Click **Certificate Protection** to authenticate the Recovery Request with the SEMM certificate.
+12. Browse to and select your SEMM certificate file, and then click **OK**.
+13. When you are prompted to enter the certificate password as shown in Figure 11, type and confirm the password for the certificate file, and then click **OK**.
- 
+ 
- *Figure 11. Type the password for the SEMM certificate*
+ *Figure 11. Type the password for the SEMM certificate*
14. Click **Next**.
15. Enter the Recovery Request (Reset Request), and then click **Generate** to create a reset verification code (as shown in Figure 12).
- 
+ 
- *Figure 12. Enter the Recovery Request (Reset Request)*
+ *Figure 12. Enter the Recovery Request (Reset Request)*
- * If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request) in the provided field.
- * If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
- * If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
+ * If you displayed the Recovery Request (Reset Request) as text on the Surface device being reset, use the keyboard to type the Recovery Request (Reset Request) in the provided field.
+ * If you displayed the Recovery Request (Reset Request) as a QR Code and then used a messaging or email application to send the code to the computer with Microsoft Surface UEFI Configurator, copy and paste the code into the provided field.
+ * If you saved the Recovery Request (Reset Request) as a file to a USB drive, click the **Import** button, browse to and select the Recovery Request (Reset Request) file, and then click **OK**.
-16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13.
+16. The reset verification code is displayed in Microsoft Surface UEFI Configurator, as shown in Figure 13.
- 
+ 
- *Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator*
+ *Figure 13. The reset verification code displayed in Microsoft Surface UEFI Configurator*
- * Click the **Share** button to send the reset verification code by email.
+ * Click the **Share** button to send the reset verification code by email.
-17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM.
-18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14.
+17. Enter the reset verification code in the provided field on the Surface device (shown in Figure 8), and then click or press **Verify** to reset the device and unenroll the device from SEMM.
+18. Click or press **Restart now** on the **SEMM reset successful** page to complete the unenrollment from SEMM, as shown in Figure 14.
- 
+ 
- *Figure 14. Successful unenrollment from SEMM*
+ *Figure 14. Successful unenrollment from SEMM*
-19. Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator.
+19. Click **End** in Microsoft Surface UEFI Configurator to complete the Recovery Request (Reset Request) process and close Microsoft Surface UEFI Configurator.
diff --git a/devices/surface/update.md b/devices/surface/update.md
deleted file mode 100644
index df7a6e3c5d..0000000000
--- a/devices/surface/update.md
+++ /dev/null
@@ -1,41 +0,0 @@
----
-title: Surface firmware and driver updates (Surface)
-description: Find out how to download and manage the latest firmware and driver updates for your Surface device.
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: heatherpoulsen
-ms.author: jdecker
-ms.topic: article
-ms.date: 11/13/2018
----
-
-# Surface firmware and driver updates
-
-Find out how to download and manage the latest firmware and driver updates for your Surface device.
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. |
-| [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Get a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.|
-| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
-| [Surface Dock Updater](surface-dock-updater.md)| Get a detailed walkthrough of Microsoft Surface Dock Updater.|
-
-
-## Related topics
-
-[Surface TechCenter](https://technet.microsoft.com/windows/surface)
-
-[Surface for IT pros blog](http://blogs.technet.com/b/surface/)
-
-
-
-
-
-
-
-
-
diff --git a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
index 996293cae5..ac6102c2ef 100644
--- a/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
+++ b/devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md
@@ -6,20 +6,37 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface
ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer:
+manager: dansimp
---
-# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit
+# Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit
#### Applies to
-* Surface Pro 3
-* Surface 3
-* Surface Pro 2
-* Surface Pro
-* Windows 10
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+- Surface Pro 2
+- Surface Pro
+- Windows 10
In addition to the traditional deployment method of reimaging devices, administrators that want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade. The process described in this article shows how to perform a Windows 10 upgrade deployment to Surface devices.
@@ -35,6 +52,9 @@ For versions of Windows prior to Windows 10, if you wanted to install a new vers
Introduced with Windows 10 and MDT 2013 Update 1, you can use the upgrade installation path directly with Microsoft deployment technologies such as the Microsoft Deployment Toolkit (MDT). With an upgrade deployment you can use the same deployment technologies and process, but you can preserve users settings, and applications of the existing environment on the device.
+> [!NOTE]
+> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
## Deployment tools and resources
Performing an upgrade deployment of Windows 10 requires the same tools and resources that are required for a traditional reimaging deployment. You can read about the tools required, including detailed explanations and installation instructions, in [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md). To proceed with the upgrade deployment described in this article, you will need the following tools installed and configured:
@@ -50,7 +70,7 @@ You will also need to have available the following resources:
* Windows 10 installation files, such as the installation media downloaded from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx)
>[!NOTE]
- >Installation media for use with MDT must contain a Windows image in Windows Imaging Format (.wim). Installation media produced by the [Get Windows 10](https://www.microsoft.com/en-us/software-download/windows10/) page does not use a .wim file, instead using an Electronic Software Download (.esd) file, which is not compatible with MDT.
+ >Installation media for use with MDT must contain a Windows image in Windows Imaging Format (.wim). Installation media produced by the [Get Windows 10](https://www.microsoft.com/software-download/windows10/) page does not use a .wim file, instead using an Electronic Software Download (.esd) file, which is not compatible with MDT.
* [Surface firmware and drivers](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices) for Windows 10
* Application installation files for any applications you want to install, such as the Surface app
@@ -70,28 +90,28 @@ In the import process example shown in the [Deploy Windows 10 to Surface devices
2. Extract the contents of the Surface Pro 3 firmware and driver pack archive file to a temporary folder. Keep the driver files separate from other drivers or files.
3. Open the Deployment Workbench and expand the Deployment Shares node and your deployment share.
4. If you have not already created a folder structure by operating system version, you should do so next. Under the **Windows 10 x64** folder, create a new folder for Surface Pro 3 drivers named **Surface Pro 3**. Your Out-of-Box Drivers folder should resemble the following structure:
- * WinPE x86
- * WinPE x64
- * Windows 10 x64
- * Microsoft Corporation
- * Surface Pro 4
- * Surface Pro 3
+ * WinPE x86
+ * WinPE x64
+ * Windows 10 x64
+ * Microsoft Corporation
+ * Surface Pro 4
+ * Surface Pro 3
5. Right-click the **Surface Pro 3** folder, and then click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
- 
+ 
- *Figure 1. Import Surface Pro 3 drivers for Windows 10*
+ *Figure 1. Import Surface Pro 3 drivers for Windows 10*
6. The Import Driver Wizard displays a series of steps, as follows:
- - **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
- - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
- - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
+ - **Specify Directory** – Click **Browse** and navigate to the folder where you extracted the Surface Pro 3 firmware and drivers in Step 1.
+ - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+ - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete Import Drivers Wizard.
7. Select the **Surface Pro 3** folder and verify that the folder now contains the drivers that were imported, as shown in Figure 2.
- 
+ 
- *Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
+ *Figure 2. Drivers for Surface Pro 3 imported and organized in the MDT deployment share*
### Import applications
@@ -107,17 +127,17 @@ Create the upgrade task sequence with the following process:
1. In the Deployment Workbench under your Deployment Share, right-click the **Task Sequences** folder, and then click **New Task Sequence** to start the New Task Sequence Wizard.
2. Use these steps to create the deployment task sequence with the New Task Sequence Wizard:
- - **General Settings** – Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
- >[!NOTE]
- >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
- - **Select Template** – Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
- - **Select OS** – Navigate to and select the Windows image that you imported, and then click **Next**.
- - **Specify Product Key** – Select the product key entry that fits your organization’s licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
- - **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
- - **Admin Password** – Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
- - **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
- - **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
- - **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
+ - **General Settings** – Enter an identifier for the deployment task sequence in the Task Sequence ID field, a name for the deployment task sequence in the Task Sequence Name field, and any comments for the deployment task sequence in the **Task Sequence Comments** field, and then click **Next**.
+ >[!NOTE]
+ >The **Task Sequence ID** field cannot contain spaces and can be a maximum of 16 characters.
+ - **Select Template** – Select **Standard Client Upgrade Task Sequence** from the drop-down menu, and then click **Next**.
+ - **Select OS** – Navigate to and select the Windows image that you imported, and then click **Next**.
+ - **Specify Product Key** – Select the product key entry that fits your organization’s licensing system. The **Do Not Specify a Product Key at This Time** option can be used for systems that will be activated via Key Management Services (KMS) or Active Directory Based Activation (ADBA). A product key can be specified specifically if your organization uses Multiple Activation Keys (MAK). Click **Next**.
+ - **OS Settings** – Enter a name and organization for registration of Windows, and a home page URL for users when they browse the Internet in the **Full Name**, **Organization**, and **Internet Explorer Home Page** fields, and then click **Next**.
+ - **Admin Password** – Select **Use the Specified Local Administrator Password** and enter a password in the provided fields, and then click **Next**.
+ - **Summary** – Review the specified configuration on this page before you click **Next** to begin creation of the task sequence.
+ - **Progress** – While the task sequence is being created, a progress bar is displayed on this page.
+ - **Confirmation** – When the task sequence creation completes, the success of the process is displayed on this page. Click **Finish** to complete New Task Sequence Wizard.
After the task sequence is created, you can modify some additional settings to provide additional automation of the task sequence and require less interaction during deployment. Follow these steps to modify the task sequence:
@@ -129,9 +149,9 @@ After the task sequence is created, you can modify some additional settings to p
6. Between the two Windows Update steps is an **Install Applications** step. Select that step and then click **Add**.
7. Hover the mouse over **General** under the **Add** menu, and then choose **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
- 
+ 
- *Figure 3. A new Install Application step in the deployment task sequence*
+ *Figure 3. A new Install Application step in the deployment task sequence*
8. On the **Properties** tab of the new **Install Application** step, enter **Install Surface App** in the **Name** field.
9. Select **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
@@ -140,22 +160,22 @@ After the task sequence is created, you can modify some additional settings to p
12. Open the **Add** menu again and choose **Set Task Sequence Variable** from under the **General** menu.
13. On the **Properties** tab of the new **Set Task Sequence Variable** step (as shown in Figure 4) configure the following options:
- - **Name** – Set DriverGroup001
- - **Task Sequence Variable** – DriverGroup001
- - **Value** – Windows 10 x64\%Make%\%Model%
+ - **Name** – Set DriverGroup001
+ - **Task Sequence Variable** – DriverGroup001
+ - **Value** – Windows 10 x64\%Make%\%Model%
- 
+ 
- *Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
+ *Figure 4. Configure a new Set Task Sequence Variable step in the deployment task sequence*
14. Select the **Inject Drivers** step, the next step in the task sequence.
15. On the **Properties** tab of the **Inject Drivers** step (as shown in Figure 5) configure the following options:
- * In the **Choose a selection profile** drop-down menu, select **Nothing**.
- * Click the **Install all drivers from the selection profile** button.
+ * In the **Choose a selection profile** drop-down menu, select **Nothing**.
+ * Click the **Install all drivers from the selection profile** button.
- 
+ 
- *Figure 5. Configure the deployment task sequence to not install drivers*
+ *Figure 5. Configure the deployment task sequence to not install drivers*
16. Click **OK** to apply changes to the task sequence and close the task sequence properties window.
diff --git a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
index 381ba2d8e1..0cf1ab9bda 100644
--- a/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
+++ b/devices/surface/use-system-center-configuration-manager-to-manage-devices-with-semm.md
@@ -1,29 +1,33 @@
---
-title: Use System Center Configuration Manager to manage devices with SEMM (Surface)
-description: Find out how to use Microsoft Surface UEFI Manager to perform SEMM management with System Center Configuration Manager.
+title: Use Microsoft Endpoint Configuration Manager to manage devices with SEMM (Surface)
+description: Learn how to manage Microsoft Surface Enterprise Management Mode (SEMM) with Endpoint Configuration Manager.
keywords: enroll, update, scripts, settings
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: KiranDavane
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 02/01/2017
+ms.date: 11/22/2019
+ms.reviewer:
+manager: dansimp
+ms.localizationpriority: medium
+ms.audience: itpro
---
-# Use System Center Configuration Manager to manage devices with SEMM
+# Use Microsoft Endpoint Configuration Manager to manage devices with SEMM
-The Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices allows administrators to both manage and secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration.
+The Microsoft Surface Enterprise Management Mode (SEMM) feature of Surface UEFI devices lets administrators manage and help secure the configuration of Surface UEFI settings. For most organizations, this process is accomplished by creating Windows Installer (.msi) packages with the Microsoft Surface UEFI Configurator tool. These packages are then run or deployed to the client Surface devices to enroll the devices in SEMM and to update the Surface UEFI settings configuration.
-For organizations with System Center Configuration Manager, there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
+For organizations with Microsoft Endpoint Configuration Manager there is an alternative to using the Microsoft Surface UEFI Configurator .msi process to deploy and administer SEMM. Microsoft Surface UEFI Manager is a lightweight installer that makes required assemblies for SEMM management available on a device. By installing these assemblies with Microsoft Surface UEFI Manager on a managed client, SEMM can be administered by Configuration Manager with PowerShell scripts, deployed as applications. With this process, SEMM management is performed within Configuration Manager, which eliminates the need for the external Microsoft Surface UEFI Configurator tool.
->[!Note]
->Although the process described in this article may work with earlier versions of System Center Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of System Center Configuration Manager.
+> [!Note]
+> Although the process described in this article may work with earlier versions of Endpoint Configuration Manager or with other third-party management solutions, management of SEMM with Microsoft Surface UEFI Manager and PowerShell is supported only with the Current Branch of Endpoint Configuration Manager.
#### Prerequisites
-Before you begin the process outlined in this article, it is expected that you are familiar with the following technologies and tools:
+Before you begin the process outlined in this article, familiarize yourself with the following technologies and tools:
* [Surface UEFI](https://technet.microsoft.com/itpro/surface/manage-surface-uefi-settings)
* [Surface Enterprise Management Mode (SEMM)](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode)
@@ -31,10 +35,10 @@ Before you begin the process outlined in this article, it is expected that you a
* [System Center Configuration Manager application deployment](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications)
* Certificate management
->[!Note]
->You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements).
-
->It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device.
+> [!Note]
+> You will also need access to the certificate that you intend to use to secure SEMM. For details about the requirements for this certificate, see [Surface Enterprise Management Mode certificate requirements](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode#surface-enterprise-management-mode-certificate-requirements).
+>
+> It is very important that this certificate be kept in a safe location and properly backed up. If this certificate becomes lost or unusable, it is not possible to reset Surface UEFI, change managed Surface UEFI settings, or remove SEMM from an enrolled Surface device.
#### Download Microsoft Surface UEFI Manager
@@ -42,155 +46,162 @@ Management of SEMM with Configuration Manager requires the installation of Micro
#### Download SEMM scripts for Configuration Manager
-After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/en-us/download/details.aspx?id=46703) from the Download Center.
+After Microsoft Surface UEFI Manager is installed on the client Surface device, SEMM is deployed and managed with PowerShell scripts. You can download samples of the [SEMM management scripts](https://www.microsoft.com/download/details.aspx?id=46703) from the Download Center.
## Deploy Microsoft Surface UEFI Manager
Deployment of Microsoft Surface UEFI Manager is a typical application deployment. The Microsoft Surface UEFI Manager installer file is a standard Windows Installer file that you can install with the [standard quiet option](https://msdn.microsoft.com/library/windows/desktop/aa367988).
-The command to install Microsoft Surface UEFI Manager is:
+The command to install Microsoft Surface UEFI Manager is as follows.
`msiexec /i "SurfaceUEFIManagerSetup.msi" /q`
-The command to uninstall Microsoft Surface UEFI Manager is:
+The command to uninstall Microsoft Surface UEFI Manager is as follows.
`msiexec /x {541DA890-1AEB-446D-B3FD-D5B3BB18F9AF} /q`
To create a new application and deploy it to a collection that contains your Surface devices, perform the following steps:
-1. Open Configuration Manager Console from the Start screen or Start menu.
-2. Click **Software Library** in the bottom left corner of the window.
-3. Expand the Application Management node of the Software Library, and then click **Applications**.
-4. Click the **Create Application** button under the **Home** tab at the top of the window. This starts the Create Application Wizard.
+1. Open Configuration Manager Console from the **Start** screen or **Start** menu.
+2. Select **Software Library** in the bottom left corner of the window.
+3. Expand the **Application Management** node of the Software Library, and then select **Applications**.
+4. Select the **Create Application** button under the **Home** tab at the top of the window. This starts the Create Application Wizard.
5. The Create Application Wizard presents a series of steps:
- * **General** – The **Automatically detect information about this application from installation files** option is selected by default. In the **Type** field, **Windows Installer (*.msi file)** is also selected by default. Click **Browse** to navigate to and select **SurfaceUEFIManagerSetup.msi**, and then click **Next**.
+ * **General** – The **Automatically detect information about this application from installation files** option is selected by default. In the **Type** field, **Windows Installer (.msi file)** is also selected by default. Select **Browse** to navigate to and select **SurfaceUEFIManagerSetup.msi**, and then select **Next**.
- >[!Note]
- >The location of SurfaceUEFIManagerSetup.msi must be on a network share and located in a folder that contains no other files. A local file location cannot be used.
+ > [!Note]
+ > The location of SurfaceUEFIManagerSetup.msi must be on a network share and located in a folder that contains no other files. A local file location cannot be used.
- * **Import Information** – The Create Application Wizard will parse the .msi file and read the **Application Name** and **Product Code**. SurfaceUEFIManagerSetup.msi should be listed as the only file under the line **Content Files**, as shown in Figure 1. Click **Next** to proceed.
+ * **Import Information** – The Create Application Wizard will parse the .msi file and read the **Application Name** and **Product Code**. SurfaceUEFIManagerSetup.msi should be listed as the only file under the line **Content Files**, as shown in Figure 1. Select **Next** to proceed.
*Figure 1. Information from Microsoft Surface UEFI Manager setup is automatically parsed*
- * **General Information** – You can modify the name of the application and information about the publisher and version, or add comments on this page. The installation command for Microsoft Surface UEFI Manager is displayed in the Installation Program field. The default installation behavior of Install for system will allow Microsoft Surface UEFI Manager to install the required assemblies for SEMM even if a user is not logged on to the Surface device. Click Next to proceed.
- * **Summary** – The information that was parsed in the **Import Information** step and your selections from the **General Information** step is displayed on this page. Click **Next** to confirm your selections and create the application.
+ * **General Information** – You can modify the name of the application and information about the publisher and version, or add comments on this page. The installation command for Microsoft Surface UEFI Manager is displayed in the Installation Program field. The default installation behavior of Install for system will allow Microsoft Surface UEFI Manager to install the required assemblies for SEMM even if a user is not logged on to the Surface device. Select **Next** to proceed.
+ * **Summary** – The information that was parsed in the **Import Information** step and your selections from the **General Information** step is displayed on this page. Select **Next** to confirm your selections and create the application.
* **Progress** – Displays a progress bar and status as the application is imported and added to the Software Library.
- * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
+ * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Select **Close** to finish the Create Application Wizard.
-After the application is created in Configuration Manager, you can distribute it to your distribution points and deploy it to the collections including your Surface devices. This application will not install or enable SEMM on the Surface device – it only provides the assemblies required for SEMM to be enabled via PowerShell script.
+After the application is created in Configuration Manager, you can distribute it to your distribution points and deploy it to the collections including your Surface devices. This application will not install or enable SEMM on the Surface device. It only provides the assemblies required for SEMM to be enabled using the PowerShell script.
If you do not want to install the Microsoft Surface UEFI Manager assemblies on devices that will not be managed with SEMM, you can configure Microsoft Surface UEFI Manager as a dependency of the SEMM Configuration Manager scripts. This scenario is covered in the [Deploy SEMM Configuration Manager Scripts](#deploy-semm-configuration-manager-scripts) section later in this article.
## Create or modify the SEMM Configuration Manager scripts
-After the required assemblies have been installed on the devices, the process of enrolling the devices in SEMM and configuring Surface UEFI is done with PowerShell scripts and deployed as a script application with Configuration Manager. These scripts can be modified to fit the needs of your organization and environment. For example, you can create multiple configurations for managed Surface devices in different departments or roles. You can download samples of the scripts for SEMM and Configuration Manager at the link in the [Prerequisites](#prerequisites) section at the beginning of this article.
+After the required assemblies have been installed on the devices, the process of enrolling the devices in SEMM and configuring Surface UEFI is done with PowerShell scripts and deployed as a script application with Configuration Manager. These scripts can be modified to fit the needs of your organization and environment. For example, you can create multiple configurations for managed Surface devices in different departments or roles. You can download samples of the scripts for SEMM and Configuration Manager from the link in the [Prerequisites](#prerequisites) section at the beginning of this article.
-There are two primary scripts you will need to perform a SEMM deployment with Configuration Manager:
+There are two primary scripts you will need in order to perform a SEMM deployment with Configuration Manager:
-* **ConfigureSEMM.ps1** – Use this script to create configuration packages for your Surface devices with your desired Surface UEFI settings, to apply the specified settings to a Surface device, to enroll the device in SEMM, and to set a registry key used to identify the enrollment of the device in SEMM.
+* **ConfigureSEMM.ps1** – Use this script to create configuration packages for your Surface devices with your desired Surface UEFI settings to apply the specified settings to a Surface device, to enroll the device in SEMM, and to set a registry key used to identify the enrollment of the device in SEMM.
* **ResetSEMM.ps1** – Use this script to reset SEMM on a Surface device, which unenrolls it from SEMM and removes the control over Surface UEFI settings.
The sample scripts include examples of how to set Surface UEFI settings and how to control permissions to those settings. These settings can be modified to secure Surface UEFI and set Surface UEFI settings according to the needs of your environment. The following sections of this article explain the ConfigureSEMM.ps1 script and explore the modifications you need to make to the script to fit your requirements.
->[!NOTE]
->The SEMM Configuration Manager scripts and the exported SEMM certificate file (.pfx) should be placed in the same folder with no other files before they are added to Configuration Manager.
+> [!NOTE]
+> The SEMM Configuration Manager scripts and the exported SEMM certificate file (.pfx) should be placed in the same folder with no other files before they are added to Configuration Manager.
### Specify certificate and package names
-The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates the names for the SEMM configuration package and SEMM reset package. The certificate and package names are specified on lines 56 through 67 in the ConfigureSEMM.ps1 script:
+The first region of the script that you need to modify is the portion that specifies and loads the SEMM certificate, and also indicates SurfaceUEFIManager version, and the names for the SEMM configuration package and SEMM reset package. The certificate name and SurfaceUEFIManager version are specified on lines 56 through 73 in the ConfigureSEMM.ps1 script.
```
56 $WorkingDirPath = split-path -parent $MyInvocation.MyCommand.Definition
57 $packageRoot = "$WorkingDirPath\Config"
- 58
- 59 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot }
- 60 Copy-Item "$WorkingDirPath\FabrikamOwnerSigner.pfx" $packageRoot
- 61
- 62 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath "FabrikamOwnerSigner.pfx"
- 63 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamSignerProvisioningPackage.pkg"
- 64 $resetPackageName = Join-Path -Path $packageRoot -ChildPath "FabrikamUniversalResetPackage.pkg"
- 65
- 66 # If your PFX file requires a password then it can be set here, otherwise use a blank string.
- 67 $password = "1234"
+ 58 $certName = "FabrikamSEMMSample.pfx"
+ 59 $DllVersion = "2.26.136.0"
+ 60
+ 61 $certNameOnly = [System.IO.Path]::GetFileNameWithoutExtension($certName)
+ 62 $ProvisioningPackage = $certNameOnly + "ProvisioningPackage.pkg"
+ 63 $ResetPackage = $certNameOnly + "ResetPackage.pkg"
+ 64
+ 65 if (-not (Test-Path $packageRoot)) { New-Item -ItemType Directory -Force -Path $packageRoot }
+ 66 Copy-Item "$WorkingDirPath\$certName" $packageRoot
+ 67
+ 68 $privateOwnerKey = Join-Path -Path $packageRoot -ChildPath $certName
+ 69 $ownerPackageName = Join-Path -Path $packageRoot -ChildPath $ProvisioningPackage
+ 70 $resetPackageName = Join-Path -Path $packageRoot -ChildPath $ResetPackage
+ 71
+ 72 # If your PFX file requires a password then it can be set here, otherwise use a blank string.
+ 73 $password = "1234"
```
-Replace the **FabrikamOwnerSigner.pfx** value for the **$privateOwnerKey** variable with the name of your SEMM Certificate file on both lines 60 and 62. The script will create a working directory (named Config) in the folder where your scripts are located, and will then copy the certificate file to this working directory.
+Replace the **FabrikamSEMMSample.pfx** value for the **$certName** variable with the name of your SEMM Certificate file on line 58. The script will create a working directory (named Config) in the folder where your scripts are located, and then copies the certificate file to this working directory.
-Replace the **FabrikamSignerProvisioningPackage.pkg** and **FabrikamUniversalResetPackage.pkg** values on lines 63 and 64 to define the **$ownerPackageName** and **$resetPackageName** variables with your desired names for the SEMM configuration and reset packages. These packages will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
+Owner package and reset package will also be created in the Config directory and hold the configuration for Surface UEFI settings and permissions generated by the script.
-On line 67, replace the value of the **$password** variable, from 1234, to the password for your certificate file. If a password is not required, delete the **1234** text.
+On line 73, replace the value of the **$password** variable, from **1234** to the password for your certificate file. If a password is not required, delete the **1234** text.
->[!Note]
->The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 144-149, to accomplish this:
+> [!Note]
+> The last two characters of the certificate thumbprint are required to enroll a device in SEMM. This script will display these digits to the user, which allows the user or technician to record these digits before the system reboots to enroll the device in SEMM. The script uses the following code, found on lines 150-155, to accomplish this.
```
-144 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
-145 # For convenience we get the thumbprint here and present to the user.
-146 $pw = ConvertTo-SecureString $password -AsPlainText -Force
-147 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
-148 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
-149 Write-Host "Thumbprint =" $certPrint.Thumbprint
+150 # Device owners will need the last two characters of the thumbprint to accept SEMM ownership.
+151 # For convenience we get the thumbprint here and present to the user.
+152 $pw = ConvertTo-SecureString $password -AsPlainText -Force
+153 $certPrint = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
+154 $certPrint.Import($privateOwnerKey, $pw, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)
+155 Write-Host "Thumbprint =" $certPrint.Thumbprint
```
Administrators with access to the certificate file (.pfx) can read the thumbprint at any time by opening the .pfx file in CertMgr. To view the thumbprint with CertMgr, follow this process:
-1. Right-click the .pfx file, and then click **Open**.
+1. Right-click the .pfx file, and then select **Open**.
2. Expand the folder in the navigation pane.
-3. Click **Certificates**.
-4. Right-click your certificate in the main pane, and then click **Open**.
-5. Click the **Details** tab.
+3. Select **Certificates**.
+4. Right-click your certificate in the main pane, and then select **Open**.
+5. Select the **Details** tab.
6. **All** or **Properties Only** must be selected in the **Show** drop-down menu.
7. Select the field **Thumbprint**.
->[!NOTE]
->The SEMM certificate name and password must also be entered in this section of the ResetSEMM.ps1 script to enable Configuration Manager to remove SEMM from the device with the uninstall action.
+> [!NOTE]
+> The SEMM certificate name and password must also be entered in this section of the ResetSEMM.ps1 script to enable Configuration Manager to remove SEMM from the device with the uninstall action.
### Configure permissions
-The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 202 in the sample script with the comment **# Configure Permissions** and continues to line 238. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras:
+The first region of the script where you will specify the configuration for Surface UEFI is the **Configure Permissions** region. This region begins at line 210 in the sample script with the comment **# Configure Permissions** and continues to line 247. The following code fragment first sets permissions to all Surface UEFI settings so that they may be modified by SEMM only, then adds explicit permissions to allow the local user to modify the Surface UEFI password, TPM, and front and rear cameras.
```
-202 # Configure Permissions
-203 foreach ($uefiV2 IN $surfaceDevices.Values) {
-204 # Here we define which "identities" will be allowed to modify which settings
-205 # PermissionSignerOwner = The primary SEMM enterprise owner identity
-206 # PermissionLocal = The user when booting to the UEFI pre-boot GUI
-207 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
-208 # Additional user identities created so that the signer owner
-209 # can delegate permission control for some settings.
-210 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
-211 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
-212
-213 # Make all permissions owner only by default
-214 foreach ($setting IN $uefiV2.Settings.Values) {
-215 $setting.ConfiguredPermissionFlags = $ownerOnly
-216 }
-217 # Allow the local user to change their own password
-218 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
-219
-220 # Allow the local user to change the state of the TPM
-221 $uefiV2.Settings["Trusted Platform Module (TPM)"].ConfiguredPermissionFlags = $ownerAndLocalUser
-222
-223 # Allow the local user to change the state of the Front and Rear cameras
-224 $uefiV2.SettingsById[302].ConfiguredPermissionFlags = $ownerAndLocalUser
-225 $uefiV2.SettingsById[304].ConfiguredPermissionFlags = $ownerAndLocalUser
-226
-227
-228 # Create a unique package name based on family and LSV.
-229 # We will choose a name that can be parsed by later scripts.
-230 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
-231 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
-232
-233 # Build and sign the Permission package then save it to a file.
-234 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
-235 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
-236 $permissionPackageStream.CopyTo($permissionPackage)
-237 $permissionPackage.Close()
-238 }
+210 # Configure Permissions
+211 foreach ($uefiV2 IN $surfaceDevices.Values) {
+212 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
+213 Write-Host "Configuring permissions"
+214 Write-Host $Device.Model
+215 Write-Host "======================="
+216
+217 # Here we define which "identities" will be allowed to modify which settings
+218 # PermissionSignerOwner = The primary SEMM enterprise owner identity
+219 # PermissionLocal = The user when booting to the UEFI pre-boot GUI
+220 # PermissionSignerUser, PermissionSignerUser1, PermissionSignerUser2 =
+221 # Additional user identities created so that the signer owner
+222 # can delegate permission control for some settings.
+223 $ownerOnly = [Microsoft.Surface.IUefiSetting]::PermissionSignerOwner
+224 $ownerAndLocalUser = ([Microsoft.Surface.IUefiSetting]::PermissionSignerOwner -bor [Microsoft.Surface.IUefiSetting]::PermissionLocal)
+225
+226 # Make all permissions owner only by default
+227 foreach ($setting IN $uefiV2.Settings.Values) {
+228 $setting.ConfiguredPermissionFlags = $ownerOnly
+229 }
+230
+231 # Allow the local user to change their own password
+232 $uefiV2.SettingsById[501].ConfiguredPermissionFlags = $ownerAndLocalUser
+233
+234 Write-Host ""
+235
+236 # Create a unique package name based on family and LSV.
+237 # We will choose a name that can be parsed by later scripts.
+238 $packageName = $uefiV2.SurfaceUefiFamily + "^Permissions^" + $lsv + ".pkg"
+239 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
+240
+241 # Build and sign the Permission package then save it to a file.
+242 $permissionPackageStream = $uefiV2.BuildAndSignPermissionPackage($privateOwnerKey, $password, "", $null, $lsv)
+243 $permissionPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
+244 $permissionPackageStream.CopyTo($permissionPackage)
+245 $permissionPackage.Close()
+246 }
+247 }
```
Each **$uefiV2** variable identifies a Surface UEFI setting by setting name or ID, and then configures the permissions to one of the following values:
@@ -202,78 +213,178 @@ You can find information about the available settings names and IDs for Surface
### Configure settings
-The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 282 through line 312 in the sample script. The region appears as follows:
+The second region of the script where you will specify the configuration for Surface UEFI is the **Configure Settings** region of the ConfigureSEMM.ps1 script, which configures whether each setting is enabled or disabled. The sample script includes instructions to set all settings to their default values. The script then provides explicit instructions to disable IPv6 for PXE Boot and to leave the Surface UEFI Administrator password unchanged. You can find this region beginning with the **# Configure Settings** comment at line 291 through line 335 in the sample script. The region appears as follows.
```
-282 # Configure Settings
-283 foreach ($uefiV2 IN $surfaceDevices.Values) {
-284 # In this demo, we will start by setting every setting to the default factory setting.
-285 # You may want to start by doing this in your scripts
-286 # so that every setting gets set to a known state.
-287 foreach ($setting IN $uefiV2.Settings.Values) {
-288 $setting.ConfiguredValue = $setting.DefaultValue
-289 }
-290
-291 # If you want to set something to a different value from the default,
-292 # here are examples of how to accomplish this.
-293 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = "Disabled"
-294
-295 # If you want to leave the setting unmodified, set it to $null
-296 # PowerShell has issues setting things to $null so ClearConfiguredValue()
-297 # is supplied to do this explicitly.
-298 # Here is an example of leaving the UEFI administrator password as-is,
-299 # even after we initially set it to factory default above.
-300 $uefiV2.SettingsById[501].ClearConfiguredValue()
-301
-302 # Create a unique package name based on family and LSV.
-303 # We will choose a name that can be parsed by later scripts.
-304 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
-305 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
-306
-307 # Build and sign the Settings package then save it to a file.
-308 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
-309 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
-310 $settingsPackageStream.CopyTo($settingsPackage)
-311 $settingsPackage.Close()
-312 }
+291 # Configure Settings
+292 foreach ($uefiV2 IN $surfaceDevices.Values) {
+293 if ($uefiV2.SurfaceUefiFamily -eq $Device.Model) {
+294 Write-Host "Configuring settings"
+295 Write-Host $Device.Model
+296 Write-Host "===================="
+297
+298 # In this demo, we will start by setting every setting to the default factory setting.
+299 # You may want to start by doing this in your scripts
+300 # so that every setting gets set to a known state.
+301 foreach ($setting IN $uefiV2.Settings.Values) {
+302 $setting.ConfiguredValue = $setting.DefaultValue
+303 }
+304
+305 $EnabledValue = "Enabled"
+306 $DisabledValue = "Disabled"
+307
+308 # If you want to set something to a different value from the default,
+309 # here are examples of how to accomplish this.
+310 # This disables IPv6 PXE boot by name:
+311 $uefiV2.Settings["IPv6 for PXE Boot"].ConfiguredValue = $DisabledValue
+312
+313 # This disables IPv6 PXE Boot by ID:
+314 $uefiV2.SettingsById[400].ConfiguredValue = $DisabledValue
+315
+316 Write-Host ""
+317
+318 # If you want to leave the setting unmodified, set it to $null
+319 # PowerShell has issues setting things to $null so ClearConfiguredValue()
+320 # is supplied to do this explicitly.
+321 # Here is an example of leaving the UEFI administrator password as-is,
+322 # even after we initially set it to factory default above.
+323 $uefiV2.SettingsById[501].ClearConfiguredValue()
+324
+325 # Create a unique package name based on family and LSV.
+326 # We will choose a name that can be parsed by later scripts.
+327 $packageName = $uefiV2.SurfaceUefiFamily + "^Settings^" + $lsv + ".pkg"
+328 $fullPackageName = Join-Path -Path $packageRoot -ChildPath $packageName
+329
+330 # Build and sign the Settings package then save it to a file.
+331 $settingsPackageStream = $uefiV2.BuildAndSignSecuredSettingsPackage($privateOwnerKey, $password, "", $null, $lsv)
+332 $settingsPackage = New-Object System.IO.Filestream($fullPackageName, [System.IO.FileMode]::CreateNew, [System.IO.FileAccess]::Write)
+333 $settingsPackageStream.CopyTo($settingsPackage)
+334 $settingsPackage.Close()
+335 }
```
Like the permissions set in the **Configure Permissions** section of the script, the configuration of each Surface UEFI setting is performed by defining the **$uefiV2** variable. For each line defining the **$uefiV2** variable, a Surface UEFI setting is identified by setting name or ID and the configured value is set to **Enabled** or **Disabled**.
-If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 300 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
+If you do not want to alter the configuration of a Surface UEFI setting, for example to ensure that the Surface UEFI administrator password is not cleared by the action of resetting all Surface UEFI settings to their default, you can use **ClearConfiguredValue()** to enforce that this setting will not be altered. In the sample script, this is used on line 323 to prevent the clearing of the Surface UEFI Administrator password, identified in the sample script by its setting ID, **501**.
You can find information about the available settings names and IDs for Surface UEFI in the [Settings Names and IDs](#settings-names-and-ids) section later in this article.
### Settings registry key
-To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes a registry key that can be used to identify enrolled systems as having been installed with the SEMM configuration script. This key can be found at the following location:
+To identify enrolled systems for Configuration Manager, the ConfigureSEMM.ps1 script writes registry keys that can be used to identify enrolled systems as having been installed with the SEMM configuration script. These keys can be found at the following location.
-`HKLM\SOFTWARE\Microsoft\Surface\SEMM\Enabled_Version1000`
+`HKLM\SOFTWARE\Microsoft\Surface\SEMM`
-The following code fragment, found on lines 352-363, is used to write this registry key:
+The following code fragment, found on lines 380-477, is used to write these registry keys.
```
-352 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
-353 New-RegKey $SurfaceRegKey
-354 $SurfaceRegValue = Get-ItemProperty $SurfaceRegKey Enabled_Version1000 -ErrorAction SilentlyContinue
-355
-356 If ($SurfaceRegValue -eq $null)
-357 {
-358 New-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -PropertyType String -Value 1 | Out-Null
-359 }
-360 Else
-361 {
-362 Set-ItemProperty -Path $SurfaceRegKey -Name Enabled_Version1000 -Value 1
-363 }
+380 # For Endpoint Configuration Manager or other management solutions that wish to know what version is applied, tattoo the LSV and current DateTime (in UTC) to the registry:
+381 $UTCDate = (Get-Date).ToUniversalTime().ToString()
+382 $certIssuer = $certPrint.Issuer
+383 $certSubject = $certPrint.Subject
+384
+385 $SurfaceRegKey = "HKLM:\SOFTWARE\Microsoft\Surface\SEMM"
+386 New-RegKey $SurfaceRegKey
+387 $LSVRegValue = Get-ItemProperty $SurfaceRegKey LSV -ErrorAction SilentlyContinue
+388 $DateTimeRegValue = Get-ItemProperty $SurfaceRegKey LastConfiguredUTC -ErrorAction SilentlyContinue
+389 $OwnershipSessionIdRegValue = Get-ItemProperty $SurfaceRegKey OwnershipSessionId -ErrorAction SilentlyContinue
+390 $PermissionSessionIdRegValue = Get-ItemProperty $SurfaceRegKey PermissionSessionId -ErrorAction SilentlyContinue
+391 $SettingsSessionIdRegValue = Get-ItemProperty $SurfaceRegKey SettingsSessionId -ErrorAction SilentlyContinue
+392 $IsResetRegValue = Get-ItemProperty $SurfaceRegKey IsReset -ErrorAction SilentlyContinue
+393 $certUsedRegValue = Get-ItemProperty $SurfaceRegKey CertName -ErrorAction SilentlyContinue
+394 $certIssuerRegValue = Get-ItemProperty $SurfaceRegKey CertIssuer -ErrorAction SilentlyContinue
+395 $certSubjectRegValue = Get-ItemProperty $SurfaceRegKey CertSubject -ErrorAction SilentlyContinue
+396
+397
+398 If ($LSVRegValue -eq $null)
+399 {
+400 New-ItemProperty -Path $SurfaceRegKey -Name LSV -PropertyType DWORD -Value $lsv | Out-Null
+401 }
+402 Else
+403 {
+404 Set-ItemProperty -Path $SurfaceRegKey -Name LSV -Value $lsv
+405 }
+406
+407 If ($DateTimeRegValue -eq $null)
+408 {
+409 New-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -PropertyType String -Value $UTCDate | Out-Null
+410 }
+411 Else
+412 {
+413 Set-ItemProperty -Path $SurfaceRegKey -Name LastConfiguredUTC -Value $UTCDate
+414 }
+415
+416 If ($OwnershipSessionIdRegValue -eq $null)
+417 {
+418 New-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -PropertyType String -Value $ownerSessionIdValue | Out-Null
+419 }
+420 Else
+421 {
+422 Set-ItemProperty -Path $SurfaceRegKey -Name OwnershipSessionId -Value $ownerSessionIdValue
+423 }
+424
+425 If ($PermissionSessionIdRegValue -eq $null)
+426 {
+427 New-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -PropertyType String -Value $permissionSessionIdValue | Out-Null
+428 }
+429 Else
+430 {
+431 Set-ItemProperty -Path $SurfaceRegKey -Name PermissionSessionId -Value $permissionSessionIdValue
+432 }
+433
+434 If ($SettingsSessionIdRegValue -eq $null)
+435 {
+436 New-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -PropertyType String -Value $settingsSessionIdValue | Out-Null
+437 }
+438 Else
+439 {
+440 Set-ItemProperty -Path $SurfaceRegKey -Name SettingsSessionId -Value $settingsSessionIdValue
+441 }
+442
+443 If ($IsResetRegValue -eq $null)
+444 {
+445 New-ItemProperty -Path $SurfaceRegKey -Name IsReset -PropertyType DWORD -Value 0 | Out-Null
+446 }
+447 Else
+448 {
+449 Set-ItemProperty -Path $SurfaceRegKey -Name IsReset -Value 0
+450 }
+451
+452 If ($certUsedRegValue -eq $null)
+453 {
+454 New-ItemProperty -Path $SurfaceRegKey -Name CertName -PropertyType String -Value $certName | Out-Null
+455 }
+456 Else
+457 {
+458 Set-ItemProperty -Path $SurfaceRegKey -Name CertName -Value $certName
+459 }
+460
+461 If ($certIssuerRegValue -eq $null)
+462 {
+463 New-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -PropertyType String -Value $certIssuer | Out-Null
+464 }
+465 Else
+466 {
+467 Set-ItemProperty -Path $SurfaceRegKey -Name CertIssuer -Value $certIssuer
+468 }
+469
+470 If ($certSubjectRegValue -eq $null)
+471 {
+472 New-ItemProperty -Path $SurfaceRegKey -Name CertSubject -PropertyType String -Value $certSubject | Out-Null
+473 }
+474 Else
+475 {
+476 Set-ItemProperty -Path $SurfaceRegKey -Name CertSubject -Value $certSubject
+477 }
```
### Settings names and IDs
-To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/en-us/download/details.aspx?id=46703)
+To configure Surface UEFI settings or permissions for Surface UEFI settings, you must refer to each setting by either its setting name or setting ID. With each new update for Surface UEFI, new settings may be added. The best way to get a complete list of the settings available on a Surface device, along with the settings name and settings IDs, is to use the ShowSettingsOptions.ps1 script from SEMM_Powershell.zip in [Surface Tools for IT Downloads](https://www.microsoft.com/download/details.aspx?id=46703)
The computer where ShowSettingsOptions.ps1 is run must have Microsoft Surface UEFI Manager installed, but the script does not require a Surface device.
-The following tables show the available settings for Surface Pro 4 and Surface Book:
+The following tables show the available settings for Surface Pro 4 and later including Surface Pro 7, Surface Book, Surface Laptop 3, and Surface Go.
*Table 1. Surface UEFI settings for Surface Pro 4*
@@ -332,11 +443,11 @@ After your scripts are prepared to configure and enable SEMM on the client devic
* ResetSEMM.ps1
* Your SEMM certificate (for example SEMMCertificate.pfx)
-The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is:
+The SEMM Configuration Manager scripts will be added to Configuration Manager as a script application. The command to install SEMM with ConfigureSEMM.ps1 is as follows.
`Powershell.exe -file ".\ConfigureSEMM.ps1"`
-The command to uninstall SEMM with ResetSEMM.ps1 is:
+The command to uninstall SEMM with ResetSEMM.ps1 is as follows.
`Powershell.exe -file ".\ResetSEMM.ps1"`
@@ -346,82 +457,82 @@ To add the SEMM Configuration Manager scripts to Configuration Manager as an app
2. Proceed through The Create Application Wizard as follows:
- - **General** – Select **Manually specify the application information**, and then click **Next**.
+ - **General** – Select **Manually specify the application information**, and then select **Next**.
- - **General Information** – Enter a name for the application (for example SEMM) and any other information you want such as publisher, version, or comments on this page. Click **Next** to proceed.
+ - **General Information** – Enter a name for the application (for example SEMM) and any other information you want such as publisher, version, or comments on this page. Select **Next** to proceed.
- - **Application Catalog** – The fields on this page can be left with their default values. Click **Next**.
+ - **Application Catalog** – The fields on this page can be left with their default values. Select **Next**.
- - **Deployment Types** – Click **Add** to start the Create Deployment Type Wizard.
+ - **Deployment Types** – Select **Add** to start the Create Deployment Type Wizard.
- Proceed through the steps of the Create Deployment Type Wizard, as follows:
- * **General** – Click **Script Installer** from the **Type** drop-down menu. The **Manually specify the deployment type information** option will automatically be selected. Click **Next** to proceed.
- * **General Information** – Enter a name for the deployment type (for example SEMM Configuration Scripts), and then click **Next** to continue.
- * **Content** – Click **Browse** next to the **Content Location** field, and then click the folder where your SEMM Configuration Manager scripts are located. In the **Installation Program** field, type the [installation command](#deploy-semm-configuration-manager-scripts) found earlier in this article. In the **Uninstall Program** field, enter the [uninstallation command](#deploy-semm-configuration-manager-scripts) found earlier in this article (shown in Figure 2). Click **Next** to move to the next page.
+ * **General** – Select **Script Installer** from the **Type** drop-down menu. The **Manually specify the deployment type information** option will automatically be selected. Select **Next** to proceed.
+ * **General Information** – Enter a name for the deployment type (for example SEMM Configuration Scripts), and then select **Next** to continue.
+ * **Content** – Select **Browse** next to the **Content Location** field, and then select the folder where your SEMM Configuration Manager scripts are located. In the **Installation Program** field, type the [installation command](#deploy-semm-configuration-manager-scripts) found earlier in this article. In the **Uninstall Program** field, enter the [uninstallation command](#deploy-semm-configuration-manager-scripts) found earlier in this article (shown in Figure 2). Select **Next** to move to the next page.
*Figure 2. Set the SEMM Configuration Manager scripts as the install and uninstall commands*
- * **Detection Method** – Click **Add Clause** to add the SEMM Configuration Manager script registry key detection rule. The **Detection Rule** window is displayed, as shown in Figure 3. Use the following settings:
+ * **Detection Method** – Select **Add Clause** to add the SEMM Configuration Manager script registry key detection rule. The **Detection Rule** window is displayed, as shown in Figure 3. Use the following settings:
- - Click **Registry** from the **Setting Type** drop-down menu.
- - Click **HKEY_LOCAL_MACHINE** from the **Hive** drop-down menu.
+ - Select **Registry** from the **Setting Type** drop-down menu.
+ - Select **HKEY_LOCAL_MACHINE** from the **Hive** drop-down menu.
- Enter **SOFTWARE\Microsoft\Surface\SEMM** in the **Key** field.
- Enter **Enabled_Version1000** in the **Value** field.
- - Click **String** from the **Data Type** drop-down menu.
- - Click the **This registry setting must satisfy the following rule to indicate the presence of this application** button.
+ - Select **String** from the **Data Type** drop-down menu.
+ - Select the **This registry setting must satisfy the following rule to indicate the presence of this application** button.
- Enter **1** in the **Value** field.
- - Click **OK** to close the **Detection Rule** window.
+ - Select **OK** to close the **Detection Rule** window.
*Figure 3. Use a registry key to identify devices enrolled in SEMM*
- * Click **Next** to proceed to the next page.
+ * Select **Next** to proceed to the next page.
- * **User Experience** – Click **Install for system** from the **Installation Behavior** drop-down menu. If you want your users to record and enter the certificate thumbprint themselves, leave the logon requirement set to **Only when a user is logged on**. If you want your administrators to enter the thumbprint for users and the users do not need to see the thumbprint, click **Whether or not a user is logged on** from the **Logon Requirement** drop-down menu.
+ * **User Experience** – Select **Install for system** from the **Installation Behavior** drop-down menu. If you want your users to record and enter the certificate thumbprint themselves, leave the logon requirement set to **Only when a user is logged on**. If you want your administrators to enter the thumbprint for users and the users do not need to see the thumbprint, select **Whether or not a user is logged on** from the **Logon Requirement** drop-down menu.
- * **Requirements** – The ConfigureSEMM.ps1 script automatically verifies that the device is a Surface device before attempting to enable SEMM. However, if you intend to deploy this script application to a collection with devices other than those to be managed with SEMM, you could add requirements here to ensure this application would run only on Surface devices or devices you intend to manage with SEMM. Click **Next** to continue.
+ * **Requirements** – The ConfigureSEMM.ps1 script automatically verifies that the device is a Surface device before attempting to enable SEMM. However, if you intend to deploy this script application to a collection with devices other than those to be managed with SEMM, you could add requirements here to ensure this application would run only on Surface devices or devices you intend to manage with SEMM. Select **Next** to continue.
- * **Dependencies** – Click **Add** to open the **Add Dependency** window.
+ * **Dependencies** – Select **Add** to open the **Add Dependency** window.
- * Click **Add** to open the **Specify Required Application** window.
+ * Select **Add** to open the **Specify Required Application** window.
- Enter a name for the SEMM dependencies in the **Dependency Group Name** field (for example, *SEMM Assemblies*).
- - Click **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then click **OK** to close the **Specify Required Application** window.
+ - Select **Microsoft Surface UEFI Manager** from the list of **Available Applications** and the MSI deployment type, and then select **OK** to close the **Specify Required Application** window.
- * Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Click **OK** to close the **Add Dependency** window.
+ * Keep the **Auto Install** check box selected if you want Microsoft Surface UEFI Manager installed automatically on devices when you attempt to enable SEMM with the Configuration Manager scripts. Select **OK** to close the **Add Dependency** window.
- * Click **Next** to proceed.
+ * Select **Next** to proceed.
- * **Summary** – The information you have entered throughout the Create Deployment Type wizard is displayed on this page. Click **Next** to confirm your selections.
+ * **Summary** – The information you have entered throughout the Create Deployment Type wizard is displayed on this page. Select **Next** to confirm your selections.
* **Progress** – A progress bar and status as the deployment type is added for the SEMM script application is displayed on this page.
- * **Completion** – Confirmation of the deployment type creation is displayed when the process is complete. Click **Close** to finish the Create Deployment Type Wizard.
+ * **Completion** – Confirmation of the deployment type creation is displayed when the process is complete. Select **Close** to finish the Create Deployment Type Wizard.
- * **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Click **Next** to create the application.
+ - **Summary** – The information that you entered throughout the Create Application Wizard is displayed. Select **Next** to create the application.
- * **Progress** – A progress bar and status as the application is added to the Software Library is displayed on this page.
+ - **Progress** – A progress bar and status as the application is added to the Software Library is displayed on this page.
- * **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Click **Close** to finish the Create Application Wizard.
+ - **Completion** – Confirmation of the successful application creation is displayed when the application creation process is complete. Select **Close** to finish the Create Application Wizard.
After the script application is available in the Software Library of Configuration Manager, you can distribute and deploy SEMM using the scripts you prepared to devices or collections. If you have configured the Microsoft Surface UEFI Manager assemblies as a dependency that will be automatically installed, you can deploy SEMM in a single step. If you have not configured the assemblies as a dependency, they must be installed on the devices you intend to manage before you enable SEMM.
When you deploy SEMM using this script application and with a configuration that is visible to the end user, the PowerShell script will start and the thumbprint for the certificate will be displayed by the PowerShell window. You can have your users record this thumbprint and enter it when prompted by Surface UEFI after the device reboots.
-Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user – in this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article.
+Alternatively, you can configure the application installation to reboot automatically and to install invisibly to the user. In this scenario, a technician will be required to enter the thumbprint on each device as it reboots. Any technician with access to the certificate file can read the thumbprint by viewing the certificate with CertMgr. Instructions for viewing the thumbprint with CertMgr are in the [Create or modify the SEMM Configuration Manager scripts](#create-or-modify-the-semm-configuration-manager-scripts) section of this article.
Removal of SEMM from a device deployed with Configuration Manager using these scripts is as easy as uninstalling the application with Configuration Manager. This action starts the ResetSEMM.ps1 script and properly unenrolls the device with the same certificate file that was used during the deployment of SEMM.
->[!NOTE]
->Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
-
->We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that – just like the certificate itself – this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
-
->When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package – the device will prompt for the certificate thumbprint before ownership is taken.
-
->For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
+> [!NOTE]
+> Microsoft Surface recommends that you create reset packages only when you need to unenroll a device. These reset packages are typically valid for only one device, identified by its serial number. You can, however, create a universal reset package that would work for any device enrolled in SEMM with this certificate.
+>
+> We strongly recommend that you protect your universal reset package as carefully as the certificate you used to enroll devices in SEMM. Please remember that, just like the certificate itself, this universal reset package can be used to unenroll any of your organization’s Surface devices from SEMM.
+>
+> When you install a reset package, the Lowest Supported Value (LSV) is reset to a value of 1. You can reenroll a device by using an existing configuration package. The device will prompt for the certificate thumbprint before ownership is taken.
+>
+> For this reason, the reenrollment of a device in SEMM would require a new package to be created and installed on that device. Because this action is a new enrollment and not a change in configuration on a device already enrolled in SEMM, the device will prompt for the certificate thumbprint before ownership is taken.
diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md
index 75bb5c6f65..20ad4f6903 100644
--- a/devices/surface/using-the-sda-deployment-share.md
+++ b/devices/surface/using-the-sda-deployment-share.md
@@ -6,10 +6,14 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: Scottmca
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer:
+manager: dansimp
---
# Using the Microsoft Surface Deployment Accelerator deployment share
@@ -18,6 +22,9 @@ With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily
For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator).
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
+
Using SDA provides these primary benefits:
* With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you.
@@ -82,16 +89,16 @@ To import drivers for a peripheral device:
6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
- 
+ 
- *Figure 1. Provide the location of your driver files*
+ *Figure 1. Provide the location of your driver files*
7. The Import Drivers Wizard presents a series of steps:
- - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
- - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
- - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
+ - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
+ - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+ - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver.
@@ -108,54 +115,54 @@ As with drivers, the SDA deployment share can be pre-configured with apps like t
In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment:
-1. Download the application installation files or locate the installation media for your application.
+1. Download the application installation files or locate the installation media for your application.
-2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
+2. Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
-3. Open the MDT Deployment Workbench.
+3. Open the MDT Deployment Workbench.
-4. Expand the **Deployment Shares** node and expand the SDA deployment share.
+4. Expand the **Deployment Shares** node and expand the SDA deployment share.
-5. Expand the **Applications** folder.
+5. Expand the **Applications** folder.
-6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
+6. Click **New Application** to start the New Application Wizard, as shown in Figure 2.
- 
+ 
- *Figure 2: Provide the command to install your application*
+ *Figure 2: Provide the command to install your application*
-7. Follow the steps of the New Application Wizard:
+7. Follow the steps of the New Application Wizard:
- - **Application Type** – Click **Application with Source Files**, and then click **Next**.
- - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
- - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
- - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
- - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
- - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
- - **Progress** – While the installation files are imported, a progress bar is displayed on this page.
- - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
+ - **Application Type** – Click **Application with Source Files**, and then click **Next**.
+ - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
+ - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
+ - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
+ - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
+ - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+ - **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+ - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
-8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
+8. Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
-9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
+9. Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
-10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
+10. Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
-11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
+11. Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
- 
+ 
- *Figure 3. A new Install Application step for Sample POS App*
+ *Figure 3. A new Install Application step for Sample POS App*
-12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
+12. On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
-13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
+13. Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
-14. Select your app from the list of applications, and then click **OK**.
+14. Select your app from the list of applications, and then click **OK**.
-15. Click **OK** to close the task sequence properties.
+15. Click **OK** to close the task sequence properties.
-16. Close the Deployment Workbench.
+16. Close the Deployment Workbench.
## Work with existing deployment shares
diff --git a/devices/surface/wake-on-lan-for-surface-devices.md b/devices/surface/wake-on-lan-for-surface-devices.md
index 907ab49ce6..53ff389c02 100644
--- a/devices/surface/wake-on-lan-for-surface-devices.md
+++ b/devices/surface/wake-on-lan-for-surface-devices.md
@@ -6,15 +6,19 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices
ms.sitesec: library
-author: brecords
-ms.author: jdecker
+ms.localizationpriority: medium
+author: dansimp
+ms.author: dansimp
ms.topic: article
-ms.date: 01/03/2018
+ms.date: 12/30/2019
+ms.reviewer: scottmca
+manager: dansimp
+ms.audience: itpro
---
# Wake On LAN for Surface devices
-Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as System Center Configuration Manager) automatically. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using System Center Configuration Manager during a window in the middle of the night, when the office is empty.
+Surface devices that run Windows 10, version 1607 (also known as Windows 10 Anniversary Update) or later and use a Surface Ethernet adapter to connect to a wired network, are capable of Wake On LAN (WOL) from Connected Standby. With WOL, you can remotely wake up devices to perform management or maintenance tasks or enable management solutions (such as Microsoft Endpoint Configuration Manager) automatically. For example, you can deploy applications to Surface devices left docked with a Surface Dock or Surface Pro 3 Docking Station by using Microsoft Endpoint Configuration Manager during a window in the middle of the night, when the office is empty.
>[!NOTE]
>Surface devices must be connected to AC power and in Connected Standby (Sleep) to support WOL. WOL is not possible from devices that are in hibernation or powered off.
@@ -39,22 +43,45 @@ The following devices are supported for WOL:
* Surface Laptop 2
* Surface Go
* Surface Go with LTE Advanced
+* Surface Studio 2 (see Surface Studio 2 instructions below)
+* Surface Pro 7
+* Surface Laptop 3
## WOL driver
To enable WOL support on Surface devices, a specific driver for the Surface Ethernet adapter is required. This driver is not included in the standard driver and firmware pack for Surface devices – you must download and install it separately. You can download the Surface WOL driver (SurfaceWOL.msi) from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
-You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as System Center Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
+You can run this Microsoft Windows Installer (.msi) file on a Surface device to install the Surface WOL driver, or you can distribute it to Surface devices with an application deployment solution, such as Microsoft Endpoint Configuration Manager. To include the Surface WOL driver during deployment, you can install the .msi file as an application during the deployment process. You can also extract the Surface WOL driver files to include them in the deployment process. For example, you can include them in your Microsoft Deployment Toolkit (MDT) deployment share. You can read more about Surface deployment with MDT in [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](https://technet.microsoft.com/itpro/surface/deploy-windows-10-to-surface-devices-with-mdt).
->[!NOTE]
->During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
-
->**HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests**
+> [!NOTE]
+> During the installation of SurfaceWOL.msi, the following registry key is set to a value of 1, which allows easy identification of systems where the WOL driver has been installed. If you chose to extract and install these drivers separately during deployment, this registry key will not be configured and must be configured manually or with a script.
+>
+> **HKLM\SYSTEM\CurrentControlSet\Control\Power AllowSystemRequiredPowerRequests**
To extract the contents of SurfaceWOL.msi, use the MSIExec administrative installation option (**/a**), as shown in the following example, to extract the contents to the C:\WOL\ folder:
`msiexec /a surfacewol.msi targetdir=C:\WOL /qn`
+## Surface Studio 2 instructions
+
+To enable WOL on Surface Studio 2, you must use the following procedure
+
+1. Create the following registry keys:
+
+ ```console
+ ; Set CONNECTIVITYINSTANDBY to 1:
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\F15576E8-98B7-4186-B944-EAFA664402D9]
+ "Attributes"=dword:00000001
+ ; Set EnforceDisconnectedStandby to 0 and AllowSystemRequiredPowerRequests to 1:
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power]
+ "EnforceDisconnectedStandby"=dword:00000000
+ "AllowSystemRequiredPowerRequests"=dword:00000001
+ ```
+
+2. Run the following command
+
+ ```powercfg /SETACVALUEINDEX SCHEME_BALANCED SUB_NONE CONNECTIVITYINSTANDBY 1```
+
## Using Surface WOL
The Surface WOL driver conforms to the WOL standard, whereby the device is woken by a special network communication known as a magic packet. The magic packet consists of 6 bytes of 255 (or FF in hexadecimal) followed by 16 repetitions of the target computer’s MAC address. You can read more about the magic packet and the WOL standard on [Wikipedia](https://wikipedia.org/wiki/Wake-on-LAN#Magic_packet).
@@ -62,7 +89,7 @@ The Surface WOL driver conforms to the WOL standard, whereby the device is woken
>[!NOTE]
>To send a magic packet and wake up a device by using WOL, you must know the MAC address of the target device and Ethernet adapter. Because the magic packet does not use the IP network protocol, it is not possible to use the IP address or DNS name of the device.
-Many management solutions, such as System Center Configuration Manager, provide built-in support for WOL. There are also many solutions, including Microsoft Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center.
+Many management solutions, such as Configuration Manager, provide built-in support for WOL. There are also many solutions, including Microsoft Store apps, PowerShell modules, third-party applications, and third-party management solutions that allow you to send a magic packet to wake up a device. For example, you can use the [Wake On LAN PowerShell module](https://gallery.technet.microsoft.com/scriptcenter/Wake-On-Lan-815424c4) from the TechNet Script Center.
>[!NOTE]
>After a device has been woken up with a magic packet, the device will return to sleep if an application is not actively preventing sleep on the system or if the AllowSystemRequiredPowerRequests registry key is not configured to 1, which allows applications to prevent sleep. See the [WOL driver](#wol-driver) section of this article for more information about this registry key.
diff --git a/devices/surface/windows-autopilot-and-surface-devices.md b/devices/surface/windows-autopilot-and-surface-devices.md
index baef69db7c..36283c8d84 100644
--- a/devices/surface/windows-autopilot-and-surface-devices.md
+++ b/devices/surface/windows-autopilot-and-surface-devices.md
@@ -1,60 +1,58 @@
---
-title: Windows Autopilot and Surface Devices (Surface)
+title: Windows Autopilot and Surface devices
+ms.reviewer:
+manager: dansimp
description: Find out about Windows Autopilot deployment options for Surface devices.
keywords: autopilot, windows 10, surface, deployment
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: surface, devices
ms.sitesec: library
-author: brecords
-ms.date: 09/12/2018
-ms.author: jdecker
+author: dansimp
+ms.author: dansimp
ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 11/26/2019
---
# Windows Autopilot and Surface devices
-Windows Autopilot is a cloud-based deployment technology available in Windows 10. Using Windows Autopilot, you can remotely deploy and configure devices in a truly zero-touch process right out of the box. Windows Autopilot registered devices are identified over the internet at first boot using a unique device signature, known as the hardware hash, and automatically enrolled and configured using modern management solutions such as Azure Active Directory (AAD) and Mobile Device Management (MDM).
+Windows Autopilot is a cloud-based deployment technology in Windows 10. You can use Windows Autopilot to remotely deploy and configure devices in a zero-touch process right out of the box.
-With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution.
+Windows Autopilot-registered devices are identified over the Internet at first startup through a unique device signature that's called a *hardware hash*. They're automatically enrolled and configured by using modern management solutions such as Azure Active Directory (Azure AD) and mobile device management.
-In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library.
+You can register Surface devices at the time of purchase from a Surface partner that's enabled for Windows Autopilot. These partners can ship new devices directly to your users. The devices will be automatically enrolled and configured when they are first turned on. This process eliminates reimaging during deployment, which lets you implement new, agile methods of device management and distribution.
-## Prerequisites
-Enrollment of Surface devices in Windows Autopilot with a Surface partner enabled for Windows Autopilot has the following licensing requirements for each enrolled Surface device:
-* **Azure Active Directory Premium** – Required to enroll your devices in your organization and to automatically enroll devices in your organization’s mobile management solution.
-* **Mobile Device Management (such as Microsoft Intune)** – Required to remotely deploy applications, configure, and manage your enrolled devices.
-* **Office 365 ProPlus** – Required to deploy Microsoft Office to your enrolled devices.
+## Modern management
+Autopilot is the recommended deployment option for Surface devices, including Surface Pro 7, Surface Laptop 3, and Surface Pro X, which is specifically designed for deployment through Autopilot.
-These requirements are also met by the following solutions:
-* Microsoft 365 E3 or E5 (includes Azure Active Directory Premium, Microsoft Intune, and Office 365 ProPlus)
+ It's best to enroll your Surface devices with the help of a Microsoft Cloud Solution Provider. This step allows you to manage UEFI firmware settings on Surface directly from Intune. It eliminates the need to physically touch devices for certificate management. See [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md) for details.
-Or
-* Enterprise Mobility + Security E3 or E5 (includes Azure Active Directory Premium and Microsoft Intune)
-* Office 365 ProPlus, E3, or E5 (includes Office 365 ProPlus)
+## Windows version considerations
+Broad deployment of Surface devices through Windows Autopilot, including enrollment by Surface partners at the time of purchase, requires Windows 10 Version 1709 (Fall Creators Update) or later.
->[!NOTE]
->Deployment of devices using Windows Autopilot to complete the Out-of-Box Experience (OOBE) is supported without these prerequisites, however will yield deployed devices without applications, configuration, or enrollment in a management solution and is highly discouraged.
-
-### Windows version considerations
-Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update). Windows 10 Version 1709 uses a secure 4096-bit (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale.
-
-### Surface device support
-Surface devices with support for out-of-box deployment with Windows Autopilot, enrolled during the purchase process with a Surface partner, include the following devices, where the devices ship from the factory with Windows 10 Version 1709:
-* Surface Pro (Model 1796)
-* Surface Book 2
-* Surface Laptop
-* Surface Studio
-* Surface Go
+These Windows versions support a 4,000-byte (4k) hash value that uniquely identifies devices for Windows Autopilot, which is necessary for deployments at scale. All new Surface devices, including Surface Pro 7, Surface Pro X, and Surface Laptop 3, ship with Windows 10 Version 1903 or later.
## Surface partners enabled for Windows Autopilot
-Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management.
-When you purchase Surface devices from a Surface partner enabled for Windows Autopilot, your new devices can be enrolled in your Windows Autopilot deployment for you by the partner. Surface partners enabled for Windows Autopilot include:
+Select Surface partners can enroll Surface devices in Windows Autopilot for you at the time of purchase. They can also ship enrolled devices directly to your users. The devices can be configured entirely through a zero-touch process by using Windows Autopilot, Azure AD, and mobile device management.
+Surface partners that are enabled for Windows Autopilot include:
+
+- [ALSO](https://www.also.com/ec/cms5/de_1010/1010_anbieter/microsoft/windows-autopilot/index.jsp)
- [Atea](https://www.atea.com/)
+- [Bechtle](https://www.bechtle.com/de-en)
+- [Cancom](https://www.cancom.de/)
+- [CDW](https://www.cdw.com/)
+- [Computacenter](https://www.computacenter.com/uk)
- [Connection](https://www.connection.com/brand/microsoft/microsoft-surface)
- [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
- [SHI](https://www.shi.com/Surface)
+- [Synnex](https://www.synnexcorp.com/us/microsoft/surface-autopilot/)
+- [Techdata](https://www.techdata.com/)
-
+## Learn more
+For more information about Windows Autopilot, see:
+- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot)
+- [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements)
\ No newline at end of file
diff --git a/education/developers.yml b/education/developers.yml
new file mode 100644
index 0000000000..9e21b6d27f
--- /dev/null
+++ b/education/developers.yml
@@ -0,0 +1,33 @@
+### YamlMime:Hub
+
+title: Microsoft 365 Education Documentation for developers
+summary: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
+
+metadata:
+ title: Microsoft 365 Education Documentation for developers
+ description: Are you an app developer looking for information about developing solutions on Microsoft Education products? Start here.
+ ms.service: help
+ ms.topic: hub-page
+ author: LaurenMoynihan
+ ms.author: v-lamoyn
+ ms.date: 10/24/2019
+
+additionalContent:
+ sections:
+ - items:
+ # Card
+ - title: UWP apps for education
+ summary: Learn how to write universal apps for education.
+ url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/
+ # Card
+ - title: Take a test API
+ summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
+ url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/take-a-test-api
+ # Card
+ - title: Office Education Dev center
+ summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
+ url: https://dev.office.com/industry-verticals/edu
+ # Card
+ - title: Data Streamer
+ summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
+ url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
\ No newline at end of file
diff --git a/education/docfx.json b/education/docfx.json
index 87d94a2065..809a2da28f 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -1,39 +1,59 @@
{
"build": {
- "content":
- [
- {
- "files": ["**/**.md", "**/**.yml"],
- "exclude": ["**/obj/**"]
- }
- ],
+ "content": [
+ {
+ "files": [
+ "**/**.md",
+ "**/**.yml"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
+ ],
"resource": [
- {
- "files": ["**/images/**"],
- "exclude": ["**/obj/**"]
- }
+ {
+ "files": [
+ "**/*.png",
+ "**/*.jpg",
+ "**/*.svg"
+ ],
+ "exclude": [
+ "**/obj/**"
+ ]
+ }
],
"globalMetadata": {
- "uhfHeaderId": "MSDocsHeader-WindowsIT",
- "ROBOTS": "INDEX, FOLLOW",
- "ms.author": "celested",
- "audience": "windows-education",
- "ms.topic": "article",
- "breadcrumb_path": "/education/breadcrumb/toc.json",
- "ms.date": "05/09/2017",
- "feedback_system": "GitHub",
- "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
- "feedback_product_url": "https://support.microsoft.com/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app",
- "_op_documentIdPathDepotMapping": {
- "./": {
- "depot_name": "Win.education"
- }
- }
+ "ROBOTS": "INDEX, FOLLOW",
+ "audience": "windows-education",
+ "ms.topic": "article",
+ "ms.technology": "windows",
+ "manager": "laurawi",
+ "audience": "ITPro",
+ "breadcrumb_path": "/education/breadcrumb/toc.json",
+ "ms.date": "05/09/2017",
+ "feedback_system": "None",
+ "hideEdit": true,
+ "_op_documentIdPathDepotMapping": {
+ "./": {
+ "depot_name": "Win.education",
+ "folder_relative_path_in_docset": "./"
+ }
+ },
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
+ "Kellylorenebaker",
+ "jborsecnik",
+ "tiburd",
+ "garycentric"
+ ]
},
- "externalReference": [
- ],
+ "externalReference": [],
"template": "op.html",
"dest": "education",
- "markdownEngineName": "dfm"
- }
+ "markdownEngineName": "markdig"
+}
}
diff --git a/education/get-started/TOC.md b/education/get-started/TOC.md
deleted file mode 100644
index 20de4cd93d..0000000000
--- a/education/get-started/TOC.md
+++ /dev/null
@@ -1,10 +0,0 @@
-# [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
-## [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-## [Use School Data Sync to import student data](use-school-data-sync.md)
-## [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-## [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-## [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
-### [Set up Windows 10 devices using Windows OOBE](set-up-windows-education-devices.md)
-## [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md)
-# [Change history for Microsoft Education Get Started](change-history-ms-edu-get-started.md)
-
diff --git a/education/get-started/change-history-ms-edu-get-started.md b/education/get-started/change-history-ms-edu-get-started.md
deleted file mode 100644
index 890ee785d2..0000000000
--- a/education/get-started/change-history-ms-edu-get-started.md
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: Change history for Microsoft Education Get Started
-description: New and changed topics in the Microsoft Education get started guide.
-keywords: Microsoft Education get started guide, IT admin, IT pro, school, education, change history
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 07/07/2017
----
-
-# Change history for Microsoft Education Get Started
-
-This topic lists the changes in the Microsoft Education IT admin get started.
-
-## July 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Broke up the get started guide to highlight each phase in the Microsoft Education deployment and management process. |
-| [Set up an Office 365 Education tenant](set-up-office365-edu-tenant.md) | New. Shows the video and step-by-step guide on how to set up an Office 365 for Education tenant. |
-| [Use School Data Sync to import student data](use-school-data-sync.md) | New. Shows the video and step-by-step guide on School Data Sync and sample CSV files to import student data in a trial environment. |
-| [Enable Microsoft Teams for your school](enable-microsoft-teams.md) | New. Shows how IT admins can enable and deploy Microsoft Teams in schools. |
-| [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md) | New. Shows the video and step-by-step guide on how to accept the services agreement and ensure your Microsoft Store account is associated with Intune for Education. |
-| [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md) | New. Shows the video and step-by-step guide on how to set up Intune for Education, buy apps from the Microsoft Store for Education, and install the apps for all users in your tenant. |
-| [Set up Windows 10 education devices](set-up-windows-10-education-devices.md) | New. Shows options available to you when you need to set up new Windows 10 devices and enroll them to your education tenant. Each option contains a video and step-by-step guide. |
-| [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) | New. Shows the video and step-by-step guide on how to finish preparing your Windows 10 devices for use in the classroom. |
-
-
-## June 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | Includes the following updates: - New configuration guidance for IT administrators to deploy Microsoft Teams. - Updated steps for School Data Sync to show the latest workflow and user experience. - Updated steps for Option 2: Try out Microsoft Education in a trial environment. You no longer need the SDS promo code to try SDS in a trial environment. |
-
-## May 2017
-
-| New or changed topic | Description |
-| --- | ---- |
-| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md) | New. Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices. |
diff --git a/education/get-started/configure-microsoft-store-for-education.md b/education/get-started/configure-microsoft-store-for-education.md
deleted file mode 100644
index 6da930b66d..0000000000
--- a/education/get-started/configure-microsoft-store-for-education.md
+++ /dev/null
@@ -1,62 +0,0 @@
----
-title: Configure Microsoft Store for Education
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 08/29/2017
----
-
-# Configure Microsoft Store for Education
-
-> [!div class="step-by-step"]
-[<< Use School Data Sync to import student data](use-school-data-sync.md)
-[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
-
-You'll need to configure Microsoft Store for Education to accept the services agreement and make sure your Microsoft Store account is associated with Intune for Education.
-
-You can watch the video to see how this is done, or follow the step-by-step guide.
-
-> [!VIDEO https://www.youtube.com/embed/Jnbssq0gC_g]
-
-You can watch the descriptive audio version here: [Microsoft Education: Configure Microsoft Store for Education (DA)](https://www.youtube.com/watch?v=bStgEpHbEXw)
-
-## Associate your Microsoft Store account with Intune for Education
-
-1. Sign in to Microsoft Store for Education.
-2. Accept the Microsoft Store for Business and Education Services Agreement.
-
- This will take you to the Microsoft Store for Education portal.
-
- **Figure 1** - Microsoft Store for Education portal
-
- 
-
-3. In the Microsoft Store portal, click **Manage** to go to the Microsoft Store **Overview** page.
-4. Find the **Overview** page, find the **Store settings** tile and click **Management tools**.
-
- **Figure 2** - Select management tools from the list of Store settings options
-
- 
-
-4. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune for Education ready for use with Microsoft Store for Education.
-
- **Figure 3** - Activate Intune for Education as the management tool
-
- 
-
-Your Microsoft Store for Education account is now linked to Intune for Education so let's set that up next.
-
-> [!div class="step-by-step"]
-[<< Use School Data Sync to import student data](use-school-data-sync.md)
-[Use Intune for Education to manage groups, apps, and settings >>](use-intune-for-education.md)
-
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/enable-microsoft-teams.md b/education/get-started/enable-microsoft-teams.md
deleted file mode 100644
index 5d3af7dc3d..0000000000
--- a/education/get-started/enable-microsoft-teams.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Enable Microsoft Teams for your school
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 07/28/2017
----
-
-# Enable Microsoft Teams for your school
-
-Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education.
-
-To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school.
-
-## Enable Microsoft Teams for your school
-
-1. Sign in to Office 365 with your work or school account.
-2. Click **Admin** to go to the Office 365 admin center.
-3. Go to **Settings > Services & add-ins**.
-4. On the **Services & add-ins** page, select **Microsoft Teams**.
-
- **Figure 1** - Select Microsoft Teams from the list of services & add-ins
-
- 
-
-5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
-
- **Figure 2** - Select the license that you want to configure
-
- 
-
-6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
-
- **Figure 3** - Turn on Microsoft Teams for your organization
-
- 
-
-7. Click **Save**.
-
-You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the Meet Microsoft Teams page.
-
-
-> [!div class="step-by-step"]
-[<< Use School Data Sync to import student data](use-school-data-sync.md)
-[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
-
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/finish-setup-and-other-tasks.md b/education/get-started/finish-setup-and-other-tasks.md
deleted file mode 100644
index 120b357bc2..0000000000
--- a/education/get-started/finish-setup-and-other-tasks.md
+++ /dev/null
@@ -1,215 +0,0 @@
----
-title: Finish Windows 10 device setup and other tasks
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 10/09/2017
----
-
-# Finish Windows 10 device setup and other tasks
-
-> [!div class="step-by-step"]
-[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
-
-Once you've set up your Windows 10 education device, it's worth checking to verify the following:
-
-> [!div class="checklist"]
-> * Correct device setup
-> * Device is Azure AD joined
-
-You can watch the video to see how this is done, or follow the step-by-step guide.
-
-> [!VIDEO https://www.youtube.com/embed/nhQ_4okWFmk]
-
-You can watch the descriptive audio version here: [Microsoft Education: Verify Windows 10 education devices are Azure AD joined and managed (DA)](https://www.youtube.com/watch?v=_hVIxaEsu2Y)
-
-## Verify correct device setup
-Verify that the device is set up correctly and boots without any issues.
-
-**Verify that the device was set up correctly**
-1. Confirm that the Start menu contains a simple configuration.
-2. Confirm that the Store and built-in apps are installed and working. The apps pushed down from Intune for Education will appear under **Recently added**.
-
- > [!NOTE]
- > It may take some time before some apps are pushed down to your device from Intune for Education. Check again later if you don't see some of the apps you provisioned for the user.
-
- **Figure 1** - Sample list of apps for a user
-
- 
-
-## Verify the device is Azure AD joined
-Let's now verify that the device is joined to your organization's Azure AD and shows up as being managed in Microsoft Intune for Education.
-
-**Verify if the device is joined to Azure AD**
-1. Log in to the Intune for Education console.
-2. Select **Groups** and select **All Devices**.
-3. In the **All Devices** page, see the list of devices and verify that the device you're signed into appears on the list.
-
- **Figure 2** - List of all managed devices
-
- 
-
-4. On the Windows 10 education device, click **Start** and go to **Settings**.
-5. Select **Accounts > Access work or school**.
-6. In the **Access work or school** page, confirm that the device is connected to the organization's Azure AD.
-
- **Figure 3** - Confirm that the Windows 10 device is joined to Azure AD
-
- 
-
-**That's it! You're done!** You've completed basic cloud setup, deployment, and management using Microsoft Education.
-
-You can follow the rest of the walkthrough to finish setup and complete other tasks, such as:
-
-> [!div class="checklist"]
-> * Update group settings in Intune for Education
-> * Configure Azure settings
-> * Complete Office 365 for Education setup
-> * Enable Microsoft teams for your school
-> * Add more users
-> * Connect other devices, like BYOD devices, to your cloud infrastructure
-
-You can watch the following video to see how to update group settings in Intune for Education and configure Azure settings. Or, you can follow the step-by-step guide for these tasks and the other tasks listed above.
-
-> [!VIDEO https://www.youtube.com/embed/M6-k73dZOfw]
-
-You can watch the descriptive audio version here: [Microsoft Education: Update settings, apps, and Azure AD settings for your education tenant (DA)](https://www.youtube.com/watch?v=-Rz3VcDXbzs)
-
-## Update group settings in Intune for Education
-If you need to make changes or updates to any of the apps or settings for the group(s), follow these steps.
-
-1. Log in to the Intune for Education console.
-2. Click **Groups** and then choose **Settings** in the taskbar at the top of the page.
-3. You will see the same settings groups that you saw in express setup for Intune for Education as well as other settings categories such as **Windows Defender settings**, **Device sharing**, **Edition upgrade**, and so on.
-
- **Figure 4** - See the list of available settings in Intune for Education
-
- 
-
-4. Keep the default settings or configure the settings according to your school's policies.
-
- For example, you can configure the diagnostic data sent to Microsoft in **Basic device settings > Send diagnostic data**.
-
-5. Click **Save** or **Discard changes**.
-
-## Configure Azure settings
-After completing the basic setup for your cloud infrastructure and confirming that it is up and running, it's time to prepare for additional devices to be added and enable capabilities for the user to use.
-
-### Enable many devices to be added by a single person
-When a device is owned by the school, you may need to have a single persion adding many devices to your cloud infrastructure.
-
-Follow the steps in this section to enable a single person to add many devices to your cloud infrastructure.
-
-1. Sign in to the Office 365 admin center.
-2. Configure the device settings for the school's Active Directory. To do this, go to the new Azure portal, https://portal.azure.com.
-3. Select **Azure Active Directory > Users and groups > Device settings**.
-
- **Figure 5** - Device settings in the new Azure portal
-
- 
-
-4. Find the setting **Maximum number of devices per user** and change the value to **Unlimited**.
-5. Click **Save** to update device settings.
-
-### Enable roaming settings for users
-When students move from using one device to another, they may need to have their settings roam with them and be made available on other devices.
-
-Follow the steps in this section to ensure that settings for the each user follow them when they move from one device to another.
-
-1. Sign in to the Office 365 admin center.
-3. Go to the new Azure portal, https://portal.azure.com.
-3. Select **Azure Active Directory > Users and groups > Device settings**.
-4. Find the setting **Users may sync settings and enterprise app data** and change the value to **All**.
-
- **Figure 6** - Enable settings to roam with users
-
- 
-
-5. Click **Save** to update device settings.
-
-## Complete Office 365 for Education setup
-Now that your basic cloud infrastructure is up and running, it's time to complete the rest of the Office 365 for Education setup. You can find detailed information about completing Office 365 setup, services and applications, troubleshooting, and more by reading the Office 365 admin documentation.
-
-## Enable Microsoft Teams for your school
-Microsoft Teams is a digital hub that brings conversations, content, and apps together in one place. Because it's built on Office 365, schools benefit from integration with their familiar Office apps and services. Your institution can use Microsoft Teams to create collaborative classrooms, connect in professional learning communities, and communicate with school staff all from a single experience in Office 365 for Education.
-
-To get started, IT administrators need to use the Office 365 Admin Center to enable Microsoft Teams for your school.
-
-**To enable Microsoft Teams for your school**
-
-1. Sign in to Office 365 with your work or school account.
-2. Click **Admin** to go to the Office 365 admin center.
-3. Go to **Settings > Services & add-ins**.
-4. On the **Services & add-ins** page, select **Microsoft Teams**.
-
- **Figure 1** - Select Microsoft Teams from the list of services & add-ins
-
- 
-
-5. On the Microsoft Teams settings screen, select the license that you want to configure, **Student** or **Faculty and Staff**. Select **Faculty and Staff**.
-
- **Figure 2** - Select the license that you want to configure
-
- 
-
-6. After you select the license type, set the toggle to turn on Microsoft Teams for your organization.
-
- **Figure 3** - Turn on Microsoft Teams for your organization
-
- 
-
-7. Click **Save**.
-
-You can find more info about how to control which users in your school can use Microsoft Teams, turn off group creation, configure tenant-level settings, and more by reading the *Guide for IT admins* getting started guide in the Meet Microsoft Teams page.
-
-## Add more users
-After your cloud infrastructure is set up and you have a device management strategy in place, you may need to add more users and you want the same policies to apply to these users. You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Intune for Education.
-
-See Add users to Office 365 to learn more. Once you're done adding new users, go to the Intune for Education console and verify that the same users were added to the Intune for Education groups as well.
-
-## Connect other devices to your cloud infrastructure
-Adding a new device to your cloud-based tenant is easy. For new devices, you can follow the steps in [Set up Windows 10 education devices](set-up-windows-10-education-devices.md). For other devices, such as those personally-owned by teachers who need to connect to the school network to access work or school resources (BYOD), you can follow the steps in this section to get these devices connected.
-
- > [!NOTE]
- > These steps enable users to get access to the organization's resources, but it also gives the organization some control over the device.
-
-**To connect a personal device to your work or school**
-
-1. On your Windows device, go to **Settings > Accounts**.
-2. Select **Access work or school** and then click **Connect** in the **Connect to work or school** page.
-3. In the **Set up a work or school account** window, enter the user's account info.
-
- For example, if a teacher connects their personal device to the school network, they'll see the following screen after typing in their account information.
-
- **Figure 7** - Device is now managed by Intune for Education
-
- 
-
-4. Enter the account password and then click **Sign in** to authenticate the user.
-
- Depending on the organization's policy, the user may be asked to update the password.
-
-5. After the user's credentails are validated, the window will refresh and will now include an entry that shows the device is now connected to the organization's MDM. This means the device is now enrolled in Intune for Education MDM and the account should have access to the organization's resources.
-
- **Figure 8** - Device is connected to organization's MDM
-
- 
-
-6. You can confirm that the new device and user are showing up as Intune for Education-managed by going to the Intune for Education management portal and following the steps in [Verify the device is Azure AD joined](#verify-the-device-is-azure-ad-joined).
-
- It may take several minutes before the new device shows up so check again later.
-
-
-> [!div class="step-by-step"]
-[<< Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
-
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/get-started-with-microsoft-education.md b/education/get-started/get-started-with-microsoft-education.md
deleted file mode 100644
index 6df81f8b27..0000000000
--- a/education/get-started/get-started-with-microsoft-education.md
+++ /dev/null
@@ -1,167 +0,0 @@
----
-title: Deploy and manage a full cloud IT solution with Microsoft Education
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: hero-article
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 10/09/2017
----
-
-# Get started: Deploy and manage a full cloud IT solution with Microsoft Education
-
-
-
-**Applies to:**
-
-- Office 365 for Education, School Data Sync, Microsoft Intune for Education, Microsoft Store for Education, Windows 10 Creators Update, Set up School PCs
-
-Hello, IT administrators! In this walkthrough, we'll show you how you can quickly and easily use the new Microsoft Education system, consisting of new and existing cloud services and tools, to implement a full IT cloud solution for your school.
-
-## What is Microsoft Education?
-**Microsoft Education** consists of these new and existing services and tools from Microsoft:
-- **Microsoft Intune for Education** for simple set up, control, and management of the resources for your school including apps, devices, and settings
-- **Office 365 for Education** provides online apps for work from anywhere and desktop apps for advanced functionality, built for working together and available across devices, and it's free for schools, teachers, and students
- - **School Data Sync** to help automate the process for importing and integrating School Information System (SIS) data that you can use with Office 365
- - **OneNote Class Notebook** to organize course content, create and deliver interactive lessons to some or all students, collaborate and provide private feedback to individual students, and connect with major LMS and SIS partners for assignment workflow
-- **Microsoft Teams** to bring conversations, content, and apps together in one place and create collaborate classrooms, connect in professional learning communities, and communicate with school staff
-- **Learning Tools** are moving beyond the OneNote desktop app and is now available in Office Lens, OneNote Online, Word Online, and Word desktop
-- **Whiteboard** to create interactive lessons on the big screen, share and collaborate real-time by connecting to Class Notebook and Classroom
-- **Windows 10, version 1703 (Creators Update)** which brings 3D for everyone and other new and updated Windows features
-- **Minecraft: Education Edition** which provides an open and immersive environment to promote creativity, collaboration, and problem-solving
-
-With Microsoft Education, schools can:
-- **Use affordable devices and simple setup** - Boost creativity and get started instantly with Windows 10 devices that support Windows Ink. Set up devices in minutes and stay in control with the new Intune for Education.
-- **Collaborate in a modern classroom** - Help students become career-ready with Office apps like Word, Excel, PowerPoint, and OneNote. Increase comprehension and outcomes with the most advanced teaching apps like integrated Learning Tools.
-- **Go beyond the browser with inspiring apps for classroom learning** - Inspire with Minecraft: Education Edition and innovative apps from the Microsoft Store for Education.
-
-Go to the Microsoft Education site to learn more. See How to buy to learn about pricing and purchasing options for schools, students, and teachers as well as academic pricing and offers for qualified K-12 and higher education institutions.
-
-## What we're doing
-The end-to-end process for deploying and managing a full cloud IT solution with Microsoft Education is outlined here. Depending on your [setup scenario](#setup-options), you may not need to implement all these steps.
-
-Click the link to watch the video or follow the step-by-step guidance for each.
-
-1. [Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-2. [Use School Data Sync to import student data](use-school-data-sync.md)
-3. [Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-4. [Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-5. [Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
-6. [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md)
-
-**Figure 1** - Microsoft Education IT administrator workflow
-
-
-
-## Prerequisites
-Complete these tasks before you start the walkthrough:
-- Make sure all the devices that you want to configure, such as student PCs, have the latest Windows 10, version 1703 image installed.
-
- We recommend Windows 10, version 1703 to take advantage of all the new features and functionality that Windows supports. This version of Windows is also compatible with the latest version of the Set up School PCs app and the versions must match in order for Set up School PCs to provision the devices.
-
- If you don't have Windows 10, version 1703 installed on your devices, we recommend upgrading. This process takes a while so start this task before proceeding with this walkthrough.
-
-- Have an education-verified tenant to qualify for an Office 365 for Education subscription. You also need to be education-verified to use School Data Sync and Intune for Education.
-
- If you don't have an education-verified domain, don't worry. We'll show you the steps on how to do this.
-
- > [!NOTE]
- > If you need to get education-verified, it may take up to two weeks for the verification process to be completed.
-
-## Setup options
- To make sure you have a successful experience with deploying and managing a full cloud IT solution with Microsoft Education, select the scenario that best describes your school or how you'd like to get started.
-
-
-| [Get started with Microsoft Education in production environment](#noo365prodenv) | [Try out Microsoft Education in trial environment](#noo365trialenv) | [School uses Office 365, try out Intune for Education now](#schooluseso365tryi4e) |
-| ----------------------------------------- | ------------------------------------------------ | ---------------------------------------------- |
-| * My school doesn't use Office 365 for Education | * My school doesn't use Office 365 for Education | * My school uses Office 365 for Education |
-| * My school is not an education-verified tenant | * My school is not an education-verified tenant | * My school is an education-verified tenant |
-| * I would like to get started with Microsoft Education in a production environment | * I would like to try out Microsoft Education in a trial environment | * I would like to apply the Intune for Education trial code to my school's production environment |
-| * Longest, need to start from scratch | * Simplest, but may take longer to start | * Fastest, Office 365 and SDS already set up |
-
-
-### Option 1: Get started with Microsoft Education in a production environment
-Trying out Microsoft Education in a production environment means you'll be using real school data as you evaluate the features and tools. This requires more time to get fully set up and going.
-
-To get started with Microsoft Education in a production environment:
-
-* Go to https://aka.ms/sdssignup and fill out the form to sign up for School Data Sync and receive a free, one-on-one support from Microsoft.
-
- A team from Microsoft will contact you to help get started with Microsoft Education.
-
-If you want a quicker way to evaluate Microsoft Education, you can [use a trial environment instead](#noo365trialenv).
-
-### Option 2: Try out Microsoft Education in a trial environment
-Once you get an Office 365 education-verified tenant, trying out Microsoft Education in a trial environment is an easy way to evaluate all the features and tools. Here, you'll use promo codes and sample files as you follow the walkthrough.
-
-To get started with Microsoft Education in a trial environment, follow these steps.
-
-1. [Set up a new Office 365 for Education tenant](set-up-office365-edu-tenant.md).
-
- Wait for your tenant to be education-verified before proceeding with the next step. Verification can take up to a few days.
-
-2. Once you have an education-verified tenant, click https://aka.ms/intuneforedupreviewtrial to apply the Intune for Education trial promo code.
- 1. In the Intune for Education Trial page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
- 2. Sign in with your global admin credentials.
-
-3. Sign in to Office 365 admin portal and:
- 1. Select **Admin > Users** and then search for your admin account.
- 2. In the user page, select **Product licenses** and expand the **Office 365 Education** license you assigned to yourself.
- 3. Confirm that School Data Sync is turned on.
-
-3. Skip ahead and follow the rest of the instructions in this walkthrough beginning with [Use School Data Sync to import student data](use-school-data-sync.md).
-
-### Option 3: Try out Intune for Education
-Already have an Office 365 for Education verified tenant? Just sign in with your global admin credentials to apply the Intune for Education preview trial code to your tenant and follow the rest of the walkthrough.
-
-1. Click https://aka.ms/intuneforedupreviewtrial to get started.
-2. In the **Intune for Education Trial** page, on the upper right, click **Sign in** next to **Want to add this to an existing subscription?**.
-
- **Figure 2** - Intune for Education trial sign in page
-
- 
-
-3. Enter your Office 365 global admin credentials to apply the Intune for Education trial to your tenant.
-4. If you don't already have Microsoft Teams deployed to your tenant, you can start with [Enable Microsoft Teams for your school](enable-microsoft-teams.md) and then follow the rest of the instructions in this walkthrough.
-
-## Get more info
-
-### Microsoft Education documentation and resources hub
-See the Microsoft Education documentation and resources hub for links to more content for IT admins, teachers, students, and education app developers.
-
-### Info related to this walkthrough
-
-**For IT admins**
-
-To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
-- Working with Microsoft Store for Education
-- *Resources for anyone who uses Office 365* and *Resources for admins* in Get started with Office 365 for Education
-- School Data Sync deployment options
- - Deployment using CSV files: How to deploy School Data Sync by using CSV files and CSV files for School Data Sync
- - Deployment using PowerSchool Sync: How to deploy School Data Sync by using PowerSchool Sync and School Data Sync required attributes for PowerSchool Sync
- - Deployment using Clever Sync: How to deploy School Data Sync by using Clever Sync and School Data Sync required attributes for Clever sync
- - Deployment using OneRoster CSV files: How to deploy School Data Sync by using OneRoster CSV files
-- Azure Active Directory features used by Intune for Education, including:
- - Single Sign-On (SSO) - Allow your Azure AD users to access SSO-enabled apps, so they don’t need to type in their credentials to access these apps.
- - MDM auto-enrollment - Devices are automatically enrolled with Intune upon being joined with Azure AD join.
-- Enterprise state roaming - Keep school data and personal data separate on your devices.
- - Dynamic groups - You can use dynamic groups to create rules that populate your groups (for example, a group with all 9th graders) instead of having to manually add or remove members of the groups. The group stays updated by continually staying populated with members that fit the rules you pick.
- - Password write-back - Allows you to configure Azure AD to write passwords back to your on-premises Active Directory. It removes the need to set up and manage a complicated on-premises self-service password reset solution, and it provides a convenient cloud-based way for your users to reset their on-premises passwords wherever they are.
- - Administrative units
- - Additional local administrators
- - Self-service BitLocker recovery - A self-service portal that allows your employees to retrieve their BitLocker recovery key and avoid support calls.
-
-**For teachers**
-
-Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:
-- *Resources for anyone who uses Office 365* in Get started with Office 365 for Education
-- Windows 10 online resources for teachers
-
-
-
-
diff --git a/education/get-started/images/03bfe22a-469b-4b73-ab8d-af5aaac8ff89.png b/education/get-started/images/03bfe22a-469b-4b73-ab8d-af5aaac8ff89.png
deleted file mode 100644
index 82aeef7c40..0000000000
Binary files a/education/get-started/images/03bfe22a-469b-4b73-ab8d-af5aaac8ff89.png and /dev/null differ
diff --git a/education/get-started/images/ICDstart-option.PNG b/education/get-started/images/ICDstart-option.PNG
deleted file mode 100644
index 1ba49bb261..0000000000
Binary files a/education/get-started/images/ICDstart-option.PNG and /dev/null differ
diff --git a/education/get-started/images/MSES_Get_Started_IT_082917.png b/education/get-started/images/MSES_Get_Started_IT_082917.png
deleted file mode 100644
index 5153524b43..0000000000
Binary files a/education/get-started/images/MSES_Get_Started_IT_082917.png and /dev/null differ
diff --git a/education/get-started/images/PCicon.png b/education/get-started/images/PCicon.png
deleted file mode 100644
index c97c137b83..0000000000
Binary files a/education/get-started/images/PCicon.png and /dev/null differ
diff --git a/education/get-started/images/TakeATestURL.png b/education/get-started/images/TakeATestURL.png
deleted file mode 100644
index b057763e8b..0000000000
Binary files a/education/get-started/images/TakeATestURL.png and /dev/null differ
diff --git a/education/get-started/images/allowcortana_gp.PNG b/education/get-started/images/allowcortana_gp.PNG
deleted file mode 100644
index 7adf1b7594..0000000000
Binary files a/education/get-started/images/allowcortana_gp.PNG and /dev/null differ
diff --git a/education/get-started/images/allowcortana_omauri.PNG b/education/get-started/images/allowcortana_omauri.PNG
deleted file mode 100644
index 303c89ed5f..0000000000
Binary files a/education/get-started/images/allowcortana_omauri.PNG and /dev/null differ
diff --git a/education/get-started/images/allowcortana_wcd.PNG b/education/get-started/images/allowcortana_wcd.PNG
deleted file mode 100644
index 5e62e0bb01..0000000000
Binary files a/education/get-started/images/allowcortana_wcd.PNG and /dev/null differ
diff --git a/education/get-started/images/app-distribution-options.PNG b/education/get-started/images/app-distribution-options.PNG
deleted file mode 100644
index 75b3374720..0000000000
Binary files a/education/get-started/images/app-distribution-options.PNG and /dev/null differ
diff --git a/education/get-started/images/app-privacy-group-policy.png b/education/get-started/images/app-privacy-group-policy.png
deleted file mode 100644
index 96a5f0380a..0000000000
Binary files a/education/get-started/images/app-privacy-group-policy.png and /dev/null differ
diff --git a/education/get-started/images/app1.jpg b/education/get-started/images/app1.jpg
deleted file mode 100644
index aef6c5c22e..0000000000
Binary files a/education/get-started/images/app1.jpg and /dev/null differ
diff --git a/education/get-started/images/assign_intune_classroom_licenses_to_users.png b/education/get-started/images/assign_intune_classroom_licenses_to_users.png
deleted file mode 100644
index 39885c5778..0000000000
Binary files a/education/get-started/images/assign_intune_classroom_licenses_to_users.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_apps_intune.png b/education/get-started/images/azure_ad_apps_intune.png
deleted file mode 100644
index ff703bd920..0000000000
Binary files a/education/get-started/images/azure_ad_apps_intune.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_configure_intune.png b/education/get-started/images/azure_ad_configure_intune.png
deleted file mode 100644
index 253ec99443..0000000000
Binary files a/education/get-started/images/azure_ad_configure_intune.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_first_signin.png b/education/get-started/images/azure_ad_first_signin.png
deleted file mode 100644
index 01e71111a2..0000000000
Binary files a/education/get-started/images/azure_ad_first_signin.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_intune_configuration_save.png b/education/get-started/images/azure_ad_intune_configuration_save.png
deleted file mode 100644
index a7feb3b75b..0000000000
Binary files a/education/get-started/images/azure_ad_intune_configuration_save.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_oops_subscription_message.png b/education/get-started/images/azure_ad_oops_subscription_message.png
deleted file mode 100644
index 2c6f751179..0000000000
Binary files a/education/get-started/images/azure_ad_oops_subscription_message.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal.png b/education/get-started/images/azure_ad_portal.png
deleted file mode 100644
index b06600f922..0000000000
Binary files a/education/get-started/images/azure_ad_portal.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old.png b/education/get-started/images/azure_ad_portal_old.png
deleted file mode 100644
index 4f48fdeaa2..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_add_group_members.png b/education/get-started/images/azure_ad_portal_old_add_group_members.png
deleted file mode 100644
index 465b2d2c01..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_add_group_members.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_intune_configuration.png b/education/get-started/images/azure_ad_portal_old_intune_configuration.png
deleted file mode 100644
index 6d48984601..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_intune_configuration.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_intune_properties.png b/education/get-started/images/azure_ad_portal_old_intune_properties.png
deleted file mode 100644
index 3ce578a2e5..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_intune_properties.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_intune_select_all_students.png b/education/get-started/images/azure_ad_portal_old_intune_select_all_students.png
deleted file mode 100644
index 0165d7b6b5..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_intune_select_all_students.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_intune_select_groups.png b/education/get-started/images/azure_ad_portal_old_intune_select_groups.png
deleted file mode 100644
index 0165d7b6b5..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_intune_select_groups.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_new_group.png b/education/get-started/images/azure_ad_portal_old_new_group.png
deleted file mode 100644
index 2c27738d26..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_new_group.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_select_apps.png b/education/get-started/images/azure_ad_portal_old_select_apps.png
deleted file mode 100644
index 3c8d188d0c..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_select_apps.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_select_directory.png b/education/get-started/images/azure_ad_portal_old_select_directory.png
deleted file mode 100644
index ba8d43dca8..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_select_directory.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_old_select_domain.png b/education/get-started/images/azure_ad_portal_old_select_domain.png
deleted file mode 100644
index 4fcaeabbd6..0000000000
Binary files a/education/get-started/images/azure_ad_portal_old_select_domain.png and /dev/null differ
diff --git a/education/get-started/images/azure_ad_portal_overview.png b/education/get-started/images/azure_ad_portal_overview.png
deleted file mode 100644
index 99a8b3899f..0000000000
Binary files a/education/get-started/images/azure_ad_portal_overview.png and /dev/null differ
diff --git a/education/get-started/images/azure_classicportal_configure_devicesettings.PNG b/education/get-started/images/azure_classicportal_configure_devicesettings.PNG
deleted file mode 100644
index d9681e69d2..0000000000
Binary files a/education/get-started/images/azure_classicportal_configure_devicesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/azure_newportal_usersandgroups_devicesettings.PNG b/education/get-started/images/azure_newportal_usersandgroups_devicesettings.PNG
deleted file mode 100644
index c73cf7a68b..0000000000
Binary files a/education/get-started/images/azure_newportal_usersandgroups_devicesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/azure_usersandgroups_devicesettings_ers.PNG b/education/get-started/images/azure_usersandgroups_devicesettings_ers.PNG
deleted file mode 100644
index 2fa9c8dc74..0000000000
Binary files a/education/get-started/images/azure_usersandgroups_devicesettings_ers.PNG and /dev/null differ
diff --git a/education/get-started/images/azuread_usersandgroups_allusers_automaticaccounts.png b/education/get-started/images/azuread_usersandgroups_allusers_automaticaccounts.png
deleted file mode 100644
index f0549797a0..0000000000
Binary files a/education/get-started/images/azuread_usersandgroups_allusers_automaticaccounts.png and /dev/null differ
diff --git a/education/get-started/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png b/education/get-started/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png
deleted file mode 100644
index 37ea63cda2..0000000000
Binary files a/education/get-started/images/azuread_usersandgroups_devicesettings_maxnumberofdevicesperuser.png and /dev/null differ
diff --git a/education/get-started/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png b/education/get-started/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png
deleted file mode 100644
index 1b8389b1f5..0000000000
Binary files a/education/get-started/images/azuread_usersandgroups_devicesettings_requiremultifactorauth.png and /dev/null differ
diff --git a/education/get-started/images/azuread_usersandgroups_devicesettings_usersmayjoin.png b/education/get-started/images/azuread_usersandgroups_devicesettings_usersmayjoin.png
deleted file mode 100644
index 40a603cf64..0000000000
Binary files a/education/get-started/images/azuread_usersandgroups_devicesettings_usersmayjoin.png and /dev/null differ
diff --git a/education/get-started/images/azuread_video_thumbnail.PNG b/education/get-started/images/azuread_video_thumbnail.PNG
deleted file mode 100644
index e0723147f4..0000000000
Binary files a/education/get-started/images/azuread_video_thumbnail.PNG and /dev/null differ
diff --git a/education/get-started/images/byob_aad_enrollment_intune.png b/education/get-started/images/byob_aad_enrollment_intune.png
deleted file mode 100644
index fb6aaa4cd8..0000000000
Binary files a/education/get-started/images/byob_aad_enrollment_intune.png and /dev/null differ
diff --git a/education/get-started/images/checkmark.png b/education/get-started/images/checkmark.png
deleted file mode 100644
index f9f04cd6bd..0000000000
Binary files a/education/get-started/images/checkmark.png and /dev/null differ
diff --git a/education/get-started/images/choose-package-icd.png b/education/get-started/images/choose-package-icd.png
deleted file mode 100644
index 2bf7a18648..0000000000
Binary files a/education/get-started/images/choose-package-icd.png and /dev/null differ
diff --git a/education/get-started/images/choose-package.png b/education/get-started/images/choose-package.png
deleted file mode 100644
index 868407df56..0000000000
Binary files a/education/get-started/images/choose-package.png and /dev/null differ
diff --git a/education/get-started/images/chromebook-fig1-googleadmin.png b/education/get-started/images/chromebook-fig1-googleadmin.png
deleted file mode 100644
index b3d42e5ff2..0000000000
Binary files a/education/get-started/images/chromebook-fig1-googleadmin.png and /dev/null differ
diff --git a/education/get-started/images/clipboard.png b/education/get-started/images/clipboard.png
deleted file mode 100644
index bbfa2c9e8d..0000000000
Binary files a/education/get-started/images/clipboard.png and /dev/null differ
diff --git a/education/get-started/images/cloud-mode-graphic.png b/education/get-started/images/cloud-mode-graphic.png
deleted file mode 100644
index 53046c440f..0000000000
Binary files a/education/get-started/images/cloud-mode-graphic.png and /dev/null differ
diff --git a/education/get-started/images/cloud-mode-intro-banner.png b/education/get-started/images/cloud-mode-intro-banner.png
deleted file mode 100644
index 6ef1059262..0000000000
Binary files a/education/get-started/images/cloud-mode-intro-banner.png and /dev/null differ
diff --git a/education/get-started/images/cloud-mode-topic-banner.png b/education/get-started/images/cloud-mode-topic-banner.png
deleted file mode 100644
index 53046c440f..0000000000
Binary files a/education/get-started/images/cloud-mode-topic-banner.png and /dev/null differ
diff --git a/education/get-started/images/configure_store_for_business_app_sync.png b/education/get-started/images/configure_store_for_business_app_sync.png
deleted file mode 100644
index e56dc038f9..0000000000
Binary files a/education/get-started/images/configure_store_for_business_app_sync.png and /dev/null differ
diff --git a/education/get-started/images/connect-aad.png b/education/get-started/images/connect-aad.png
deleted file mode 100644
index 8583866165..0000000000
Binary files a/education/get-started/images/connect-aad.png and /dev/null differ
diff --git a/education/get-started/images/connect-ad.png b/education/get-started/images/connect-ad.png
deleted file mode 100644
index 4da67e8cdd..0000000000
Binary files a/education/get-started/images/connect-ad.png and /dev/null differ
diff --git a/education/get-started/images/connect_download_entry.jpg b/education/get-started/images/connect_download_entry.jpg
deleted file mode 100644
index 204b3ad6fa..0000000000
Binary files a/education/get-started/images/connect_download_entry.jpg and /dev/null differ
diff --git a/education/get-started/images/create_group_for_intune_management.png b/education/get-started/images/create_group_for_intune_management.png
deleted file mode 100644
index b886d12456..0000000000
Binary files a/education/get-started/images/create_group_for_intune_management.png and /dev/null differ
diff --git a/education/get-started/images/crossmark.png b/education/get-started/images/crossmark.png
deleted file mode 100644
index 69432ff71c..0000000000
Binary files a/education/get-started/images/crossmark.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure1.png b/education/get-started/images/deploy-win-10-school-figure1.png
deleted file mode 100644
index 66113dcce1..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure1.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure2.png b/education/get-started/images/deploy-win-10-school-figure2.png
deleted file mode 100644
index 0227f8dbaa..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure2.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure3.png b/education/get-started/images/deploy-win-10-school-figure3.png
deleted file mode 100644
index 1b39b5cc14..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure3.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure4.png b/education/get-started/images/deploy-win-10-school-figure4.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure4.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure5.png b/education/get-started/images/deploy-win-10-school-figure5.png
deleted file mode 100644
index 550386f1ce..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure5.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure6.png b/education/get-started/images/deploy-win-10-school-figure6.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure6.png and /dev/null differ
diff --git a/education/get-started/images/deploy-win-10-school-figure7.png b/education/get-started/images/deploy-win-10-school-figure7.png
deleted file mode 100644
index 8e7581007a..0000000000
Binary files a/education/get-started/images/deploy-win-10-school-figure7.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig1.png b/education/get-started/images/edu-districtdeploy-fig1.png
deleted file mode 100644
index a9ed962f95..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig1.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig2.png b/education/get-started/images/edu-districtdeploy-fig2.png
deleted file mode 100644
index 3838c18153..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig2.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig3.png b/education/get-started/images/edu-districtdeploy-fig3.png
deleted file mode 100644
index 0227f8dbaa..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig3.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig4.png b/education/get-started/images/edu-districtdeploy-fig4.png
deleted file mode 100644
index c55ee20d47..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig4.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig5.png b/education/get-started/images/edu-districtdeploy-fig5.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig5.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig6.png b/education/get-started/images/edu-districtdeploy-fig6.png
deleted file mode 100644
index 550386f1ce..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig6.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig7.png b/education/get-started/images/edu-districtdeploy-fig7.png
deleted file mode 100644
index 09552a448a..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig7.png and /dev/null differ
diff --git a/education/get-started/images/edu-districtdeploy-fig8.png b/education/get-started/images/edu-districtdeploy-fig8.png
deleted file mode 100644
index 8e7581007a..0000000000
Binary files a/education/get-started/images/edu-districtdeploy-fig8.png and /dev/null differ
diff --git a/education/get-started/images/education.png b/education/get-started/images/education.png
deleted file mode 100644
index cc4f7fabb2..0000000000
Binary files a/education/get-started/images/education.png and /dev/null differ
diff --git a/education/get-started/images/enter-email.PNG b/education/get-started/images/enter-email.PNG
deleted file mode 100644
index 644d893f06..0000000000
Binary files a/education/get-started/images/enter-email.PNG and /dev/null differ
diff --git a/education/get-started/images/express-settings.png b/education/get-started/images/express-settings.png
deleted file mode 100644
index 99e9c4825a..0000000000
Binary files a/education/get-started/images/express-settings.png and /dev/null differ
diff --git a/education/get-started/images/fig2-locallyconfig.png b/education/get-started/images/fig2-locallyconfig.png
deleted file mode 100644
index d2fe9820da..0000000000
Binary files a/education/get-started/images/fig2-locallyconfig.png and /dev/null differ
diff --git a/education/get-started/images/get-app-store.png b/education/get-started/images/get-app-store.png
deleted file mode 100644
index 14ae888425..0000000000
Binary files a/education/get-started/images/get-app-store.png and /dev/null differ
diff --git a/education/get-started/images/get-the-app.PNG b/education/get-started/images/get-the-app.PNG
deleted file mode 100644
index 0692ae6f7f..0000000000
Binary files a/education/get-started/images/get-the-app.PNG and /dev/null differ
diff --git a/education/get-started/images/gp_letwinappsaccesscontacts.PNG b/education/get-started/images/gp_letwinappsaccesscontacts.PNG
deleted file mode 100644
index 0228c9474b..0000000000
Binary files a/education/get-started/images/gp_letwinappsaccesscontacts.PNG and /dev/null differ
diff --git a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-2a.PNG b/education/get-started/images/how-to-deploy-SDS-using-CSV-files-2a.PNG
deleted file mode 100644
index 1dcae48622..0000000000
Binary files a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-2a.PNG and /dev/null differ
diff --git a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-3.PNG b/education/get-started/images/how-to-deploy-SDS-using-CSV-files-3.PNG
deleted file mode 100644
index b366d25c4e..0000000000
Binary files a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-3.PNG and /dev/null differ
diff --git a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-4.PNG b/education/get-started/images/how-to-deploy-SDS-using-CSV-files-4.PNG
deleted file mode 100644
index 60f4857c8e..0000000000
Binary files a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-4.PNG and /dev/null differ
diff --git a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-5.PNG b/education/get-started/images/how-to-deploy-SDS-using-CSV-files-5.PNG
deleted file mode 100644
index 56cd93787e..0000000000
Binary files a/education/get-started/images/how-to-deploy-SDS-using-CSV-files-5.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_admin_portal.png b/education/get-started/images/i4e_admin_portal.png
deleted file mode 100644
index c6f2b25d18..0000000000
Binary files a/education/get-started/images/i4e_admin_portal.png and /dev/null differ
diff --git a/education/get-started/images/i4e_apps_newstoreapp.PNG b/education/get-started/images/i4e_apps_newstoreapp.PNG
deleted file mode 100644
index 99af139e1d..0000000000
Binary files a/education/get-started/images/i4e_apps_newstoreapp.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_apps_newstoreapp_selected.png b/education/get-started/images/i4e_apps_newstoreapp_selected.png
deleted file mode 100644
index d4716d7574..0000000000
Binary files a/education/get-started/images/i4e_apps_newstoreapp_selected.png and /dev/null differ
diff --git a/education/get-started/images/i4e_apps_purchased_apps_list.PNG b/education/get-started/images/i4e_apps_purchased_apps_list.PNG
deleted file mode 100644
index 4440487d68..0000000000
Binary files a/education/get-started/images/i4e_apps_purchased_apps_list.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_apps_storeaboughtapps_nowsyncing.PNG b/education/get-started/images/i4e_apps_storeaboughtapps_nowsyncing.PNG
deleted file mode 100644
index 423e557d87..0000000000
Binary files a/education/get-started/images/i4e_apps_storeaboughtapps_nowsyncing.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_apps_storeapps_newappbutton.PNG b/education/get-started/images/i4e_apps_storeapps_newappbutton.PNG
deleted file mode 100644
index 4cb91536ac..0000000000
Binary files a/education/get-started/images/i4e_apps_storeapps_newappbutton.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard.PNG b/education/get-started/images/i4e_dashboard.PNG
deleted file mode 100644
index faced8b1f7..0000000000
Binary files a/education/get-started/images/i4e_dashboard.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_afterconfiguration.PNG b/education/get-started/images/i4e_dashboard_afterconfiguration.PNG
deleted file mode 100644
index 7c736072af..0000000000
Binary files a/education/get-started/images/i4e_dashboard_afterconfiguration.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_apps.PNG b/education/get-started/images/i4e_dashboard_apps.PNG
deleted file mode 100644
index 01bb4168f2..0000000000
Binary files a/education/get-started/images/i4e_dashboard_apps.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_clickapps.PNG b/education/get-started/images/i4e_dashboard_clickapps.PNG
deleted file mode 100644
index e847279c38..0000000000
Binary files a/education/get-started/images/i4e_dashboard_clickapps.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_clickapps_latest.PNG b/education/get-started/images/i4e_dashboard_clickapps_latest.PNG
deleted file mode 100644
index cec81cebc7..0000000000
Binary files a/education/get-started/images/i4e_dashboard_clickapps_latest.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_latest.PNG b/education/get-started/images/i4e_dashboard_latest.PNG
deleted file mode 100644
index 131d285d86..0000000000
Binary files a/education/get-started/images/i4e_dashboard_latest.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_newtenant.PNG b/education/get-started/images/i4e_dashboard_newtenant.PNG
deleted file mode 100644
index 3494a366b2..0000000000
Binary files a/education/get-started/images/i4e_dashboard_newtenant.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_dashboard_selectgroups.png b/education/get-started/images/i4e_dashboard_selectgroups.png
deleted file mode 100644
index 5d00c46121..0000000000
Binary files a/education/get-started/images/i4e_dashboard_selectgroups.png and /dev/null differ
diff --git a/education/get-started/images/i4e_expres_setup_option.PNG b/education/get-started/images/i4e_expres_setup_option.PNG
deleted file mode 100644
index e08f7ef18c..0000000000
Binary files a/education/get-started/images/i4e_expres_setup_option.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_express_configuration_welcometoi4e.PNG b/education/get-started/images/i4e_express_configuration_welcometoi4e.PNG
deleted file mode 100644
index 00626c574b..0000000000
Binary files a/education/get-started/images/i4e_express_configuration_welcometoi4e.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_express_setup_option.png b/education/get-started/images/i4e_express_setup_option.png
deleted file mode 100644
index e08f7ef18c..0000000000
Binary files a/education/get-started/images/i4e_express_setup_option.png and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_alldone.PNG b/education/get-started/images/i4e_expressconfiguration_alldone.PNG
deleted file mode 100644
index dfb6b51cf0..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_alldone.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_chooseapps.PNG b/education/get-started/images/i4e_expressconfiguration_chooseapps.PNG
deleted file mode 100644
index 2663b45d24..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_chooseapps.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_chooseapps_selected.PNG b/education/get-started/images/i4e_expressconfiguration_chooseapps_selected.PNG
deleted file mode 100644
index 70576b0d45..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_chooseapps_selected.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_chooseapps_selected_cropped.png b/education/get-started/images/i4e_expressconfiguration_chooseapps_selected_cropped.png
deleted file mode 100644
index 013468cc32..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_chooseapps_selected_cropped.png and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosebuttontogoback.PNG b/education/get-started/images/i4e_expressconfiguration_choosebuttontogoback.PNG
deleted file mode 100644
index 535a0cf01c..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosebuttontogoback.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings.PNG
deleted file mode 100644
index 5883a00ced..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings.PNG
deleted file mode 100644
index fb3a0d3d71..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.PNG
deleted file mode 100644
index 96e1e0452b..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettings_cropped.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured.PNG
deleted file mode 100644
index 011e91658d..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured_cropped.png b/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured_cropped.png
deleted file mode 100644
index b9cc6885fc..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_additionalsettingsconfigured_cropped.png and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse.PNG
deleted file mode 100644
index 8a998070fa..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped.png b/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped.png
deleted file mode 100644
index 0d39ae2780..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped.png and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.PNG b/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.PNG
deleted file mode 100644
index e223b5a94c..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_choosesettings_expandcollapse_cropped_052217.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_review.PNG b/education/get-started/images/i4e_expressconfiguration_review.PNG
deleted file mode 100644
index bbc70f3a3f..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_review.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_sdsconfigured.PNG b/education/get-started/images/i4e_expressconfiguration_sdsconfigured.PNG
deleted file mode 100644
index 5a7b4ed672..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_sdsconfigured.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expressconfiguration_welcome.PNG b/education/get-started/images/i4e_expressconfiguration_welcome.PNG
deleted file mode 100644
index 019609fb3e..0000000000
Binary files a/education/get-started/images/i4e_expressconfiguration_welcome.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_alldone.PNG b/education/get-started/images/i4e_expresssetup_alldone.PNG
deleted file mode 100644
index e53e4e1d3c..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_alldone.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_chooseapps.PNG b/education/get-started/images/i4e_expresssetup_chooseapps.PNG
deleted file mode 100644
index e7eeb0c59a..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_chooseapps.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_chooseapps_apps_chosen.PNG b/education/get-started/images/i4e_expresssetup_chooseapps_apps_chosen.PNG
deleted file mode 100644
index 1e5d6e53d1..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_chooseapps_apps_chosen.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_chooseapps_appschosen.PNG b/education/get-started/images/i4e_expresssetup_chooseapps_appschosen.PNG
deleted file mode 100644
index e08d5bd572..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_chooseapps_appschosen.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_chooseapps_new.PNG b/education/get-started/images/i4e_expresssetup_chooseapps_new.PNG
deleted file mode 100644
index 254f18813b..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_chooseapps_new.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_choosebuttontogoback.PNG b/education/get-started/images/i4e_expresssetup_choosebuttontogoback.PNG
deleted file mode 100644
index 1580c4382e..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_choosebuttontogoback.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_choosesettings.PNG b/education/get-started/images/i4e_expresssetup_choosesettings.PNG
deleted file mode 100644
index 16b2a086e7..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_choosesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_choosesettings_additionalsettings.PNG b/education/get-started/images/i4e_expresssetup_choosesettings_additionalsettings.PNG
deleted file mode 100644
index 749823c21e..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_choosesettings_additionalsettings.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_endofsetup.PNG b/education/get-started/images/i4e_expresssetup_endofsetup.PNG
deleted file mode 100644
index e9f2fa4b24..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_endofsetup.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_getschoolinfo.PNG b/education/get-started/images/i4e_expresssetup_getschoolinfo.PNG
deleted file mode 100644
index e230f260c9..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_getschoolinfo.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_getstarted.PNG b/education/get-started/images/i4e_expresssetup_getstarted.PNG
deleted file mode 100644
index 6ce576aaa9..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_getstarted.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_expresssetup_sdsconfigured.PNG b/education/get-started/images/i4e_expresssetup_sdsconfigured.PNG
deleted file mode 100644
index c9ef184d9d..0000000000
Binary files a/education/get-started/images/i4e_expresssetup_sdsconfigured.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups.PNG b/education/get-started/images/i4e_groups.PNG
deleted file mode 100644
index ed429844ae..0000000000
Binary files a/education/get-started/images/i4e_groups.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_alldevices_aadjoined_list.PNG b/education/get-started/images/i4e_groups_alldevices_aadjoined_list.PNG
deleted file mode 100644
index 6e87a4fa5a..0000000000
Binary files a/education/get-started/images/i4e_groups_alldevices_aadjoined_list.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_alldevices_list.PNG b/education/get-started/images/i4e_groups_alldevices_list.PNG
deleted file mode 100644
index 8fbf5ddd7b..0000000000
Binary files a/education/get-started/images/i4e_groups_alldevices_list.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_alldevices_listofaadjdevices.png b/education/get-started/images/i4e_groups_alldevices_listofaadjdevices.png
deleted file mode 100644
index d59b8a7b70..0000000000
Binary files a/education/get-started/images/i4e_groups_alldevices_listofaadjdevices.png and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_apps.PNG b/education/get-started/images/i4e_groups_allusers_apps.PNG
deleted file mode 100644
index 7047f51bc1..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_apps.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_apps_appstodeploy.PNG b/education/get-started/images/i4e_groups_allusers_apps_appstodeploy.PNG
deleted file mode 100644
index 3a0ae4645d..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_apps_appstodeploy.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_apps_edit.PNG b/education/get-started/images/i4e_groups_allusers_apps_edit.PNG
deleted file mode 100644
index cace903c13..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_apps_edit.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_apps_updatedlist.PNG b/education/get-started/images/i4e_groups_allusers_apps_updatedlist.PNG
deleted file mode 100644
index a25a1fb432..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_apps_updatedlist.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_appspage.PNG b/education/get-started/images/i4e_groups_allusers_appspage.PNG
deleted file mode 100644
index 5c81a54283..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_appspage.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_appspage_editapps.png b/education/get-started/images/i4e_groups_allusers_appspage_editapps.png
deleted file mode 100644
index 3935807ff8..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_appspage_editapps.png and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_list.PNG b/education/get-started/images/i4e_groups_allusers_list.PNG
deleted file mode 100644
index b28969d4e8..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_list.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_selectappstodeploy.PNG b/education/get-started/images/i4e_groups_allusers_selectappstodeploy.PNG
deleted file mode 100644
index 65c1dba1e2..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_selectappstodeploy.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_updatedappslist.PNG b/education/get-started/images/i4e_groups_allusers_updatedappslist.PNG
deleted file mode 100644
index 0c7bb32fa7..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_updatedappslist.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_users.PNG b/education/get-started/images/i4e_groups_allusers_users.PNG
deleted file mode 100644
index 8a94818fbc..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_users.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_allusers_users_steps.png b/education/get-started/images/i4e_groups_allusers_users_steps.png
deleted file mode 100644
index 2ce85659e0..0000000000
Binary files a/education/get-started/images/i4e_groups_allusers_users_steps.png and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_groups_blade.PNG b/education/get-started/images/i4e_groups_groups_blade.PNG
deleted file mode 100644
index d821aaad2c..0000000000
Binary files a/education/get-started/images/i4e_groups_groups_blade.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_settings_changes.PNG b/education/get-started/images/i4e_groups_settings_changes.PNG
deleted file mode 100644
index fe3c4dd610..0000000000
Binary files a/education/get-started/images/i4e_groups_settings_changes.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groups_settingslist_full.PNG b/education/get-started/images/i4e_groups_settingslist_full.PNG
deleted file mode 100644
index f3efbd9a04..0000000000
Binary files a/education/get-started/images/i4e_groups_settingslist_full.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_groupspage.PNG b/education/get-started/images/i4e_groupspage.PNG
deleted file mode 100644
index 7ee8affebc..0000000000
Binary files a/education/get-started/images/i4e_groupspage.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_new_store_app.PNG b/education/get-started/images/i4e_new_store_app.PNG
deleted file mode 100644
index 1e20501da2..0000000000
Binary files a/education/get-started/images/i4e_new_store_app.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_portal.PNG b/education/get-started/images/i4e_portal.PNG
deleted file mode 100644
index f234e60fff..0000000000
Binary files a/education/get-started/images/i4e_portal.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_takeatestprofile_accountsummary.PNG b/education/get-started/images/i4e_takeatestprofile_accountsummary.PNG
deleted file mode 100644
index e8feb9b5d7..0000000000
Binary files a/education/get-started/images/i4e_takeatestprofile_accountsummary.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_takeatestprofile_addnewprofile.PNG b/education/get-started/images/i4e_takeatestprofile_addnewprofile.PNG
deleted file mode 100644
index 401bccef4a..0000000000
Binary files a/education/get-started/images/i4e_takeatestprofile_addnewprofile.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_takeatestprofile_changegroup_selectgroup.PNG b/education/get-started/images/i4e_takeatestprofile_changegroup_selectgroup.PNG
deleted file mode 100644
index 4c8f0705ce..0000000000
Binary files a/education/get-started/images/i4e_takeatestprofile_changegroup_selectgroup.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_takeatestprofile_groupassignment_selected.PNG b/education/get-started/images/i4e_takeatestprofile_groupassignment_selected.PNG
deleted file mode 100644
index 8431e1d0cf..0000000000
Binary files a/education/get-started/images/i4e_takeatestprofile_groupassignment_selected.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_takeatestprofile_groups_changegroupassignments.PNG b/education/get-started/images/i4e_takeatestprofile_groups_changegroupassignments.PNG
deleted file mode 100644
index 914f0b4edd..0000000000
Binary files a/education/get-started/images/i4e_takeatestprofile_groups_changegroupassignments.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_takeatestprofile_newtestaccount.PNG b/education/get-started/images/i4e_takeatestprofile_newtestaccount.PNG
deleted file mode 100644
index 1ec2f0a2e2..0000000000
Binary files a/education/get-started/images/i4e_takeatestprofile_newtestaccount.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_tenant_settings_force_sync.PNG b/education/get-started/images/i4e_tenant_settings_force_sync.PNG
deleted file mode 100644
index 285c8b236b..0000000000
Binary files a/education/get-started/images/i4e_tenant_settings_force_sync.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_tenantsettings.PNG b/education/get-started/images/i4e_tenantsettings.PNG
deleted file mode 100644
index 90c1a0afde..0000000000
Binary files a/education/get-started/images/i4e_tenantsettings.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_tenantsettings_edit_syncwithstore_on.PNG b/education/get-started/images/i4e_tenantsettings_edit_syncwithstore_on.PNG
deleted file mode 100644
index d06bbde3ef..0000000000
Binary files a/education/get-started/images/i4e_tenantsettings_edit_syncwithstore_on.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_trialsigninpage.png b/education/get-started/images/i4e_trialsigninpage.png
deleted file mode 100644
index 5945ce3170..0000000000
Binary files a/education/get-started/images/i4e_trialsigninpage.png and /dev/null differ
diff --git a/education/get-started/images/i4e_video_thumbnail.PNG b/education/get-started/images/i4e_video_thumbnail.PNG
deleted file mode 100644
index fdec163bca..0000000000
Binary files a/education/get-started/images/i4e_video_thumbnail.PNG and /dev/null differ
diff --git a/education/get-started/images/i4e_video_thumbnail_app.PNG b/education/get-started/images/i4e_video_thumbnail_app.PNG
deleted file mode 100644
index f30ea26067..0000000000
Binary files a/education/get-started/images/i4e_video_thumbnail_app.PNG and /dev/null differ
diff --git a/education/get-started/images/icd-adv-shared-pc.PNG b/education/get-started/images/icd-adv-shared-pc.PNG
deleted file mode 100644
index a8da5fa78a..0000000000
Binary files a/education/get-started/images/icd-adv-shared-pc.PNG and /dev/null differ
diff --git a/education/get-started/images/icd-school-adv-edit.png b/education/get-started/images/icd-school-adv-edit.png
deleted file mode 100644
index 16843cc010..0000000000
Binary files a/education/get-started/images/icd-school-adv-edit.png and /dev/null differ
diff --git a/education/get-started/images/icd-school.PNG b/education/get-started/images/icd-school.PNG
deleted file mode 100644
index e6a944a193..0000000000
Binary files a/education/get-started/images/icd-school.PNG and /dev/null differ
diff --git a/education/get-started/images/icd-simple.PNG b/education/get-started/images/icd-simple.PNG
deleted file mode 100644
index 7ae8a1728b..0000000000
Binary files a/education/get-started/images/icd-simple.PNG and /dev/null differ
diff --git a/education/get-started/images/icdbrowse.png b/education/get-started/images/icdbrowse.png
deleted file mode 100644
index 53c91074c7..0000000000
Binary files a/education/get-started/images/icdbrowse.png and /dev/null differ
diff --git a/education/get-started/images/intune_admin_mdm_storeforbiz.png b/education/get-started/images/intune_admin_mdm_storeforbiz.png
deleted file mode 100644
index d67e95defb..0000000000
Binary files a/education/get-started/images/intune_admin_mdm_storeforbiz.png and /dev/null differ
diff --git a/education/get-started/images/intune_admin_workspace_configure_sync.PNG b/education/get-started/images/intune_admin_workspace_configure_sync.PNG
deleted file mode 100644
index a67c9a096c..0000000000
Binary files a/education/get-started/images/intune_admin_workspace_configure_sync.PNG and /dev/null differ
diff --git a/education/get-started/images/intune_app_deployment_action.png b/education/get-started/images/intune_app_deployment_action.png
deleted file mode 100644
index 7535cf2979..0000000000
Binary files a/education/get-started/images/intune_app_deployment_action.png and /dev/null differ
diff --git a/education/get-started/images/intune_create_general_win10_policy.png b/education/get-started/images/intune_create_general_win10_policy.png
deleted file mode 100644
index fed06848b5..0000000000
Binary files a/education/get-started/images/intune_create_general_win10_policy.png and /dev/null differ
diff --git a/education/get-started/images/intune_create_new_policy.png b/education/get-started/images/intune_create_new_policy.png
deleted file mode 100644
index 544ab5ef22..0000000000
Binary files a/education/get-started/images/intune_create_new_policy.png and /dev/null differ
diff --git a/education/get-started/images/intune_dashboard.png b/education/get-started/images/intune_dashboard.png
deleted file mode 100644
index b5c309259a..0000000000
Binary files a/education/get-started/images/intune_dashboard.png and /dev/null differ
diff --git a/education/get-started/images/intune_device_management_apply_groups.png b/education/get-started/images/intune_device_management_apply_groups.png
deleted file mode 100644
index 0178a26695..0000000000
Binary files a/education/get-started/images/intune_device_management_apply_groups.png and /dev/null differ
diff --git a/education/get-started/images/intune_force_sync.png b/education/get-started/images/intune_force_sync.png
deleted file mode 100644
index 9943be5b5b..0000000000
Binary files a/education/get-started/images/intune_force_sync.png and /dev/null differ
diff --git a/education/get-started/images/intune_management_console_apps_apps.png b/education/get-started/images/intune_management_console_apps_apps.png
deleted file mode 100644
index 5ee6354a01..0000000000
Binary files a/education/get-started/images/intune_management_console_apps_apps.png and /dev/null differ
diff --git a/education/get-started/images/intune_missing_ems_license_error_message.png b/education/get-started/images/intune_missing_ems_license_error_message.png
deleted file mode 100644
index ae441d47ba..0000000000
Binary files a/education/get-started/images/intune_missing_ems_license_error_message.png and /dev/null differ
diff --git a/education/get-started/images/intune_missing_ems_license_errormessage.png b/education/get-started/images/intune_missing_ems_license_errormessage.png
deleted file mode 100644
index e63ceb7b84..0000000000
Binary files a/education/get-started/images/intune_missing_ems_license_errormessage.png and /dev/null differ
diff --git a/education/get-started/images/intune_portal_apps_volume_purchased.png b/education/get-started/images/intune_portal_apps_volume_purchased.png
deleted file mode 100644
index 311fa6e4dd..0000000000
Binary files a/education/get-started/images/intune_portal_apps_volume_purchased.png and /dev/null differ
diff --git a/education/get-started/images/intune_portal_apps_volume_purchased_wsfb_apps.png b/education/get-started/images/intune_portal_apps_volume_purchased_wsfb_apps.png
deleted file mode 100644
index 9c5a2ffae4..0000000000
Binary files a/education/get-started/images/intune_portal_apps_volume_purchased_wsfb_apps.png and /dev/null differ
diff --git a/education/get-started/images/intune_portal_configure_wsfb_app_sync.png b/education/get-started/images/intune_portal_configure_wsfb_app_sync.png
deleted file mode 100644
index aa9b1e2f07..0000000000
Binary files a/education/get-started/images/intune_portal_configure_wsfb_app_sync.png and /dev/null differ
diff --git a/education/get-started/images/intune_portal_direct_managed_devices_list.png b/education/get-started/images/intune_portal_direct_managed_devices_list.png
deleted file mode 100644
index 41b1eddad2..0000000000
Binary files a/education/get-started/images/intune_portal_direct_managed_devices_list.png and /dev/null differ
diff --git a/education/get-started/images/intune_students_group_2.png b/education/get-started/images/intune_students_group_2.png
deleted file mode 100644
index 0d898047d5..0000000000
Binary files a/education/get-started/images/intune_students_group_2.png and /dev/null differ
diff --git a/education/get-started/images/it-get-app.PNG b/education/get-started/images/it-get-app.PNG
deleted file mode 100644
index 9740081ef4..0000000000
Binary files a/education/get-started/images/it-get-app.PNG and /dev/null differ
diff --git a/education/get-started/images/license-terms.png b/education/get-started/images/license-terms.png
deleted file mode 100644
index 8dd34b0a18..0000000000
Binary files a/education/get-started/images/license-terms.png and /dev/null differ
diff --git a/education/get-started/images/lightbulb.png b/education/get-started/images/lightbulb.png
deleted file mode 100644
index 95bea10957..0000000000
Binary files a/education/get-started/images/lightbulb.png and /dev/null differ
diff --git a/education/get-started/images/list.png b/education/get-started/images/list.png
deleted file mode 100644
index 089827c373..0000000000
Binary files a/education/get-started/images/list.png and /dev/null differ
diff --git a/education/get-started/images/mc-assign-to-others-admin.png b/education/get-started/images/mc-assign-to-others-admin.png
deleted file mode 100644
index 907f21d514..0000000000
Binary files a/education/get-started/images/mc-assign-to-others-admin.png and /dev/null differ
diff --git a/education/get-started/images/mc-assign-to-others-teacher.png b/education/get-started/images/mc-assign-to-others-teacher.png
deleted file mode 100644
index 2656e9c784..0000000000
Binary files a/education/get-started/images/mc-assign-to-others-teacher.png and /dev/null differ
diff --git a/education/get-started/images/mc-check-for-updates.png b/education/get-started/images/mc-check-for-updates.png
deleted file mode 100644
index a9a0fbae5f..0000000000
Binary files a/education/get-started/images/mc-check-for-updates.png and /dev/null differ
diff --git a/education/get-started/images/mc-dnld-others-admin.png b/education/get-started/images/mc-dnld-others-admin.png
deleted file mode 100644
index 5e253c20d1..0000000000
Binary files a/education/get-started/images/mc-dnld-others-admin.png and /dev/null differ
diff --git a/education/get-started/images/mc-dnld-others-teacher.png b/education/get-started/images/mc-dnld-others-teacher.png
deleted file mode 100644
index aa5df16595..0000000000
Binary files a/education/get-started/images/mc-dnld-others-teacher.png and /dev/null differ
diff --git a/education/get-started/images/mc-install-for-me-admin.png b/education/get-started/images/mc-install-for-me-admin.png
deleted file mode 100644
index f9194a6188..0000000000
Binary files a/education/get-started/images/mc-install-for-me-admin.png and /dev/null differ
diff --git a/education/get-started/images/mc-install-for-me-teacher.png b/education/get-started/images/mc-install-for-me-teacher.png
deleted file mode 100644
index e303e63660..0000000000
Binary files a/education/get-started/images/mc-install-for-me-teacher.png and /dev/null differ
diff --git a/education/get-started/images/mcee-add-payment-method.png b/education/get-started/images/mcee-add-payment-method.png
deleted file mode 100644
index e583b4eccc..0000000000
Binary files a/education/get-started/images/mcee-add-payment-method.png and /dev/null differ
diff --git a/education/get-started/images/mcee-auto-assign-bd.png b/education/get-started/images/mcee-auto-assign-bd.png
deleted file mode 100644
index b14990583f..0000000000
Binary files a/education/get-started/images/mcee-auto-assign-bd.png and /dev/null differ
diff --git a/education/get-started/images/mcee-auto-assign-legacy.png b/education/get-started/images/mcee-auto-assign-legacy.png
deleted file mode 100644
index 866b37395e..0000000000
Binary files a/education/get-started/images/mcee-auto-assign-legacy.png and /dev/null differ
diff --git a/education/get-started/images/mcee-invoice-bills.PNG b/education/get-started/images/mcee-invoice-bills.PNG
deleted file mode 100644
index 1a07ac3f01..0000000000
Binary files a/education/get-started/images/mcee-invoice-bills.PNG and /dev/null differ
diff --git a/education/get-started/images/mcee-invoice-info.png b/education/get-started/images/mcee-invoice-info.png
deleted file mode 100644
index f4bf29f8b2..0000000000
Binary files a/education/get-started/images/mcee-invoice-info.png and /dev/null differ
diff --git a/education/get-started/images/mcee-view-bills.png b/education/get-started/images/mcee-view-bills.png
deleted file mode 100644
index 5aeff48109..0000000000
Binary files a/education/get-started/images/mcee-view-bills.png and /dev/null differ
diff --git a/education/get-started/images/mes_banner.png b/education/get-started/images/mes_banner.png
deleted file mode 100644
index cc08f278e2..0000000000
Binary files a/education/get-started/images/mes_banner.png and /dev/null differ
diff --git a/education/get-started/images/microsoft-education-get-started-workflow.png b/education/get-started/images/microsoft-education-get-started-workflow.png
deleted file mode 100644
index 46051500a0..0000000000
Binary files a/education/get-started/images/microsoft-education-get-started-workflow.png and /dev/null differ
diff --git a/education/get-started/images/microsoft-education-workflow.png b/education/get-started/images/microsoft-education-workflow.png
deleted file mode 100644
index f15aa3f783..0000000000
Binary files a/education/get-started/images/microsoft-education-workflow.png and /dev/null differ
diff --git a/education/get-started/images/microsoft_education_get_started_workflow.png b/education/get-started/images/microsoft_education_get_started_workflow.png
deleted file mode 100644
index faa0579b44..0000000000
Binary files a/education/get-started/images/microsoft_education_get_started_workflow.png and /dev/null differ
diff --git a/education/get-started/images/microsoft_education_it_getstarted_workflow.png b/education/get-started/images/microsoft_education_it_getstarted_workflow.png
deleted file mode 100644
index ebcaa2add9..0000000000
Binary files a/education/get-started/images/microsoft_education_it_getstarted_workflow.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-admin-permissions.png b/education/get-started/images/minecraft-admin-permissions.png
deleted file mode 100644
index 3051c3dd84..0000000000
Binary files a/education/get-started/images/minecraft-admin-permissions.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-assign-roles-2.png b/education/get-started/images/minecraft-assign-roles-2.png
deleted file mode 100644
index 3ab1d6e072..0000000000
Binary files a/education/get-started/images/minecraft-assign-roles-2.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-assign-roles.png b/education/get-started/images/minecraft-assign-roles.png
deleted file mode 100644
index 5dc396155c..0000000000
Binary files a/education/get-started/images/minecraft-assign-roles.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-assign-to-others.png b/education/get-started/images/minecraft-assign-to-others.png
deleted file mode 100644
index 4e8fba6126..0000000000
Binary files a/education/get-started/images/minecraft-assign-to-others.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-assign-to-people-name.png b/education/get-started/images/minecraft-assign-to-people-name.png
deleted file mode 100644
index 38994cc58f..0000000000
Binary files a/education/get-started/images/minecraft-assign-to-people-name.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-assign-to-people.png b/education/get-started/images/minecraft-assign-to-people.png
deleted file mode 100644
index 0f0e3dcdff..0000000000
Binary files a/education/get-started/images/minecraft-assign-to-people.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-get-the-app.png b/education/get-started/images/minecraft-get-the-app.png
deleted file mode 100644
index 47024aab6c..0000000000
Binary files a/education/get-started/images/minecraft-get-the-app.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-in-windows-store-app.png b/education/get-started/images/minecraft-in-windows-store-app.png
deleted file mode 100644
index e25f2b4df3..0000000000
Binary files a/education/get-started/images/minecraft-in-windows-store-app.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-my-library.png b/education/get-started/images/minecraft-my-library.png
deleted file mode 100644
index 1be1660adb..0000000000
Binary files a/education/get-started/images/minecraft-my-library.png and /dev/null differ
diff --git a/education/get-started/images/minecraft-perms.PNG b/education/get-started/images/minecraft-perms.PNG
deleted file mode 100644
index 1788d6b593..0000000000
Binary files a/education/get-started/images/minecraft-perms.PNG and /dev/null differ
diff --git a/education/get-started/images/minecraft-private-store.png b/education/get-started/images/minecraft-private-store.png
deleted file mode 100644
index 0194d4b955..0000000000
Binary files a/education/get-started/images/minecraft-private-store.png and /dev/null differ
diff --git a/education/get-started/images/minecraft.PNG b/education/get-started/images/minecraft.PNG
deleted file mode 100644
index c758c28ad5..0000000000
Binary files a/education/get-started/images/minecraft.PNG and /dev/null differ
diff --git a/education/get-started/images/mses_get_started_banner.png b/education/get-started/images/mses_get_started_banner.png
deleted file mode 100644
index ca188d738e..0000000000
Binary files a/education/get-started/images/mses_get_started_banner.png and /dev/null differ
diff --git a/education/get-started/images/mses_getstarted_banner.png b/education/get-started/images/mses_getstarted_banner.png
deleted file mode 100644
index 48dde0456c..0000000000
Binary files a/education/get-started/images/mses_getstarted_banner.png and /dev/null differ
diff --git a/education/get-started/images/mses_getstarted_workflow_e2e.png b/education/get-started/images/mses_getstarted_workflow_e2e.png
deleted file mode 100644
index afb328d27d..0000000000
Binary files a/education/get-started/images/mses_getstarted_workflow_e2e.png and /dev/null differ
diff --git a/education/get-started/images/msfe_manage_page.PNG b/education/get-started/images/msfe_manage_page.PNG
deleted file mode 100644
index 04bbc172c4..0000000000
Binary files a/education/get-started/images/msfe_manage_page.PNG and /dev/null differ
diff --git a/education/get-started/images/msfe_manageapps_inventory.PNG b/education/get-started/images/msfe_manageapps_inventory.PNG
deleted file mode 100644
index 20c8e6f750..0000000000
Binary files a/education/get-started/images/msfe_manageapps_inventory.PNG and /dev/null differ
diff --git a/education/get-started/images/msfe_manageapps_inventory_grouped.png b/education/get-started/images/msfe_manageapps_inventory_grouped.png
deleted file mode 100644
index e2376d90b2..0000000000
Binary files a/education/get-started/images/msfe_manageapps_inventory_grouped.png and /dev/null differ
diff --git a/education/get-started/images/msfe_manageapps_inventory_newappsselected.png b/education/get-started/images/msfe_manageapps_inventory_newappsselected.png
deleted file mode 100644
index 1ef47ea1b9..0000000000
Binary files a/education/get-started/images/msfe_manageapps_inventory_newappsselected.png and /dev/null differ
diff --git a/education/get-started/images/msfe_managementtools_activateintune.PNG b/education/get-started/images/msfe_managementtools_activateintune.PNG
deleted file mode 100644
index efae378abd..0000000000
Binary files a/education/get-started/images/msfe_managementtools_activateintune.PNG and /dev/null differ
diff --git a/education/get-started/images/msfe_managepage_storesettings_managementtools.png b/education/get-started/images/msfe_managepage_storesettings_managementtools.png
deleted file mode 100644
index ac88d8e30f..0000000000
Binary files a/education/get-started/images/msfe_managepage_storesettings_managementtools.png and /dev/null differ
diff --git a/education/get-started/images/msfe_managepage_storesettings_managementtoolspng.png b/education/get-started/images/msfe_managepage_storesettings_managementtoolspng.png
deleted file mode 100644
index 77512f45bd..0000000000
Binary files a/education/get-started/images/msfe_managepage_storesettings_managementtoolspng.png and /dev/null differ
diff --git a/education/get-started/images/msfe_services_agreement.PNG b/education/get-started/images/msfe_services_agreement.PNG
deleted file mode 100644
index 1c25eaea3b..0000000000
Binary files a/education/get-started/images/msfe_services_agreement.PNG and /dev/null differ
diff --git a/education/get-started/images/msfe_store_portal.PNG b/education/get-started/images/msfe_store_portal.PNG
deleted file mode 100644
index 51850223e5..0000000000
Binary files a/education/get-started/images/msfe_store_portal.PNG and /dev/null differ
diff --git a/education/get-started/images/msfe_storesettings_select_managementtools.png b/education/get-started/images/msfe_storesettings_select_managementtools.png
deleted file mode 100644
index 06fe6aa274..0000000000
Binary files a/education/get-started/images/msfe_storesettings_select_managementtools.png and /dev/null differ
diff --git a/education/get-started/images/o365_admincenter_gotosetup.PNG b/education/get-started/images/o365_admincenter_gotosetup.PNG
deleted file mode 100644
index aea6f7fdb2..0000000000
Binary files a/education/get-started/images/o365_admincenter_gotosetup.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_admincenter_welcome.PNG b/education/get-started/images/o365_admincenter_welcome.PNG
deleted file mode 100644
index 3f0721263f..0000000000
Binary files a/education/get-started/images/o365_admincenter_welcome.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_assignlicense.PNG b/education/get-started/images/o365_assignlicense.PNG
deleted file mode 100644
index fd33cd2211..0000000000
Binary files a/education/get-started/images/o365_assignlicense.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_assignsdslicense.png b/education/get-started/images/o365_assignsdslicense.png
deleted file mode 100644
index 08b0c0749c..0000000000
Binary files a/education/get-started/images/o365_assignsdslicense.png and /dev/null differ
diff --git a/education/get-started/images/o365_createaccount.PNG b/education/get-started/images/o365_createaccount.PNG
deleted file mode 100644
index 5aa71c9cf9..0000000000
Binary files a/education/get-started/images/o365_createaccount.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_msteams_settings.PNG b/education/get-started/images/o365_msteams_settings.PNG
deleted file mode 100644
index 0e3dab4886..0000000000
Binary files a/education/get-started/images/o365_msteams_settings.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_msteams_turnon.PNG b/education/get-started/images/o365_msteams_turnon.PNG
deleted file mode 100644
index 95588d5031..0000000000
Binary files a/education/get-started/images/o365_msteams_turnon.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_settings_services_msteams.PNG b/education/get-started/images/o365_settings_services_msteams.PNG
deleted file mode 100644
index ca4dee07ac..0000000000
Binary files a/education/get-started/images/o365_settings_services_msteams.PNG and /dev/null differ
diff --git a/education/get-started/images/o365_subscriptions_verifyclassroomsubscription.PNG b/education/get-started/images/o365_subscriptions_verifyclassroomsubscription.PNG
deleted file mode 100644
index 1331ff75ed..0000000000
Binary files a/education/get-started/images/o365_subscriptions_verifyclassroomsubscription.PNG and /dev/null differ
diff --git a/education/get-started/images/office365_admin_center.PNG b/education/get-started/images/office365_admin_center.PNG
deleted file mode 100644
index 099bc314f4..0000000000
Binary files a/education/get-started/images/office365_admin_center.PNG and /dev/null differ
diff --git a/education/get-started/images/office365_admin_center_assign_licenses.png b/education/get-started/images/office365_admin_center_assign_licenses.png
deleted file mode 100644
index 6d20208748..0000000000
Binary files a/education/get-started/images/office365_admin_center_assign_licenses.png and /dev/null differ
diff --git a/education/get-started/images/office365_admin_center_home.png b/education/get-started/images/office365_admin_center_home.png
deleted file mode 100644
index bd2ab02a2c..0000000000
Binary files a/education/get-started/images/office365_admin_center_home.png and /dev/null differ
diff --git a/education/get-started/images/office365_admin_center_product_licenses.png b/education/get-started/images/office365_admin_center_product_licenses.png
deleted file mode 100644
index 11ffabe3ee..0000000000
Binary files a/education/get-started/images/office365_admin_center_product_licenses.png and /dev/null differ
diff --git a/education/get-started/images/office365_admin_portal_add_new_user.png b/education/get-started/images/office365_admin_portal_add_new_user.png
deleted file mode 100644
index b10fbf7660..0000000000
Binary files a/education/get-started/images/office365_admin_portal_add_new_user.png and /dev/null differ
diff --git a/education/get-started/images/office365_create_new_class.png b/education/get-started/images/office365_create_new_class.png
deleted file mode 100644
index 5befb87b99..0000000000
Binary files a/education/get-started/images/office365_create_new_class.png and /dev/null differ
diff --git a/education/get-started/images/office365_start_page_classroom.png b/education/get-started/images/office365_start_page_classroom.png
deleted file mode 100644
index ab229cead1..0000000000
Binary files a/education/get-started/images/office365_start_page_classroom.png and /dev/null differ
diff --git a/education/get-started/images/office365_students_group_2.png b/education/get-started/images/office365_students_group_2.png
deleted file mode 100644
index 6526fd3c8f..0000000000
Binary files a/education/get-started/images/office365_students_group_2.png and /dev/null differ
diff --git a/education/get-started/images/oobe.jpg b/education/get-started/images/oobe.jpg
deleted file mode 100644
index 53a5dab6bf..0000000000
Binary files a/education/get-started/images/oobe.jpg and /dev/null differ
diff --git a/education/get-started/images/package.png b/education/get-started/images/package.png
deleted file mode 100644
index f5e975e3e9..0000000000
Binary files a/education/get-started/images/package.png and /dev/null differ
diff --git a/education/get-started/images/personalize_class_settings.png b/education/get-started/images/personalize_class_settings.png
deleted file mode 100644
index cbe88c9c73..0000000000
Binary files a/education/get-started/images/personalize_class_settings.png and /dev/null differ
diff --git a/education/get-started/images/privacy-contacts-marked.png b/education/get-started/images/privacy-contacts-marked.png
deleted file mode 100644
index 54a3116408..0000000000
Binary files a/education/get-started/images/privacy-contacts-marked.png and /dev/null differ
diff --git a/education/get-started/images/prov.jpg b/education/get-started/images/prov.jpg
deleted file mode 100644
index 1593ccb36b..0000000000
Binary files a/education/get-started/images/prov.jpg and /dev/null differ
diff --git a/education/get-started/images/reconfigure_intune_app_deployment_settings.png b/education/get-started/images/reconfigure_intune_app_deployment_settings.png
deleted file mode 100644
index 90491aacd1..0000000000
Binary files a/education/get-started/images/reconfigure_intune_app_deployment_settings.png and /dev/null differ
diff --git a/education/get-started/images/school.PNG b/education/get-started/images/school.PNG
deleted file mode 100644
index f8be255a05..0000000000
Binary files a/education/get-started/images/school.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_add_new_profile.png b/education/get-started/images/sds_add_new_profile.png
deleted file mode 100644
index 3728b2c8a8..0000000000
Binary files a/education/get-started/images/sds_add_new_profile.png and /dev/null differ
diff --git a/education/get-started/images/sds_add_new_profile_062017.PNG b/education/get-started/images/sds_add_new_profile_062017.PNG
deleted file mode 100644
index 84340eebb8..0000000000
Binary files a/education/get-started/images/sds_add_new_profile_062017.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_add_new_profile_062317.PNG b/education/get-started/images/sds_add_new_profile_062317.PNG
deleted file mode 100644
index 5732ad597d..0000000000
Binary files a/education/get-started/images/sds_add_new_profile_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_add_newprofile.PNG b/education/get-started/images/sds_add_newprofile.PNG
deleted file mode 100644
index 377e82a29b..0000000000
Binary files a/education/get-started/images/sds_add_newprofile.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_addnewprofile_studentoptions.PNG b/education/get-started/images/sds_addnewprofile_studentoptions.PNG
deleted file mode 100644
index bacaed1642..0000000000
Binary files a/education/get-started/images/sds_addnewprofile_studentoptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_addnewprofile_syncoptions.PNG b/education/get-started/images/sds_addnewprofile_syncoptions.PNG
deleted file mode 100644
index 4d99545389..0000000000
Binary files a/education/get-started/images/sds_addnewprofile_syncoptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_addnewprofile_teacheroptions.PNG b/education/get-started/images/sds_addnewprofile_teacheroptions.PNG
deleted file mode 100644
index 0a4896048e..0000000000
Binary files a/education/get-started/images/sds_addnewprofile_teacheroptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_github_downloadsample.PNG b/education/get-started/images/sds_github_downloadsample.PNG
deleted file mode 100644
index f3f1d33065..0000000000
Binary files a/education/get-started/images/sds_github_downloadsample.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_github_downloadsampledata.PNG b/education/get-started/images/sds_github_downloadsampledata.PNG
deleted file mode 100644
index a83093879b..0000000000
Binary files a/education/get-started/images/sds_github_downloadsampledata.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_more_menu_items.PNG b/education/get-started/images/sds_more_menu_items.PNG
deleted file mode 100644
index 1cb1a083ee..0000000000
Binary files a/education/get-started/images/sds_more_menu_items.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_portal.PNG b/education/get-started/images/sds_portal.PNG
deleted file mode 100644
index c7a47f2d7d..0000000000
Binary files a/education/get-started/images/sds_portal.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_directoryoptions.PNG b/education/get-started/images/sds_profile_directoryoptions.PNG
deleted file mode 100644
index dc1925ecc5..0000000000
Binary files a/education/get-started/images/sds_profile_directoryoptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_profilepage.PNG b/education/get-started/images/sds_profile_profilepage.PNG
deleted file mode 100644
index 04e2193189..0000000000
Binary files a/education/get-started/images/sds_profile_profilepage.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_profilepage_062017.PNG b/education/get-started/images/sds_profile_profilepage_062017.PNG
deleted file mode 100644
index 8621592542..0000000000
Binary files a/education/get-started/images/sds_profile_profilepage_062017.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_profilepage_settingup_062317.PNG b/education/get-started/images/sds_profile_profilepage_settingup_062317.PNG
deleted file mode 100644
index 90fe34dbee..0000000000
Binary files a/education/get-started/images/sds_profile_profilepage_settingup_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_ready_for_sync.png b/education/get-started/images/sds_profile_ready_for_sync.png
deleted file mode 100644
index f0d39b25c3..0000000000
Binary files a/education/get-started/images/sds_profile_ready_for_sync.png and /dev/null differ
diff --git a/education/get-started/images/sds_profile_readytosync.PNG b/education/get-started/images/sds_profile_readytosync.PNG
deleted file mode 100644
index 4e0c127208..0000000000
Binary files a/education/get-started/images/sds_profile_readytosync.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_reviewpage_062317.PNG b/education/get-started/images/sds_profile_reviewpage_062317.PNG
deleted file mode 100644
index 676bed0efc..0000000000
Binary files a/education/get-started/images/sds_profile_reviewpage_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_settingup.PNG b/education/get-started/images/sds_profile_settingup.PNG
deleted file mode 100644
index 19f3666b96..0000000000
Binary files a/education/get-started/images/sds_profile_settingup.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_status_everythingok_062317.png b/education/get-started/images/sds_profile_status_everythingok_062317.png
deleted file mode 100644
index cdb487aced..0000000000
Binary files a/education/get-started/images/sds_profile_status_everythingok_062317.png and /dev/null differ
diff --git a/education/get-started/images/sds_profile_status_syncerrors_062317.PNG b/education/get-started/images/sds_profile_status_syncerrors_062317.PNG
deleted file mode 100644
index 6ae7ec5a31..0000000000
Binary files a/education/get-started/images/sds_profile_status_syncerrors_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_status_syncerrors_highlighted_062317.png b/education/get-started/images/sds_profile_status_syncerrors_highlighted_062317.png
deleted file mode 100644
index 2cd58a3b21..0000000000
Binary files a/education/get-started/images/sds_profile_status_syncerrors_highlighted_062317.png and /dev/null differ
diff --git a/education/get-started/images/sds_profile_status_syncinprogress_062317.PNG b/education/get-started/images/sds_profile_status_syncinprogress_062317.PNG
deleted file mode 100644
index 2fd6208eca..0000000000
Binary files a/education/get-started/images/sds_profile_status_syncinprogress_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_status_syncinprogress_highlighted_062317.png b/education/get-started/images/sds_profile_status_syncinprogress_highlighted_062317.png
deleted file mode 100644
index 407744d066..0000000000
Binary files a/education/get-started/images/sds_profile_status_syncinprogress_highlighted_062317.png and /dev/null differ
diff --git a/education/get-started/images/sds_profile_student_options_062017.PNG b/education/get-started/images/sds_profile_student_options_062017.PNG
deleted file mode 100644
index 4affc4dbfd..0000000000
Binary files a/education/get-started/images/sds_profile_student_options_062017.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_student_options_062317.PNG b/education/get-started/images/sds_profile_student_options_062317.PNG
deleted file mode 100644
index 0d2102be7d..0000000000
Binary files a/education/get-started/images/sds_profile_student_options_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_studentoptions.PNG b/education/get-started/images/sds_profile_studentoptions.PNG
deleted file mode 100644
index 87558a3881..0000000000
Binary files a/education/get-started/images/sds_profile_studentoptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_sync_options_062017.PNG b/education/get-started/images/sds_profile_sync_options_062017.PNG
deleted file mode 100644
index 71df6f3d24..0000000000
Binary files a/education/get-started/images/sds_profile_sync_options_062017.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_sync_options_062317.PNG b/education/get-started/images/sds_profile_sync_options_062317.PNG
deleted file mode 100644
index 1d02a0659a..0000000000
Binary files a/education/get-started/images/sds_profile_sync_options_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_syncenabled.PNG b/education/get-started/images/sds_profile_syncenabled.PNG
deleted file mode 100644
index 197d2f0851..0000000000
Binary files a/education/get-started/images/sds_profile_syncenabled.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_syncoptions.PNG b/education/get-started/images/sds_profile_syncoptions.PNG
deleted file mode 100644
index f7cd01262f..0000000000
Binary files a/education/get-started/images/sds_profile_syncoptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_teacher_options_062017.PNG b/education/get-started/images/sds_profile_teacher_options_062017.PNG
deleted file mode 100644
index 7c8bdfae25..0000000000
Binary files a/education/get-started/images/sds_profile_teacher_options_062017.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_teacher_options_062317.PNG b/education/get-started/images/sds_profile_teacher_options_062317.PNG
deleted file mode 100644
index ab9f2706b1..0000000000
Binary files a/education/get-started/images/sds_profile_teacher_options_062317.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_teacheroptions.PNG b/education/get-started/images/sds_profile_teacheroptions.PNG
deleted file mode 100644
index 0a01ed2f96..0000000000
Binary files a/education/get-started/images/sds_profile_teacheroptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profile_wizard_start.PNG b/education/get-started/images/sds_profile_wizard_start.PNG
deleted file mode 100644
index 7b2a797e5d..0000000000
Binary files a/education/get-started/images/sds_profile_wizard_start.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_profilepage.PNG b/education/get-started/images/sds_profilepage.PNG
deleted file mode 100644
index 6e0047a2b1..0000000000
Binary files a/education/get-started/images/sds_profilepage.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_sample_csv_files.PNG b/education/get-started/images/sds_sample_csv_files.PNG
deleted file mode 100644
index fbb37cec96..0000000000
Binary files a/education/get-started/images/sds_sample_csv_files.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_sample_csv_files_us_uk.PNG b/education/get-started/images/sds_sample_csv_files_us_uk.PNG
deleted file mode 100644
index 349ee1366d..0000000000
Binary files a/education/get-started/images/sds_sample_csv_files_us_uk.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_sample_csvfiles.PNG b/education/get-started/images/sds_sample_csvfiles.PNG
deleted file mode 100644
index e4932d9303..0000000000
Binary files a/education/get-started/images/sds_sample_csvfiles.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_sds_and_classroom_off.PNG b/education/get-started/images/sds_sds_and_classroom_off.PNG
deleted file mode 100644
index 0b5409752d..0000000000
Binary files a/education/get-started/images/sds_sds_and_classroom_off.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_sds_on_newmenu_items.PNG b/education/get-started/images/sds_sds_on_newmenu_items.PNG
deleted file mode 100644
index d6f2f9a79e..0000000000
Binary files a/education/get-started/images/sds_sds_on_newmenu_items.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_sds_on_newmenuitemsappear.PNG b/education/get-started/images/sds_sds_on_newmenuitemsappear.PNG
deleted file mode 100644
index bec27dc781..0000000000
Binary files a/education/get-started/images/sds_sds_on_newmenuitemsappear.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_settings_first_signin.png b/education/get-started/images/sds_settings_first_signin.png
deleted file mode 100644
index c60628fcd1..0000000000
Binary files a/education/get-started/images/sds_settings_first_signin.png and /dev/null differ
diff --git a/education/get-started/images/sds_settings_manage_sds_firstsignin.PNG b/education/get-started/images/sds_settings_manage_sds_firstsignin.PNG
deleted file mode 100644
index 6298721880..0000000000
Binary files a/education/get-started/images/sds_settings_manage_sds_firstsignin.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_settings_turnon_sds.png b/education/get-started/images/sds_settings_turnon_sds.png
deleted file mode 100644
index 53c0c144a2..0000000000
Binary files a/education/get-started/images/sds_settings_turnon_sds.png and /dev/null differ
diff --git a/education/get-started/images/sds_signin_settings.PNG b/education/get-started/images/sds_signin_settings.PNG
deleted file mode 100644
index 54ff453249..0000000000
Binary files a/education/get-started/images/sds_signin_settings.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_addnewprofile.PNG b/education/get-started/images/sds_updated_addnewprofile.PNG
deleted file mode 100644
index a3e2f5cea2..0000000000
Binary files a/education/get-started/images/sds_updated_addnewprofile.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_dashboard.PNG b/education/get-started/images/sds_updated_dashboard.PNG
deleted file mode 100644
index 8c5c21afb1..0000000000
Binary files a/education/get-started/images/sds_updated_dashboard.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_menu.png b/education/get-started/images/sds_updated_menu.png
deleted file mode 100644
index d4e066300f..0000000000
Binary files a/education/get-started/images/sds_updated_menu.png and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_name_syncmethod.PNG b/education/get-started/images/sds_updated_newprofile_name_syncmethod.PNG
deleted file mode 100644
index 47c9906eb2..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_name_syncmethod.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_readytosync.png b/education/get-started/images/sds_updated_newprofile_readytosync.png
deleted file mode 100644
index e10d725544..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_readytosync.png and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_review_1.PNG b/education/get-started/images/sds_updated_newprofile_review_1.PNG
deleted file mode 100644
index f05ace66db..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_review_1.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_status_readytosync.png b/education/get-started/images/sds_updated_newprofile_status_readytosync.png
deleted file mode 100644
index e6424e3aa9..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_status_readytosync.png and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_studentmapping.PNG b/education/get-started/images/sds_updated_newprofile_studentmapping.PNG
deleted file mode 100644
index 97742bc9f1..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_studentmapping.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_studentmapping_1.PNG b/education/get-started/images/sds_updated_newprofile_studentmapping_1.PNG
deleted file mode 100644
index 21efeb8bd7..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_studentmapping_1.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_studentmapping_updated.png b/education/get-started/images/sds_updated_newprofile_studentmapping_updated.png
deleted file mode 100644
index 0a9a3682a0..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_studentmapping_updated.png and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_summary.PNG b/education/get-started/images/sds_updated_newprofile_summary.PNG
deleted file mode 100644
index 3aeb90d58d..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_summary.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_syncoptions.PNG b/education/get-started/images/sds_updated_newprofile_syncoptions.PNG
deleted file mode 100644
index 4deea4b14e..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_syncoptions.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_syncoptions_1.PNG b/education/get-started/images/sds_updated_newprofile_syncoptions_1.PNG
deleted file mode 100644
index 507eab115f..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_syncoptions_1.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_syncoptions_updated.png b/education/get-started/images/sds_updated_newprofile_syncoptions_updated.png
deleted file mode 100644
index ef36b45626..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_syncoptions_updated.png and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_teachermapping.PNG b/education/get-started/images/sds_updated_newprofile_teachermapping.PNG
deleted file mode 100644
index f99947e982..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_teachermapping.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_teachermapping_1.PNG b/education/get-started/images/sds_updated_newprofile_teachermapping_1.PNG
deleted file mode 100644
index 6f100a8afe..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_teachermapping_1.PNG and /dev/null differ
diff --git a/education/get-started/images/sds_updated_newprofile_teachermapping_updated.png b/education/get-started/images/sds_updated_newprofile_teachermapping_updated.png
deleted file mode 100644
index 6d625cc1a9..0000000000
Binary files a/education/get-started/images/sds_updated_newprofile_teachermapping_updated.png and /dev/null differ
diff --git a/education/get-started/images/set_up_school_pcs_app.png b/education/get-started/images/set_up_school_pcs_app.png
deleted file mode 100644
index b0a2a42112..0000000000
Binary files a/education/get-started/images/set_up_school_pcs_app.png and /dev/null differ
diff --git a/education/get-started/images/setedupolicies_omauri.PNG b/education/get-started/images/setedupolicies_omauri.PNG
deleted file mode 100644
index eb3d9e216c..0000000000
Binary files a/education/get-started/images/setedupolicies_omauri.PNG and /dev/null differ
diff --git a/education/get-started/images/setedupolicies_wcd.PNG b/education/get-started/images/setedupolicies_wcd.PNG
deleted file mode 100644
index e240063f68..0000000000
Binary files a/education/get-started/images/setedupolicies_wcd.PNG and /dev/null differ
diff --git a/education/get-started/images/settings-contacts-app-marked.png b/education/get-started/images/settings-contacts-app-marked.png
deleted file mode 100644
index 94523f1b36..0000000000
Binary files a/education/get-started/images/settings-contacts-app-marked.png and /dev/null differ
diff --git a/education/get-started/images/settings-privacy-marked.png b/education/get-started/images/settings-privacy-marked.png
deleted file mode 100644
index 513e9b1afc..0000000000
Binary files a/education/get-started/images/settings-privacy-marked.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-1-access.png b/education/get-started/images/setup-app-1-access.png
deleted file mode 100644
index 1de1081d1d..0000000000
Binary files a/education/get-started/images/setup-app-1-access.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-1-usb.png b/education/get-started/images/setup-app-1-usb.png
deleted file mode 100644
index b2d170244f..0000000000
Binary files a/education/get-started/images/setup-app-1-usb.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-1-wifi-manual.png b/education/get-started/images/setup-app-1-wifi-manual.png
deleted file mode 100644
index 92de4f784c..0000000000
Binary files a/education/get-started/images/setup-app-1-wifi-manual.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-1-wifi.png b/education/get-started/images/setup-app-1-wifi.png
deleted file mode 100644
index 9f305e081c..0000000000
Binary files a/education/get-started/images/setup-app-1-wifi.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-1.PNG b/education/get-started/images/setup-app-1.PNG
deleted file mode 100644
index 1b88c5ac31..0000000000
Binary files a/education/get-started/images/setup-app-1.PNG and /dev/null differ
diff --git a/education/get-started/images/setup-app-2-directions.png b/education/get-started/images/setup-app-2-directions.png
deleted file mode 100644
index f245aafb2b..0000000000
Binary files a/education/get-started/images/setup-app-2-directions.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-3-directions.png b/education/get-started/images/setup-app-3-directions.png
deleted file mode 100644
index f593ea7371..0000000000
Binary files a/education/get-started/images/setup-app-3-directions.png and /dev/null differ
diff --git a/education/get-started/images/setup-app-all-done.png b/education/get-started/images/setup-app-all-done.png
deleted file mode 100644
index af7343f0e5..0000000000
Binary files a/education/get-started/images/setup-app-all-done.png and /dev/null differ
diff --git a/education/get-started/images/setup-options.png b/education/get-started/images/setup-options.png
deleted file mode 100644
index 07d29576a0..0000000000
Binary files a/education/get-started/images/setup-options.png and /dev/null differ
diff --git a/education/get-started/images/setup_class_notebook.png b/education/get-started/images/setup_class_notebook.png
deleted file mode 100644
index 2ede37e177..0000000000
Binary files a/education/get-started/images/setup_class_notebook.png and /dev/null differ
diff --git a/education/get-started/images/setupmsg.jpg b/education/get-started/images/setupmsg.jpg
deleted file mode 100644
index 12935483c5..0000000000
Binary files a/education/get-started/images/setupmsg.jpg and /dev/null differ
diff --git a/education/get-started/images/sign-in-prov.png b/education/get-started/images/sign-in-prov.png
deleted file mode 100644
index 55c9276203..0000000000
Binary files a/education/get-started/images/sign-in-prov.png and /dev/null differ
diff --git a/education/get-started/images/signin.jpg b/education/get-started/images/signin.jpg
deleted file mode 100644
index ad31bb31c4..0000000000
Binary files a/education/get-started/images/signin.jpg and /dev/null differ
diff --git a/education/get-started/images/skype-manage-profile-pic.png b/education/get-started/images/skype-manage-profile-pic.png
deleted file mode 100644
index 4133ac9c60..0000000000
Binary files a/education/get-started/images/skype-manage-profile-pic.png and /dev/null differ
diff --git a/education/get-started/images/skype-profile-icon.png b/education/get-started/images/skype-profile-icon.png
deleted file mode 100644
index 7ccaaea693..0000000000
Binary files a/education/get-started/images/skype-profile-icon.png and /dev/null differ
diff --git a/education/get-started/images/skype_uwp_manageprofilepic.PNG b/education/get-started/images/skype_uwp_manageprofilepic.PNG
deleted file mode 100644
index bdcf23dbc2..0000000000
Binary files a/education/get-started/images/skype_uwp_manageprofilepic.PNG and /dev/null differ
diff --git a/education/get-started/images/skype_uwp_userprofile_icon.PNG b/education/get-started/images/skype_uwp_userprofile_icon.PNG
deleted file mode 100644
index ad36c7f886..0000000000
Binary files a/education/get-started/images/skype_uwp_userprofile_icon.PNG and /dev/null differ
diff --git a/education/get-started/images/store_for_business_management_tool_activation.png b/education/get-started/images/store_for_business_management_tool_activation.png
deleted file mode 100644
index 9c68d4efe6..0000000000
Binary files a/education/get-started/images/store_for_business_management_tool_activation.png and /dev/null differ
diff --git a/education/get-started/images/suspc_account_signin.PNG b/education/get-started/images/suspc_account_signin.PNG
deleted file mode 100644
index d045cff914..0000000000
Binary files a/education/get-started/images/suspc_account_signin.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_and_wcd_comparison.png b/education/get-started/images/suspc_and_wcd_comparison.png
deleted file mode 100644
index cff874ceb8..0000000000
Binary files a/education/get-started/images/suspc_and_wcd_comparison.png and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_apps.PNG b/education/get-started/images/suspc_choosesettings_apps.PNG
deleted file mode 100644
index babb55a445..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_apps.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_settings.PNG b/education/get-started/images/suspc_choosesettings_settings.PNG
deleted file mode 100644
index bd556c0892..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_settings.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_settings_updated.PNG b/education/get-started/images/suspc_choosesettings_settings_updated.PNG
deleted file mode 100644
index c62b4fa86f..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_settings_updated.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_setuptakeatest.PNG b/education/get-started/images/suspc_choosesettings_setuptakeatest.PNG
deleted file mode 100644
index 8ffc3fe3e6..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_setuptakeatest.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_signin.PNG b/education/get-started/images/suspc_choosesettings_signin.PNG
deleted file mode 100644
index a45a12fbf5..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_signin.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_signin_final.PNG b/education/get-started/images/suspc_choosesettings_signin_final.PNG
deleted file mode 100644
index 3ec997cb73..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_signin_final.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_summary.PNG b/education/get-started/images/suspc_choosesettings_summary.PNG
deleted file mode 100644
index c659a579e4..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_summary.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_takeatest.PNG b/education/get-started/images/suspc_choosesettings_takeatest.PNG
deleted file mode 100644
index 9f9f028852..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_takeatest.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_choosesettings_takeatest_updated.png b/education/get-started/images/suspc_choosesettings_takeatest_updated.png
deleted file mode 100644
index e44dd21207..0000000000
Binary files a/education/get-started/images/suspc_choosesettings_takeatest_updated.png and /dev/null differ
diff --git a/education/get-started/images/suspc_getpcsready.PNG b/education/get-started/images/suspc_getpcsready.PNG
deleted file mode 100644
index 1e2bfae0ff..0000000000
Binary files a/education/get-started/images/suspc_getpcsready.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_getpcsready_getpcsready.PNG b/education/get-started/images/suspc_getpcsready_getpcsready.PNG
deleted file mode 100644
index 6bb9ec078b..0000000000
Binary files a/education/get-started/images/suspc_getpcsready_getpcsready.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_getpcsready_installpackage.PNG b/education/get-started/images/suspc_getpcsready_installpackage.PNG
deleted file mode 100644
index c12bbe4de9..0000000000
Binary files a/education/get-started/images/suspc_getpcsready_installpackage.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_getstarted.PNG b/education/get-started/images/suspc_getstarted.PNG
deleted file mode 100644
index cbb3d4977c..0000000000
Binary files a/education/get-started/images/suspc_getstarted.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_getstarted_050817.PNG b/education/get-started/images/suspc_getstarted_050817.PNG
deleted file mode 100644
index 124905676a..0000000000
Binary files a/education/get-started/images/suspc_getstarted_050817.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_getstarted_final.PNG b/education/get-started/images/suspc_getstarted_final.PNG
deleted file mode 100644
index d533536ad1..0000000000
Binary files a/education/get-started/images/suspc_getstarted_final.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_getstarted_resized.png b/education/get-started/images/suspc_getstarted_resized.png
deleted file mode 100644
index c9c99d8555..0000000000
Binary files a/education/get-started/images/suspc_getstarted_resized.png and /dev/null differ
diff --git a/education/get-started/images/suspc_installsetupfile.PNG b/education/get-started/images/suspc_installsetupfile.PNG
deleted file mode 100644
index 61d0d9a3ad..0000000000
Binary files a/education/get-started/images/suspc_installsetupfile.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_ppkg_isready.PNG b/education/get-started/images/suspc_ppkg_isready.PNG
deleted file mode 100644
index e601a05a0f..0000000000
Binary files a/education/get-started/images/suspc_ppkg_isready.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_ppkgready.PNG b/education/get-started/images/suspc_ppkgready.PNG
deleted file mode 100644
index e285acdaee..0000000000
Binary files a/education/get-started/images/suspc_ppkgready.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_reviewsettings.PNG b/education/get-started/images/suspc_reviewsettings.PNG
deleted file mode 100644
index 0948dbccb1..0000000000
Binary files a/education/get-started/images/suspc_reviewsettings.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_reviewsettings_bluelinks.png b/education/get-started/images/suspc_reviewsettings_bluelinks.png
deleted file mode 100644
index 46c07c7a1a..0000000000
Binary files a/education/get-started/images/suspc_reviewsettings_bluelinks.png and /dev/null differ
diff --git a/education/get-started/images/suspc_savepackage_insertusb.PNG b/education/get-started/images/suspc_savepackage_insertusb.PNG
deleted file mode 100644
index e5f9968d7e..0000000000
Binary files a/education/get-started/images/suspc_savepackage_insertusb.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_savesettings.PNG b/education/get-started/images/suspc_savesettings.PNG
deleted file mode 100644
index f8338d3dec..0000000000
Binary files a/education/get-started/images/suspc_savesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_setup_removemediamessage.png b/education/get-started/images/suspc_setup_removemediamessage.png
deleted file mode 100644
index 94e9ddb900..0000000000
Binary files a/education/get-started/images/suspc_setup_removemediamessage.png and /dev/null differ
diff --git a/education/get-started/images/suspc_setupfile_reviewsettings.PNG b/education/get-started/images/suspc_setupfile_reviewsettings.PNG
deleted file mode 100644
index c5f3425ff5..0000000000
Binary files a/education/get-started/images/suspc_setupfile_reviewsettings.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_setupfile_savesettings.PNG b/education/get-started/images/suspc_setupfile_savesettings.PNG
deleted file mode 100644
index 97ba234b8e..0000000000
Binary files a/education/get-started/images/suspc_setupfile_savesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_setupfileready.PNG b/education/get-started/images/suspc_setupfileready.PNG
deleted file mode 100644
index 349acbaf9d..0000000000
Binary files a/education/get-started/images/suspc_setupfileready.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_signin_account.PNG b/education/get-started/images/suspc_signin_account.PNG
deleted file mode 100644
index 3f8b040f45..0000000000
Binary files a/education/get-started/images/suspc_signin_account.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_signin_addapps.PNG b/education/get-started/images/suspc_signin_addapps.PNG
deleted file mode 100644
index 93e572a043..0000000000
Binary files a/education/get-started/images/suspc_signin_addapps.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_signin_allowguests.PNG b/education/get-started/images/suspc_signin_allowguests.PNG
deleted file mode 100644
index 0bd0f69680..0000000000
Binary files a/education/get-started/images/suspc_signin_allowguests.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_signin_setuptakeatest.PNG b/education/get-started/images/suspc_signin_setuptakeatest.PNG
deleted file mode 100644
index 6c8ba1799b..0000000000
Binary files a/education/get-started/images/suspc_signin_setuptakeatest.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_start.PNG b/education/get-started/images/suspc_start.PNG
deleted file mode 100644
index ab34f99a6b..0000000000
Binary files a/education/get-started/images/suspc_start.PNG and /dev/null differ
diff --git a/education/get-started/images/suspc_studentpcsetup_installingsetupfile.png b/education/get-started/images/suspc_studentpcsetup_installingsetupfile.png
deleted file mode 100644
index bbd10c89c4..0000000000
Binary files a/education/get-started/images/suspc_studentpcsetup_installingsetupfile.png and /dev/null differ
diff --git a/education/get-started/images/suspc_wcd_featureslist.png b/education/get-started/images/suspc_wcd_featureslist.png
deleted file mode 100644
index 32b9211799..0000000000
Binary files a/education/get-started/images/suspc_wcd_featureslist.png and /dev/null differ
diff --git a/education/get-started/images/suspc_wcd_sidebyside.png b/education/get-started/images/suspc_wcd_sidebyside.png
deleted file mode 100644
index 7fc108133e..0000000000
Binary files a/education/get-started/images/suspc_wcd_sidebyside.png and /dev/null differ
diff --git a/education/get-started/images/suspc_win10v1703_getstarted.PNG b/education/get-started/images/suspc_win10v1703_getstarted.PNG
deleted file mode 100644
index 2777edfef9..0000000000
Binary files a/education/get-started/images/suspc_win10v1703_getstarted.PNG and /dev/null differ
diff --git a/education/get-started/images/take-a-test-flow.png b/education/get-started/images/take-a-test-flow.png
deleted file mode 100644
index a5135c1822..0000000000
Binary files a/education/get-started/images/take-a-test-flow.png and /dev/null differ
diff --git a/education/get-started/images/take_a_test_flow.png b/education/get-started/images/take_a_test_flow.png
deleted file mode 100644
index 261813c7f8..0000000000
Binary files a/education/get-started/images/take_a_test_flow.png and /dev/null differ
diff --git a/education/get-started/images/take_a_test_flow_dark.png b/education/get-started/images/take_a_test_flow_dark.png
deleted file mode 100644
index 98255e8694..0000000000
Binary files a/education/get-started/images/take_a_test_flow_dark.png and /dev/null differ
diff --git a/education/get-started/images/take_a_test_workflow.png b/education/get-started/images/take_a_test_workflow.png
deleted file mode 100644
index a4c7a84686..0000000000
Binary files a/education/get-started/images/take_a_test_workflow.png and /dev/null differ
diff --git a/education/get-started/images/tat_settingsapp_setupaccount_addtestaccount.PNG b/education/get-started/images/tat_settingsapp_setupaccount_addtestaccount.PNG
deleted file mode 100644
index 66c28eccc7..0000000000
Binary files a/education/get-started/images/tat_settingsapp_setupaccount_addtestaccount.PNG and /dev/null differ
diff --git a/education/get-started/images/tat_settingsapp_setuptesttakingaccount.PNG b/education/get-started/images/tat_settingsapp_setuptesttakingaccount.PNG
deleted file mode 100644
index 70a917d836..0000000000
Binary files a/education/get-started/images/tat_settingsapp_setuptesttakingaccount.PNG and /dev/null differ
diff --git a/education/get-started/images/tat_settingsapp_setuptesttakingaccount_1703.PNG b/education/get-started/images/tat_settingsapp_setuptesttakingaccount_1703.PNG
deleted file mode 100644
index deb04f2e74..0000000000
Binary files a/education/get-started/images/tat_settingsapp_setuptesttakingaccount_1703.PNG and /dev/null differ
diff --git a/education/get-started/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG b/education/get-started/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG
deleted file mode 100644
index c9221ed95a..0000000000
Binary files a/education/get-started/images/tat_settingsapp_workorschoolaccess_setuptestaccount.PNG and /dev/null differ
diff --git a/education/get-started/images/teacher-get-app.PNG b/education/get-started/images/teacher-get-app.PNG
deleted file mode 100644
index 329607edb9..0000000000
Binary files a/education/get-started/images/teacher-get-app.PNG and /dev/null differ
diff --git a/education/get-started/images/teacher.PNG b/education/get-started/images/teacher.PNG
deleted file mode 100644
index 286d515624..0000000000
Binary files a/education/get-started/images/teacher.PNG and /dev/null differ
diff --git a/education/get-started/images/test-account-icd.PNG b/education/get-started/images/test-account-icd.PNG
deleted file mode 100644
index 4fd9bf3f28..0000000000
Binary files a/education/get-started/images/test-account-icd.PNG and /dev/null differ
diff --git a/education/get-started/images/trust-package.png b/education/get-started/images/trust-package.png
deleted file mode 100644
index 8a293ea4da..0000000000
Binary files a/education/get-started/images/trust-package.png and /dev/null differ
diff --git a/education/get-started/images/uwp-dependencies.PNG b/education/get-started/images/uwp-dependencies.PNG
deleted file mode 100644
index 4e2563169f..0000000000
Binary files a/education/get-started/images/uwp-dependencies.PNG and /dev/null differ
diff --git a/education/get-started/images/uwp-family.PNG b/education/get-started/images/uwp-family.PNG
deleted file mode 100644
index bec731eec4..0000000000
Binary files a/education/get-started/images/uwp-family.PNG and /dev/null differ
diff --git a/education/get-started/images/uwp-license.PNG b/education/get-started/images/uwp-license.PNG
deleted file mode 100644
index ccb5cf7cf4..0000000000
Binary files a/education/get-started/images/uwp-license.PNG and /dev/null differ
diff --git a/education/get-started/images/verify_pc_aad_joined_and_intune_managed.png b/education/get-started/images/verify_pc_aad_joined_and_intune_managed.png
deleted file mode 100644
index 5ee6354a01..0000000000
Binary files a/education/get-started/images/verify_pc_aad_joined_and_intune_managed.png and /dev/null differ
diff --git a/education/get-started/images/wcd_accountmanagement.PNG b/education/get-started/images/wcd_accountmanagement.PNG
deleted file mode 100644
index 071522f906..0000000000
Binary files a/education/get-started/images/wcd_accountmanagement.PNG and /dev/null differ
diff --git a/education/get-started/images/wcd_exportpackage.PNG b/education/get-started/images/wcd_exportpackage.PNG
deleted file mode 100644
index 19a1c89703..0000000000
Binary files a/education/get-started/images/wcd_exportpackage.PNG and /dev/null differ
diff --git a/education/get-started/images/wcd_settings_assignedaccess.PNG b/education/get-started/images/wcd_settings_assignedaccess.PNG
deleted file mode 100644
index 443a5d0688..0000000000
Binary files a/education/get-started/images/wcd_settings_assignedaccess.PNG and /dev/null differ
diff --git a/education/get-started/images/wcd_setupdevice.PNG b/education/get-started/images/wcd_setupdevice.PNG
deleted file mode 100644
index 01422870d4..0000000000
Binary files a/education/get-started/images/wcd_setupdevice.PNG and /dev/null differ
diff --git a/education/get-started/images/wcd_setupnetwork.PNG b/education/get-started/images/wcd_setupnetwork.PNG
deleted file mode 100644
index f0be6908f5..0000000000
Binary files a/education/get-started/images/wcd_setupnetwork.PNG and /dev/null differ
diff --git a/education/get-started/images/wcd_win10v1703_start_newdesktopproject.PNG b/education/get-started/images/wcd_win10v1703_start_newdesktopproject.PNG
deleted file mode 100644
index f0ce8f6b93..0000000000
Binary files a/education/get-started/images/wcd_win10v1703_start_newdesktopproject.PNG and /dev/null differ
diff --git a/education/get-started/images/who-owns-pc.png b/education/get-started/images/who-owns-pc.png
deleted file mode 100644
index d3ce1def8d..0000000000
Binary files a/education/get-started/images/who-owns-pc.png and /dev/null differ
diff --git a/education/get-started/images/win-10-activated-enterprise-subscription-active.png b/education/get-started/images/win-10-activated-enterprise-subscription-active.png
deleted file mode 100644
index eb888b23b5..0000000000
Binary files a/education/get-started/images/win-10-activated-enterprise-subscription-active.png and /dev/null differ
diff --git a/education/get-started/images/win-10-activated-enterprise-subscription-not-active.png b/education/get-started/images/win-10-activated-enterprise-subscription-not-active.png
deleted file mode 100644
index e4ac7398be..0000000000
Binary files a/education/get-started/images/win-10-activated-enterprise-subscription-not-active.png and /dev/null differ
diff --git a/education/get-started/images/win-10-not-activated-enterprise-subscription-active.png b/education/get-started/images/win-10-not-activated-enterprise-subscription-active.png
deleted file mode 100644
index 5fedfe5d06..0000000000
Binary files a/education/get-started/images/win-10-not-activated-enterprise-subscription-active.png and /dev/null differ
diff --git a/education/get-started/images/win-10-not-activated-enterprise-subscription-not-active.png b/education/get-started/images/win-10-not-activated-enterprise-subscription-not-active.png
deleted file mode 100644
index 84e39071db..0000000000
Binary files a/education/get-started/images/win-10-not-activated-enterprise-subscription-not-active.png and /dev/null differ
diff --git a/education/get-started/images/win-10-pro-edu-activated-subscription-active.png b/education/get-started/images/win-10-pro-edu-activated-subscription-active.png
deleted file mode 100644
index d29fa0e0e5..0000000000
Binary files a/education/get-started/images/win-10-pro-edu-activated-subscription-active.png and /dev/null differ
diff --git a/education/get-started/images/win-10-pro-edu-not-activated-subscription-active.PNG b/education/get-started/images/win-10-pro-edu-not-activated-subscription-active.PNG
deleted file mode 100644
index 8e9242c0ba..0000000000
Binary files a/education/get-started/images/win-10-pro-edu-not-activated-subscription-active.PNG and /dev/null differ
diff --git a/education/get-started/images/win10-connect-to-work-or-school.png b/education/get-started/images/win10-connect-to-work-or-school.png
deleted file mode 100644
index 08afb5b092..0000000000
Binary files a/education/get-started/images/win10-connect-to-work-or-school.png and /dev/null differ
diff --git a/education/get-started/images/win10-lets-get-2.png b/education/get-started/images/win10-lets-get-2.png
deleted file mode 100644
index c2d3c3ba61..0000000000
Binary files a/education/get-started/images/win10-lets-get-2.png and /dev/null differ
diff --git a/education/get-started/images/win10-set-up-work-or-school.png b/education/get-started/images/win10-set-up-work-or-school.png
deleted file mode 100644
index 0ca83fb0e1..0000000000
Binary files a/education/get-started/images/win10-set-up-work-or-school.png and /dev/null differ
diff --git a/education/get-started/images/win10_1703_oobe_firstscreen.png b/education/get-started/images/win10_1703_oobe_firstscreen.png
deleted file mode 100644
index 0d5343d0b4..0000000000
Binary files a/education/get-started/images/win10_1703_oobe_firstscreen.png and /dev/null differ
diff --git a/education/get-started/images/win10_confirmaadj.png b/education/get-started/images/win10_confirmaadj.png
deleted file mode 100644
index 410d7a9c81..0000000000
Binary files a/education/get-started/images/win10_confirmaadj.png and /dev/null differ
diff --git a/education/get-started/images/win10_connectedtoorgmdm.png b/education/get-started/images/win10_connectedtoorgmdm.png
deleted file mode 100644
index ea1d0c0c26..0000000000
Binary files a/education/get-started/images/win10_connectedtoorgmdm.png and /dev/null differ
diff --git a/education/get-started/images/win10_letsgetyousignedin.png b/education/get-started/images/win10_letsgetyousignedin.png
deleted file mode 100644
index 8da483d1d3..0000000000
Binary files a/education/get-started/images/win10_letsgetyousignedin.png and /dev/null differ
diff --git a/education/get-started/images/win10_letsstartwithregion.png b/education/get-started/images/win10_letsstartwithregion.png
deleted file mode 100644
index 03b6cc3bbe..0000000000
Binary files a/education/get-started/images/win10_letsstartwithregion.png and /dev/null differ
diff --git a/education/get-started/images/win10_oobe_complete.png b/education/get-started/images/win10_oobe_complete.png
deleted file mode 100644
index 54677a6fc2..0000000000
Binary files a/education/get-started/images/win10_oobe_complete.png and /dev/null differ
diff --git a/education/get-started/images/win10_oobe_letsgetyousignedin.png b/education/get-started/images/win10_oobe_letsgetyousignedin.png
deleted file mode 100644
index fa7407a271..0000000000
Binary files a/education/get-started/images/win10_oobe_letsgetyousignedin.png and /dev/null differ
diff --git a/education/get-started/images/win10_recentlyaddedappslist.png b/education/get-started/images/win10_recentlyaddedappslist.png
deleted file mode 100644
index 2f56f8f500..0000000000
Binary files a/education/get-started/images/win10_recentlyaddedappslist.png and /dev/null differ
diff --git a/education/get-started/images/win10_settings_accounts_aadjoined_confirmation.png b/education/get-started/images/win10_settings_accounts_aadjoined_confirmation.png
deleted file mode 100644
index 0a188d75ed..0000000000
Binary files a/education/get-started/images/win10_settings_accounts_aadjoined_confirmation.png and /dev/null differ
diff --git a/education/get-started/images/win10_settings_privacy.PNG b/education/get-started/images/win10_settings_privacy.PNG
deleted file mode 100644
index 5285ce94f2..0000000000
Binary files a/education/get-started/images/win10_settings_privacy.PNG and /dev/null differ
diff --git a/education/get-started/images/win10_settings_privacy_contacts.PNG b/education/get-started/images/win10_settings_privacy_contacts.PNG
deleted file mode 100644
index f17ef60de0..0000000000
Binary files a/education/get-started/images/win10_settings_privacy_contacts.PNG and /dev/null differ
diff --git a/education/get-started/images/win10_settings_privacy_contacts_apps.png b/education/get-started/images/win10_settings_privacy_contacts_apps.png
deleted file mode 100644
index 774f18fad9..0000000000
Binary files a/education/get-started/images/win10_settings_privacy_contacts_apps.png and /dev/null differ
diff --git a/education/get-started/images/win10_setupforanorg.png b/education/get-started/images/win10_setupforanorg.png
deleted file mode 100644
index 517bf138fb..0000000000
Binary files a/education/get-started/images/win10_setupforanorg.png and /dev/null differ
diff --git a/education/get-started/images/win10_start_checkapps.png b/education/get-started/images/win10_start_checkapps.png
deleted file mode 100644
index 7fd7bd2219..0000000000
Binary files a/education/get-started/images/win10_start_checkapps.png and /dev/null differ
diff --git a/education/get-started/images/windows-10-for-education-banner.png b/education/get-started/images/windows-10-for-education-banner.png
deleted file mode 100644
index cf33adc9b6..0000000000
Binary files a/education/get-started/images/windows-10-for-education-banner.png and /dev/null differ
diff --git a/education/get-started/images/windows-ad-connect.png b/education/get-started/images/windows-ad-connect.png
deleted file mode 100644
index 97a69d1a6c..0000000000
Binary files a/education/get-started/images/windows-ad-connect.png and /dev/null differ
diff --git a/education/get-started/images/windows-choose-how.png b/education/get-started/images/windows-choose-how.png
deleted file mode 100644
index 8e84535bfd..0000000000
Binary files a/education/get-started/images/windows-choose-how.png and /dev/null differ
diff --git a/education/get-started/images/windows-connect-to-work-or-school.png b/education/get-started/images/windows-connect-to-work-or-school.png
deleted file mode 100644
index 90e1b1131f..0000000000
Binary files a/education/get-started/images/windows-connect-to-work-or-school.png and /dev/null differ
diff --git a/education/get-started/images/windows-lets-get-2.png b/education/get-started/images/windows-lets-get-2.png
deleted file mode 100644
index ef523d4af8..0000000000
Binary files a/education/get-started/images/windows-lets-get-2.png and /dev/null differ
diff --git a/education/get-started/images/windows-lets-get.png b/education/get-started/images/windows-lets-get.png
deleted file mode 100644
index 582da1ab2d..0000000000
Binary files a/education/get-started/images/windows-lets-get.png and /dev/null differ
diff --git a/education/get-started/images/windows-set-up-work-or-school.png b/education/get-started/images/windows-set-up-work-or-school.png
deleted file mode 100644
index cebd87cff8..0000000000
Binary files a/education/get-started/images/windows-set-up-work-or-school.png and /dev/null differ
diff --git a/education/get-started/images/windows-sign-in.png b/education/get-started/images/windows-sign-in.png
deleted file mode 100644
index 3029d3ef2b..0000000000
Binary files a/education/get-started/images/windows-sign-in.png and /dev/null differ
diff --git a/education/get-started/images/windows-who-owns.png b/education/get-started/images/windows-who-owns.png
deleted file mode 100644
index c3008869d2..0000000000
Binary files a/education/get-started/images/windows-who-owns.png and /dev/null differ
diff --git a/education/get-started/images/windows.png b/education/get-started/images/windows.png
deleted file mode 100644
index 9b312d7844..0000000000
Binary files a/education/get-started/images/windows.png and /dev/null differ
diff --git a/education/get-started/images/wsfb-minecraft-vl.png b/education/get-started/images/wsfb-minecraft-vl.png
deleted file mode 100644
index e3fe6de6d7..0000000000
Binary files a/education/get-started/images/wsfb-minecraft-vl.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_manage_inventory.PNG b/education/get-started/images/wsfb_manage_inventory.PNG
deleted file mode 100644
index 66bc03d301..0000000000
Binary files a/education/get-started/images/wsfb_manage_inventory.PNG and /dev/null differ
diff --git a/education/get-started/images/wsfb_manage_inventory_annotated.png b/education/get-started/images/wsfb_manage_inventory_annotated.png
deleted file mode 100644
index aa37e0a43f..0000000000
Binary files a/education/get-started/images/wsfb_manage_inventory_annotated.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_newportal.PNG b/education/get-started/images/wsfb_newportal.PNG
deleted file mode 100644
index 3ec546e8bc..0000000000
Binary files a/education/get-started/images/wsfb_newportal.PNG and /dev/null differ
diff --git a/education/get-started/images/wsfb_newportal_manage.PNG b/education/get-started/images/wsfb_newportal_manage.PNG
deleted file mode 100644
index 7aa94bccc9..0000000000
Binary files a/education/get-started/images/wsfb_newportal_manage.PNG and /dev/null differ
diff --git a/education/get-started/images/wsfb_newportal_manage_managementtools_activate.PNG b/education/get-started/images/wsfb_newportal_manage_managementtools_activate.PNG
deleted file mode 100644
index 74b7aec1ff..0000000000
Binary files a/education/get-started/images/wsfb_newportal_manage_managementtools_activate.PNG and /dev/null differ
diff --git a/education/get-started/images/wsfb_newportal_manage_storesettings.PNG b/education/get-started/images/wsfb_newportal_manage_storesettings.PNG
deleted file mode 100644
index 5278b9907e..0000000000
Binary files a/education/get-started/images/wsfb_newportal_manage_storesettings.PNG and /dev/null differ
diff --git a/education/get-started/images/wsfb_portal.png b/education/get-started/images/wsfb_portal.png
deleted file mode 100644
index 2d47885e97..0000000000
Binary files a/education/get-started/images/wsfb_portal.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_portal_activate_intune.PNG b/education/get-started/images/wsfb_portal_activate_intune.PNG
deleted file mode 100644
index 5c05362ebf..0000000000
Binary files a/education/get-started/images/wsfb_portal_activate_intune.PNG and /dev/null differ
diff --git a/education/get-started/images/wsfb_settings_management_tools.png b/education/get-started/images/wsfb_settings_management_tools.png
deleted file mode 100644
index afdb61150b..0000000000
Binary files a/education/get-started/images/wsfb_settings_management_tools.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_education_enabled_for_org.png b/education/get-started/images/wsfb_win10_pro_education_enabled_for_org.png
deleted file mode 100644
index ea3d582d79..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_education_enabled_for_org.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_education_launch.png b/education/get-started/images/wsfb_win10_pro_education_launch.png
deleted file mode 100644
index 4e7b741227..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_education_launch.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_education_order_confirmation.png b/education/get-started/images/wsfb_win10_pro_education_order_confirmation.png
deleted file mode 100644
index e35bbf64d5..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_education_order_confirmation.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_education_order_options.png b/education/get-started/images/wsfb_win10_pro_education_order_options.png
deleted file mode 100644
index eaf93ece33..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_education_order_options.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_education_refund_confirmation.png b/education/get-started/images/wsfb_win10_pro_education_refund_confirmation.png
deleted file mode 100644
index 4749dafc44..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_education_refund_confirmation.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_education_refund_order.png b/education/get-started/images/wsfb_win10_pro_education_refund_order.png
deleted file mode 100644
index 813cfce309..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_education_refund_order.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_disable.png b/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_disable.png
deleted file mode 100644
index 92aeb8ed19..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_disable.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png b/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png
deleted file mode 100644
index 177c6e36df..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_eligibility_page.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png b/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png
deleted file mode 100644
index 8044a4cc91..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_email_global_admins.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_enable.png b/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_enable.png
deleted file mode 100644
index 420b44513f..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_enable.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_summary.png b/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_summary.png
deleted file mode 100644
index a507f56694..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_to proedu_upgrade_summary.png and /dev/null differ
diff --git a/education/get-started/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png b/education/get-started/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png
deleted file mode 100644
index a30869b8ea..0000000000
Binary files a/education/get-started/images/wsfb_win10_pro_to_proedu_email_upgrade_link.png and /dev/null differ
diff --git a/education/get-started/inclusive-classroom-it-admin.md b/education/get-started/inclusive-classroom-it-admin.md
deleted file mode 100644
index 5500fe19dc..0000000000
--- a/education/get-started/inclusive-classroom-it-admin.md
+++ /dev/null
@@ -1,82 +0,0 @@
----
-title: Inclusive Classroom IT Admin Guide
-description: Learning which Inclusive Classroom features are available in which apps and in which versions of Microsoft Office.
-keywords: Inclusive Classroom, Admin, Administrator, Microsoft Intune, Intune, Ease of Access, Office 365, account
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: article
-ms.localizationpriority: medium
-ms.pagetype: edu
-ROBOTS: noindex,nofollow
-author: alhughes
-ms.author: alhughes
-ms.date: 06/12/2018
----
-
-# Inclusive Classroom IT Admin Guide
-The following guide will show you what Inclusive Classroom features are available in which apps and which versions of Microsoft Office.
-You will also learn how to deploy apps using Microsoft Intune, turn on or off Ease of access settings for users, and change how you pay for your Office 365 subscription.
-
-1. [Inclusive Classroom features](#features)
-2. [Deploying apps with Microsoft Intune](#intune)
-3. [How to show/hide the Ease of Accesss settings for text in Windows 10](#ease)
-4. [How to change your Office 365 account from monthly, semi-annual, or yearly](#account)
-
-## Inclusive Classroom features
-|Reading features|Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
-|---|---|---|---|---|---|---|
-| Read aloud with simultaneous highlighting |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
|
X
(N/A for Outlook PC)
|
X
(N/A for any OneNote apps or Outlook PC)
|
-| Adjustable text spacing and font size |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word Online, Word Mac, Word for iPad
Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
(N/A for Word for iOS, Word Online, Outlook Web Access, or Office Lens)
|
X
|
X
|
X
(N/A for any OneNote apps)
|
-| Syllabification |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word Online
Outlook Web Access
| |
X
(N/A for Word for iOS, Word Online, Outlook Web Access)
|
X
(N/A for Word iOS)
|
X
(N/A for Word iOS)
|
X
(N/A for any OneNote apps or Word iOS)
|
-| Parts of speech identification |
OneNote 2016 (add-in), OneNote Online, OneNote for Windows 10, OneNote for iPad, OneNote Mac
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
|
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
-| Line focus mode |
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
| |
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
-| Picture Dictionary |
Word 2016, Word Online, Word Mac, Word for iOS
Outlook 2016, Outlook Web Access
Office Lens on iOS, Android
| |
X
(N/A for Word Online, Outlook Web Access)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
X
(N/A for any OneNote apps)
|
-
-
-| Writing and proofing features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
-|---|---|---|---|---|---|---|
-| Dictation |
OneNote 2016, OneNote for Windows 10
Word 2016
Outlook 2016
PowerPoint 2016
| |
X
|
X
| | |
-| Spelling suggestions for phonetic misspellings |
Word 2016, Word Online, Word for Mac
Outlook 2016
| |
X
|
X
|
X
| |
-| Synonyms alongside spelling suggestions that can be read aloud |
All Office 365 authoring applications on PC, Mac, Web
| |
X
|
X
| | |
-| Accessible Templates |
Word for PCs, Mac
Excel for PCs, Mac
PowerPoint for PCs, Mac
Sway on iOS, Web, Windows 10
| |
X
|
X
| | |
-| Ability to add alt-text for images |
Word for PCs (includes automatic suggestions for image descriptions)
SharePoint Online (includes automatic suggestions for image descriptions)
PowerPoint for PCs (includes automatic suggestions for image descriptions)
OneNote (includes automatic extraction of text in images)
All Office 365 authoring applications (include ability to add alt-text manually)
|
X
|
X
|
X
| | |
-| Ability to add captions to videos |
PowerPoint for PCs
Sway on iOS, Web, Windows 10
Microsoft Stream (includes ability to have captions auto-generated for videos in English and Spanish)
| |
X
| | | |
-| Export as tagged PDF |
Word for PCs, Mac
Sway on iOS, Web, Windows 10
| |
X
|
X
| | |
-| Ability to request accessible content |
Outlook Web Access
| | | | | |
-
-
-| Communication features | Available in which apps|Office 2016 MSI|Office 2019| Office 365 ProPlus Monthly (C2R) | Office 365 ProPlus Semi Annual (C2R) | Office 365 ProPlus Annual (C2R) |
-|---|---|---|---|---|---|---|
-| Microsoft Translator |
Word 2016
Excel 2016
"Translator for Outlook" Add-in
PowerPoint 2016 (and PowerPoint Garage Add-in)
|
X
|
X
|
X
|
X
|
X
|
-
-
-## Deploying apps with Microsoft Intune
-Microsoft Intune can be used to deploy apps such as Immersive Reader and Microsoft Translator to all the devices connected in the same groups.
-1. Go to the Intune for Education portal and log in with your account.
-2. Select the **Apps** page.
-3. Find the app you're looking for in the included list (if it's not there, you can select **Add app** and download it from the Microsoft Store).
-4. Selecting your app will show you if it has been deployed to any of the groups that have been set up. From the **Groups** page you can select **Change group assignment** and choose which groups you want to deploy the app(s) to.
-
-## How to show/hide the Ease of access settings for text in Windows 10
-The Ease of access settings in Windows 10 are very useful accessibility tools, but having those options could be a bit much for everyone in a group to have in their device. With the following instructions you can chose to hide or show the Ease of access settings on users' devices.
-1. Go to the Intune for Education portal and login with your account.
-2. Select the **Groups** page and then select your desired group.
-3. Select **Settings** and under the **User access and device settings** section you will find the toggle to set **Ease of access** to **Blocked** or **Not blocked**.
-4. Select **Save** after making your selection.
-
-## How to change your Office 365 account from monthly, semi-annual, or yearly
-Depending on how you plan to do billing, you can have Office 365 accounts that are set to renew monthly, semi-annually, or yearly.
-1. Sign-in to your services and subscriptions with your Microsoft account.
-2. Find the subscription in the list, then select **Change how you pay**.
- >**Note:** If you don't see **Change how you pay**, it could be because auto-renew is not turned on. You won't be able to change how you pay if auto-renew is off because the subscription has already been paid and will end when its duration expires.
-3. Choose a new way to pay from the list or select **Add a new way to pay** and follow the instructions.
diff --git a/education/get-started/set-up-office365-edu-tenant.md b/education/get-started/set-up-office365-edu-tenant.md
deleted file mode 100644
index 01a5f5b4a9..0000000000
--- a/education/get-started/set-up-office365-edu-tenant.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-title: Set up an Office 365 Education tenant
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 10/09/2017
----
-
-# Set up an Office 365 Education tenant
-
-> [!div class="step-by-step"]
-[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
-[Use School Data Sync to import student data >>](use-school-data-sync.md)
-
-Schools can use Office 365 to save time and be more productive. Built with powerful tools and accessible from any device, setting it up is the first step in getting your school to the cloud.
-
-Don't have an Office 365 for Education verified tenant or just starting out? Follow these steps to set up an Office 365 for Education tenant. [Learn more about Office 365 for Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
-
-> [!VIDEO https://www.youtube.com/embed/X7bscA-knaY]
-
-You can watch the descriptive audio version here: [Microsoft Education: Set up an Office 365 Education tenant (DA)](https://www.youtube.com/watch?v=d5tQ8KoB3ic)
-
-## To set up a new Office 365 Education tenant
-
-1. Go to the Office 365 for Education sign up page to sign up for a free subscription for your school.
-2. Create an account and a user ID and password to use to sign into your account.
-
- **Figure 1** - Office 365 account creation
-
- 
-
-3. Save your sign-in info so you can use it to sign in to https://portal.office.com (the sign-in page). Click **You're ready to go...**
-4. In the **Verify eligibility for Microsoft Office 365 for Education** screen:
- 1. Add your domain name and follow the steps to confirm ownership of the domain.
- 2. Choose your DNS hosting provider to see step-by-step instructions on how to confirm that you own the domain.
-
- In some cases, you may need to wait several hours for the DNS verification to complete. You can click **I'll verify later** and come back later and log into the Office 365 portal and then go to the **Admin** center and select **Domains** to check the status entry for your domain.
-
- You may need to fill in other information to provide that you qualify for an education tenant. Provide and submit the info to Microsoft to continue verification for your tenant.
-
-As part of setting up a basic cloud infrastructure, you don't need to complete the rest of the Office 365 for Education setup so we will skip the rest of setup for now and start importing school data. You can pick up where you left off with Office 365 for Education setup once you've completed the rest of the steps in the walkthrough. See *Complete Office 365 for Education setup* in [Finish Windows 10 device setup and other tasks](finish-setup-and-other-tasks.md) for info.
-
-> [!div class="step-by-step"]
-[<< Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
-[Use School Data Sync to import student data >>](use-school-data-sync.md)
-
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/set-up-windows-10-education-devices.md b/education/get-started/set-up-windows-10-education-devices.md
deleted file mode 100644
index a62a0e282d..0000000000
--- a/education/get-started/set-up-windows-10-education-devices.md
+++ /dev/null
@@ -1,35 +0,0 @@
----
-title: Set up Windows 10 education devices
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 10/09/2017
----
-
-# Set up Windows 10 education devices
-
-> [!div class="step-by-step"]
-[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-[Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
-
-We recommend using the latest build of Windows 10, version 1703 on your education devices.
-
-To set up new Windows 10 devices and enroll them to your education tenant, choose from one of these options and follow the link to watch the video or follow the step-by-step guide:
-- **Option 1: [Use the Set up School PCs app](https://docs.microsoft.com/education/windows/use-set-up-school-pcs-app)** - You can use the app to create a setup file that you can use to quickly set up one or more Windows 10 devices.
-- **Option 2: [Go through Windows OOBE and join the device to Azure AD](set-up-windows-education-devices.md)** - You can go through a typical Windows 10 device setup or first-run experience to configure your device.
-
-> [!div class="step-by-step"]
-[<< Use Intune for Education to manage groups, apps, and settings](use-intune-for-education.md)
-[Finish setup and other tasks >>](finish-setup-and-other-tasks.md)
-
-
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/get-started/set-up-windows-education-devices.md b/education/get-started/set-up-windows-education-devices.md
deleted file mode 100644
index e1f8ef557e..0000000000
--- a/education/get-started/set-up-windows-education-devices.md
+++ /dev/null
@@ -1,47 +0,0 @@
----
-title: Set up Windows 10 devices using Windows OOBE
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 07/28/2017
----
-
-# Set up Windows 10 devices using Windows OOBE
-
-If you are setting up a Windows 10 device invidividually, and network bandwidth is not an issue, you can go through the Windows 10 first-run setup experience, also known as OOBE (out-of-box-experience) to set up the device, and join it to your school's Office 365 and Azure Active Directory.
-
-You can watch the video to see how this is done, or follow the step-by-step guide.
-
-> [!VIDEO https://www.youtube.com/embed/nADWqBYvqXk]
-
-You can watch the descriptive audio version here: [Microsoft Education: Set up a new Windows 10 education devices using the Windows setup experience (DA)](https://www.youtube.com/watch?v=_UtS1Cz2Pno)
-
-## To set up Windows 10 devices using OOBE
-
-1. If you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired or Ethernet connection.
-2. Go through the Windows device setup experience. On a new or reset device, this starts with the **Let's start with region. Is this right?** screen.
-
- **Figure 1** - Let's start with region
-
- 
-
-3. Continue with setup. In the **How would you like to set up?** screen, select **Set up for an organization**.
-
- **Figure 2** - Select setup for an organization
-
- 
-
-4. Sign in using the user's account and password. Depending on the user password setting, you may be prompted to update the password.
-5. Choose privacy settings for the device. Location, speech recognition, diagnostics, and other settings are all on by default. Configure the settings based on the school's policies.
-6. Click **Accept** to go through the rest of device setup.
-
-
-## Related topic
-[Set up Windows 10 education devices](set-up-windows-10-education-devices.md)
\ No newline at end of file
diff --git a/education/get-started/use-intune-for-education.md b/education/get-started/use-intune-for-education.md
deleted file mode 100644
index d1ab32cfa9..0000000000
--- a/education/get-started/use-intune-for-education.md
+++ /dev/null
@@ -1,222 +0,0 @@
----
-title: Use Intune for Education to manage groups, apps, and settings
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 08/29/2017
----
-
-# Use Intune for Education to manage groups, apps, and settings
-
-> [!div class="step-by-step"]
-[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
-
-Intune for Education is a streamlined device management solution for educational institutions that can be used to quickly set up and manage Windows 10 devices for your school. It provides a new streamlined UI with the enterprise readiness and resiliency of the Intune service. You can learn more about Intune for Education by reading the Intune for Education documentation.
-
-## Example - Set up Intune for Education, buy apps from the Store, and install the apps
-In this walkthrough, we'll go through a sample scenario and walk you through the steps to:
-- [Use express configuration to quickly set up Intune for Education](#set-up-intune-for-education)
-- [Use Intune for Education to buy apps from the Microsoft Store for Education](#add-apps-bought-from-microsoft-store-for-education)
-- [Use Intune for Education to install the apps for all users in your tenant](#install-apps-for-all-users)
-
-Note that for verified education tenants, Microsoft automatically provisions your app catalog with these apps so you will see them appear on your Intune for Education catalog even before you've bought any apps:
-- Excel
-- Fresh Paint
-- Minecraft: Education Edition
-- OneNote
-- PowerPoint
-- Sway
-- Word
-
- > [!NOTE]
- > Apps that you own in the Microsoft Store for Education are automatically available in Intune for Education. Any changes you make to your purchases get reflected in Intune for Education.
-
-You can watch the video to see how this is done, or follow the step-by-step guide.
-
-> [!VIDEO https://www.youtube.com/embed/c3BLoZZw3TQ]
-
-You can watch the descriptive audio version here: [Microsoft Education: Use Intune for Education to manage groups, apps, and settings (DA)](https://youtu.be/Tejxfc4V7cQ)
-
-## Set up Intune for Education
-Intune for Education provides an **Express configuration** option so you can get going right away. We'll use that option here.
-
-1. Log into the Intune for Education console. You will see the Intune for Education dashboard once you're logged in.
-
- **Figure 1** - Intune for Education dashboard
-
- 
-
-2. On the dashboard, click **Launch Express Configuration**, or select the **Express configuration** option on the menu on the left.
-3. In the **Welcome to Intune for Education** screen, click **Get started**.
-
- **Figure 2** - Click Get started to set up Intune for Education
-
- 
-
-4. In the **Get school information (optional)** screen, it should indicate that SDS is already configured. Click **Next**.
-
- **Figure 3** - SDS is configured
-
- 
-
-5. In the **Choose group** screen, select **All Users**. All apps and settings that we select during express setup will apply to this group.
-
- You can choose another group during this step, but note that your experience may vary from what we show in the walkthrough.
-
-6. The **Next** button will appear at the bottom of the screen after you select **All Users**. Click **Next**.
-
- > [!TIP]
- > At the top of the screen, did you notice the **Choose group** button change to a green check mark? This means we are done with that step. If you change your mind or need to make changes, simply click on the button to go back to that step. Try it!
- >
- > **Figure 4** - Click on the buttons to go back to that step
- >
- > 
-
-7. In the **Choose apps** screen, you will see a selection of Web apps, Microsoft Store apps, and desktop (Win32) apps. You will also see a list of popular apps from each category.
-
- - Add or remove apps by clicking on them. A blue checkmark means the app is added and will be installed for all members of the group selected in the **Choose group** step.
-
- In this walkthrough, it's up to you to select the apps you choose to install. Just remember what they are so that later in the walkthrough you can verify that the apps were installed correctly on the device.
-
- > [!TIP]
- > Web apps are pushed as links in the Windows Start menu under **All apps**. If you want apps to appear in Microsoft Edge browser tabs, use the **Homepages** setting for Microsoft Edge through **Express configuration** or **Manage Users and Devices**.
-
- **Figure 5** - Choose the apps that you want to install for the group
-
- 
-
-8. When you're done choosing apps, click **Next** at the bottom of the screen.
-
- If you select Microsoft Store apps, you will see a notification that Intune for Education is getting these apps.
-
-8. In the **Choose settings** screen, we will set the settings to apply to the group. Click the reverse caret (downward-facing arrow) to expand the settings group and get more information about each setting in that settings group.
-
- **Figure 6** - Expand the settings group to get more details
-
- 
-
-9. For this walkthrough, set the following settings:
- - In the **Microsoft Edge settings** group, change the **Do-Not-Track headers** setting to **Require**.
- - In the **App settings** group, change the **Microsoft Store for Business apps** setting to **Block**, and then set the **Require Microsoft Store for Business apps to be installed from private store** to **Require**.
-
- **Figure 28** - Set some additional settings
-
- 
-
-10. Click **Next**. In the **Review** screen, you will see a summary of the apps and settings you selected to apply.
-
- **Figure 7** - Review the group, apps, and settings you configured
-
- 
-
-11. Click **Save** to end express configuration.
-12. You will see the **You're done!** screen which lets you choose one of two options.
-
- **Figure 8** - All done with Intune for Education express configuration
-
- 
-
-13. Click **All done** or click the **X** on the upper-right corner of the screen to dismiss this screen and go back to the dashboard.
-
-## Add apps bought from Microsoft Store for Education
-
-- **Example 1 - Minecraft: Education Edition**
-
- If you would like to purchase Minecraft: Education Edition or want to learn how to get, distribute, and manage permissions for Minecraft: Education Edition, see For IT administrators - get Minecraft: Education Edition.
-
-- **Example 2 - Free educational/reference apps**
-
- 1. In the Intune for Education console, click **Apps** from the menu on the left.
-
- **Figure 9** - Click on **Apps** to see the list of apps for your tenant
-
- 
-
- 2. In the **Store apps** section, click **+ New app**. This will take you to the Microsoft Store for Education portal and you will already be signed in.
-
- **Figure 10** - Select the option to add a new Store app
-
- 
-
- 3. In the Microsoft Store page, check some of the categories for suggested apps or search the Store for a free educational or reference app. Find ones that you haven't already installed during express setup for Intune for Education.
-
- For example, these apps are free:
- - Duolingo - Learn Languages for Free
- - Flashcards Pro
- - Khan Academy
- - My Study Life
-
- 4. Find or select the app you want to install and click **Get the app**.
- 5. In the app's Store page, click the **...** button and select **Add to private store**.
- 6. Repeat steps 3-5 to install another app or move to the next step.
- 7. In the Microsoft Store for Education portal, select **Manage > Apps & software > Manage apps** to verify that the apps you purchased appear in your inventory.
-
- For example, if you bought Duolingo and Khan Academy, they will show up in your inventory along with the apps that Microsoft automatically provisioned for your education tenant.
-
- **Figure 11** - Apps inventory in Microsoft Store for Education
-
- 
-
- In the **Private store** column of the **Apps & software** page, the status for some apps will indicate that it's "In private store" while others will say "Not in private store". We won't go over this in the walkthrough, but you can learn more about this in Distribute apps using your private store.
-
- > [!NOTE]
- > You'll see in the above screenshot that some apps say that **Add is in progress**. Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune for Education to sync all your purchased apps.
-
-## Install apps for all users
-
-Now that you've bought the apps, use Intune for Education to specify the group to install the apps for. Here, we'll show you how to install the apps you bought for all devices used by all users in your tenant.
-
-1. In the Intune for Education console, click the **Groups** option from the menu on the left.
-
- **Figure 12** - Groups page in Intune for Education
-
- 
-
-2. In the **Groups** page, select **All Users** from the list of groups on the left, and then click **Users** in the taskbar at the top of the **All Users** page.
-
- **Figure 13** - List of all users in the tenant
-
- 
-
-3. In the taskbar at the top, select **Apps** and then click **Edit apps** to see a list of available apps.
-
- **Figure 14** - Edit apps to assign them to users
-
- 
-
-4. Select the apps to deploy to the group. A blue checkmark will appear next to the apps you select.
-
- **Figure 15** - Select the apps to deploy to the group
-
- 
-
-5. Once you're done, click **Save** at the bottom of the page to deploy the selected apps to the group.
-6. You'll be notified that app assignments are being updated. The updated **All Users** groups page now include the apps you selected.
-
- **Figure 16** - Updated list of assigned apps
-
- 
-
-You're now done assigning apps to all users in your tenant. It's time to set up your Windows 10 device(s) and check that your cloud infrastructure is correctly set up and your apps are being pushed to your devices from the cloud.
-
-
-
-> [!div class="step-by-step"]
-[<< Configure Microsoft Store for Education](configure-microsoft-store-for-education.md)
-[Set up Windows 10 education devices >>](set-up-windows-10-education-devices.md)
-
-
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
\ No newline at end of file
diff --git a/education/get-started/use-school-data-sync.md b/education/get-started/use-school-data-sync.md
deleted file mode 100644
index f2bcfb50f9..0000000000
--- a/education/get-started/use-school-data-sync.md
+++ /dev/null
@@ -1,172 +0,0 @@
----
-title: Use School Data Sync to import student data
-description: Learn how to use the new Microsoft Education system to set up a cloud infrastructure for your school, acquire devices and apps, and configure and deploy policies to your Windows 10 devices.
-keywords: education, Microsoft Education, full cloud IT solution, school, deploy, setup, manage, Windows 10, Intune for Education, Office 365 for Education, School Data Sync, Microsoft Teams, Microsoft Store for Education, Azure AD, Set up School PCs
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.topic: get-started
-ms.localizationpriority: medium
-ms.pagetype: edu
-author: CelesteDG
-ms.author: celested
-ms.date: 07/10/2017
----
-
-# Use School Data Sync to import student data
-
-> [!div class="step-by-step"]
-[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
-
-School Data Sync (SDS) helps you import Student Information System (SIS) data into Office 365. It helps automate the process for importing and integrating SIS data that you can use with Office 365 and apps like OneNote Class Notebooks.
-
-Follow all the steps in this section to use SDS and sample CSV files in a trial environment. To use SDS in a production environment, see step 2 in [Try out Microsoft Education in a production environment](https://docs.microsoft.com/education/get-started/get-started-with-microsoft-education#setup-options) instead.
-
-You can watch the video to see how this is done, or follow the step-by-step guide.
-
-> [!VIDEO https://www.youtube.com/embed/ehSU8jr8T24]
-
-You can watch the descriptive audio version here: [Microsoft Education: Use School Data Sync to import student data (DA)](https://www.youtube.com/watch?v=l4b086IMtvc)
-
-## Download sample school data
-
-1. Go to the O365-EDU-Tools GitHub site.
-2. Click the green **Clone or download** button to download the SDS sample files.
-
- **Figure 1** - Download the SDS sample files from GitHub
-
- 
-
-3. In the **Clone with HTTPS** pop-up window, choose **Download ZIP** and note the location where you're saving the folder.
-4. Go to the folder where you saved the .zip and unzip the files.
-5. Open the **O365-EDU-Tools-master** folder and then open the **CSV Samples** subfolder. Confirm that you can see the following sample CSV files.
-
- **Figure 2** - Sample CSV files
-
- 
-
- > [!NOTE]
- > - The sample CSV files uses sample accounts and passwords. If you are using the sample files for testing, remember the accounts and their corresponding passwords. You may be asked to change the password during your first sign in.
- > - If you are modifying the sample CSV files to use in your organization, change the accounts and passwords to match the user accounts and passwords in your organization.
- > - If you are using CSV files from your existing production environment, see the detailed instructions in step 5 in the next section.
-
-To learn more about the CSV files that are required and the info you need to include in each file, see CSV files for School Data Sync. If you run into any issues, see School Data Sync errors and troubleshooting.
-
-## Use SDS to import student data
-
-1. If you haven't done so already, go to the SDS portal, https://sds.microsoft.com.
-2. Click Sign in. Then enter your O365 Global Admin account credentials.
-3. After logging in, click **+ Add Profile** in the left hand navigation pane to create a Sync Profile.. This opens up the new profile setup wizard within the main page.
-
- **Figure 3** - New SDS profile setup wizard
-
- 
-
-4. For the new profile, in the **How do you want to connect to your school?** screen:
-
- 1. Enter a name for your profile, such as *Contoso_Elementary_Profile*.
- 2. Select a sync method for your profile. For this walkthrough, select **Upload CSV Files**.
- 3. Select the type of CSV files that you're using. For this walkthrough, select **CSV files: SDS Format**.
- 4. Click **Start**.
-
-5. In the **Sync options** screen:
-
- 1. In the **Select new or existing users** section, you can select either **Existing users** or **New users** based on the scenaro that applies to you. For this walkthrough, select **New users**.
- 2. In the **Import data** section, click **Upload Files** to bring up the **Select data files to be uploaded** window.
- 3. In the **Select data files to be uploaded** window, click **+ Add Files** and navigate to the directory where you saved the six CSV files required for data import.
- 4. In the File Explorer window, you will see a folder for the sample CSV files for the UK and six sample CSV files for the US. Select the CSV files that match your region/locale, and then click **Open**.
- 5. In the **Select data files to be uploaded** window, confirm that all six CSV files (School.csv, Section.csv, Student.csv, StudentEnrollment.csv, Teacher.csv, and TeacherRoster.csv) are listed and then click **Upload**.
-
- > [!NOTE]
- > After you click **Upload**, the status in the **Select data files to be uploaded** window will indicate that files are being uploaded and verified.
-
- 6. After all the files are successfully uploaded, click **OK**.
- 7. In the **Select school and section properties** section, ensure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties, or deselect any properties, make sure you have the properties and values contained within the CSV files. For the walkthrough, you don't have to change the default.
- 8. In the Replace Unsupported Special Characters section, checking this box will allow SDS to automatically replace unsupported special characters while the sync is running. Special characters will be replaced with an "_", and no longer result in an error during the sync process for that object.
- 9. In the **Sync option for Section Group Display Name**, check the box if you want to allow teachers to overwrite the section names. Otherwise, SDS will always reset the display name value for sections to the value contained within the CSV files.
- 10. In the **Student enrollment option** section:
- * If you want to sync your student roster data immediately, leave the box unchecked.
- * If you prefer to sync student enrollment/rostering data at a later date, check this box and then pick a date by clicking the empty box and selecting the appropriate date in the calendar when you would like to begin syncing your student roster data. Some schools prefer to delay syncing student roster data so they don't expose rosters before the start of the new term, semester, or school year.
- 11. In the Default Term Dates section, You can set default start and end dates for Section terms. These dates will only be used if you do not provide these dates in your CSV files. If you upload files with Section start and end dates, you will be asked to select the format of the dates provided. If the format that you enter does not match the format of start and end dates in your files, you will receive an error message and need to edit the date format so that it matches the format in your files.
- 12. In the **License Options** section, check the box for **Intune for Education** to allow students and teachers to receive the Intune for Education license. This will also create the SDS dynamic groups and security groups, which will be used within Intune for Education.
- 13. Click **Next**.
-
- **Figure 4** - Sync options for the new profile
-
- 
-
-6. In the **Teacher options** screen:
-
- 1. Select the domain for the teachers. SDS appends the selected domain suffix to the teacher's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The teacher will log in to Office 365 with the UserPrincipalName once the account is created.
- * Primary Key (Source Directory) - This is the Teacher attribute in the CSV file used for SDS Identity Matching. Watch the Identity Matching video for additional information on how to select the appropriate source directory attribute, and properly configure the identity matching settings for teacher.
- * Primary Key (Target Directory) - This is the User attribute in Azure AD used for SDS Identity Matching. Watch the Identity Matching video for additional information on how to select the appropriate target directory attribute, and properly configure the identity matching settings for the teacher.
- * Domain (optional) - This is an optional domain value that you can add to the selected Source Directory attribute to complete your Teacher Identity Matching. If you need to match to a UserPrincipalName or Mail attribute, you must have a domain included in the string. Your source attribute must either include the domain already or you can append the appropriate domain to the source attribute using this dropdown menu.
-
- 2. In the **Select teacher properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
-
- 3. In the **License assignment** section, choose the SKU to assign licenses for teachers.
-
- 4. Click **Next**.
-
- **Figure 5** - Specify options for teacher mapping
-
- 
-
-7. In the **Student options** screen:
-
- 1. Select the domain for the students. SDS appends the selected domain suffix to the student's username attribute contained in the CSV file, to build the UserPrincipalName for each user in Office 365/Azure Active Directory during the account creation process. The student will log in to Office 365 with the UserPrincipalName once the account is created.
- 2. In the **Select student properties** section, make sure the attributes that have been automatically selected for you align to your CSV files. If you select additional properties or deselect any properties, make sure you have the corresponding properties and values contained within the CSV files. For this walkthrough, you don't have to change the default.
- 3. In the **License assignment** section, choose the SKU to assign licenses for students.
- 4. Click **Next**.
-
- **Figure 6** - Specify options for student mapping
-
- 
-
-8. In the profile **Review** page, review the summary and confirm that the options selected are correct.
-9. Click **Create profile**. You will see a notification that your profile is being submitted and then you will see a page for your profile.
-
- **Figure 7** - SDS profile page
-
- 
-
-10. After the profile is created and the status indicates as **Setting up**, refresh the page until you see the status change to **Sync in progress**. Beneath the **Sync in progress** status, you will see which of the 5 sync stages SDS is working on:
- * Stage 1 - Validating data
- * Stage 2 - Processing schools and sections
- * Stage 3 - Processing students and teachers
- * Stage 4 - Adding students and teachers into sections
- * Stage 5 - Setting up security groups
-
- If you don't see a **Sync in progress** status on the sync profile, and receive an error message instead, this indicates that SDS has encountered data issues during the pre-sync validation check and has not started syncing your data. This gives you the opportunity to fix the errors identified by the pre-sync validation checks before continuing. Once you've fixed any errors or if you prefer to continue with the errors and begin syncing your data anyway, click the **Resume sync** button to start the sync process.
-
- Once you've completed all five sync stages, your profile status will update one final time.
- * If you haven't encountered any errors, you will see a green check mark which states **Everything is ok**, and the profile status will change to **Sync complete. Ready for more data.**
- * If SDS encountered sync errors, you will see a red status icon that indicates an error, and a profile status of **Sync complete. Profile contains multiple errors**. Download the available error report to identify and fix your sync errors. Once complete, upload new files as needed and re-sync your data until errors are resolved.
-
- Here are some examples of what the sync status can look like:
-
- **Figure 8** - New profile: Sync in progress
-
- 
-
- **Figure 9** - New profile: Sync complete - no errors
-
- 
-
- **Figure 10** - New profile: Sync complete - with errors
-
- 
-
- Sync times, like file download times, can vary widely depending on when you start the sync, how much data you are syncing, the complexity of your data (such as the number of users, schools, and class enrollments), overall system/network load, and other factors. Two people who start a sync at the same time may not have their syncs complete at the same time.
-
- You can refresh the page to confirm that your profile synced successfully.
-
-That's it for importing sample school data using SDS.
-
-> [!div class="step-by-step"]
-[<< Set up an Office 365 education tenant](set-up-office365-edu-tenant.md)
-[Configure Microsoft Store for Education >>](configure-microsoft-store-for-education.md)
-
-## Related topic
-[Get started: Deploy and manage a full cloud IT solution with Microsoft Education](get-started-with-microsoft-education.md)
diff --git a/education/images/EDU-Apps-Mgmt.svg b/education/images/EDU-Apps-Mgmt.svg
new file mode 100644
index 0000000000..862f0e12ff
--- /dev/null
+++ b/education/images/EDU-Apps-Mgmt.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Deploy.svg b/education/images/EDU-Deploy.svg
new file mode 100644
index 0000000000..1a0d67fd67
--- /dev/null
+++ b/education/images/EDU-Deploy.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Device-Mgmt.svg b/education/images/EDU-Device-Mgmt.svg
new file mode 100644
index 0000000000..92fb95141f
--- /dev/null
+++ b/education/images/EDU-Device-Mgmt.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Education.svg b/education/images/EDU-Education.svg
new file mode 100644
index 0000000000..146dd00257
--- /dev/null
+++ b/education/images/EDU-Education.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-FindHelp.svg b/education/images/EDU-FindHelp.svg
new file mode 100644
index 0000000000..fea3109134
--- /dev/null
+++ b/education/images/EDU-FindHelp.svg
@@ -0,0 +1,32 @@
+
+
+
diff --git a/education/images/EDU-ITJourney.svg b/education/images/EDU-ITJourney.svg
new file mode 100644
index 0000000000..e42fe12104
--- /dev/null
+++ b/education/images/EDU-ITJourney.svg
@@ -0,0 +1,31 @@
+
+
+
diff --git a/education/images/EDU-Lockbox.svg b/education/images/EDU-Lockbox.svg
new file mode 100644
index 0000000000..8133127433
--- /dev/null
+++ b/education/images/EDU-Lockbox.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Tasks.svg b/education/images/EDU-Tasks.svg
new file mode 100644
index 0000000000..f1339ea705
--- /dev/null
+++ b/education/images/EDU-Tasks.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDU-Teachers.svg b/education/images/EDU-Teachers.svg
new file mode 100644
index 0000000000..4cdb2b3e7d
--- /dev/null
+++ b/education/images/EDU-Teachers.svg
@@ -0,0 +1,27 @@
+
+
+
diff --git a/education/images/EDUAdmins.svg b/education/images/EDUAdmins.svg
new file mode 100644
index 0000000000..d512fb942f
--- /dev/null
+++ b/education/images/EDUAdmins.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDUDevelopers.svg b/education/images/EDUDevelopers.svg
new file mode 100644
index 0000000000..900159699a
--- /dev/null
+++ b/education/images/EDUDevelopers.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/EDUPartners.svg b/education/images/EDUPartners.svg
new file mode 100644
index 0000000000..01b80c9a42
--- /dev/null
+++ b/education/images/EDUPartners.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/education/images/MSC17_cloud_005.png b/education/images/MSC17_cloud_005.png
new file mode 100644
index 0000000000..dfda08109c
Binary files /dev/null and b/education/images/MSC17_cloud_005.png differ
diff --git a/education/images/MSC17_cloud_012_merged.png b/education/images/MSC17_cloud_012_merged.png
new file mode 100644
index 0000000000..4defcaa59c
Binary files /dev/null and b/education/images/MSC17_cloud_012_merged.png differ
diff --git a/education/images/data-streamer.png b/education/images/data-streamer.png
new file mode 100644
index 0000000000..6473d9da33
Binary files /dev/null and b/education/images/data-streamer.png differ
diff --git a/education/images/education-partner-aep-2.svg b/education/images/education-partner-aep-2.svg
index 96ecbf019b..6bf0c2c3ac 100644
--- a/education/images/education-partner-aep-2.svg
+++ b/education/images/education-partner-aep-2.svg
@@ -1,4 +1,4 @@
-
-
+
### Add on-premises MDM to the app gallery
There are no special requirements for adding on-premises MDM to the app gallery.There is a generic entry for administrator to add an app to their tenant.
@@ -263,7 +261,7 @@ An MDM page must adhere to a predefined theme depending on the scenario that is
-
+
## Terms of Use protocol semantics
The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join protocol flow, Windows performs a full-page redirect to this endpoint. This enables the MDM to display the terms and conditions that apply and allows the user to accept or reject the terms associated with enrollment. After the user accepts the terms, the MDM redirects back to Windows for the enrollment process to continue.
@@ -305,7 +303,7 @@ The following parameters are passed in the query string:
-
+
### Access token
A bearer access token is issued by Azure AD is passed in the authorization header of the HTTP request. Here is a typical format:
@@ -336,7 +334,7 @@ The following claims are expected in the access token passed by Windows to the T
TID
-
A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.
+
A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.
Resource
@@ -344,10 +342,10 @@ The following claims are expected in the access token passed by Windows to the T
-
-> **Note** There is no device ID claim in the access token because the device may not yet be enrolled at this time.
+
+> Note There is no device ID claim in the access token because the device may not yet be enrolled at this time.
-
+
To retrieve the list of group memberships for the user, you can use the [Azure AD Graph API](https://go.microsoft.com/fwlink/p/?LinkID=613654).
Here's an example URL.
@@ -448,7 +446,7 @@ The following table shows the error codes.
-
+
## Enrollment protocol with Azure AD
With Azure integrated MDM enrollment, there is no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments.
@@ -588,7 +586,7 @@ With Azure integrated MDM enrollment, there is no discovery phase and the discov
-
+
## Management protocol with Azure AD
@@ -655,7 +653,7 @@ An alert is send to the MDM server in DM package\#1.
Here's an example.
-``` syntax
+```xml
1
@@ -916,9 +914,9 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di
-
+
-
+
diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index c0a57334bc..706b102207 100644
--- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -1,12 +1,14 @@
---
title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 01/17/2018
+ms.reviewer:
+manager: dansimp
---
# Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 7625ab46bb..82139a98a6 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -1,12 +1,15 @@
---
title: BitLocker CSP
description: BitLocker CSP
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
-ms.date: 12/06/2018
+author: lomayor
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer:
+manager: dansimp
---
# BitLocker CSP
@@ -15,7 +18,7 @@ ms.date: 12/06/2018
The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro.
-> [!Note]
+> [!NOTE]
> Settings are enforced only at the time encryption is started. Encryption is not restarted with settings changes.
> You must send all the settings together in a single SyncML to be effective.
@@ -26,45 +29,45 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation
The following diagram shows the BitLocker configuration service provider in tree format.
-
+
**./Device/Vendor/MSFT/BitLocker**
-
Defines the root node for the BitLocker configuration service provider.
+Defines the root node for the BitLocker configuration service provider.
**RequireStorageCardEncryption**
-
Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
+Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
+Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
- 0 (default) – Storage cards do not need to be encrypted.
-- 1 – Require Storage cards to be encrypted.
+- 1 – Require storage cards to be encrypted.
-
Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
-
-
If you want to disable this policy use the following SyncML:
+Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
-``` syntax
+If you want to disable this policy use the following SyncML:
+
+```xml
@@ -83,38 +86,55 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is integer. Supported operations are Add, Get, Replace, and Delete.
+Data type is integer. Supported operations are Add, Get, Replace, and Delete.
**RequireDeviceEncryption**
-
Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
+Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
+Data type is integer. Sample value for this node to enable this policy: 1.
+Supported operations are Add, Get, Replace, and Delete.
-
If you want to disable this policy use the following SyncML:
+Status of OS volumes and encryptable fixed data volumes are checked with a Get operation. Typically, BitLocker/Device Encryption will follow whichever value [EncryptionMethodByDriveType](#encryptionmethodbydrivetype) policy is set to. However, this policy setting will be ignored for self-encrypting fixed drives and self-encrypting OS drives.
-``` syntax
+Encryptable fixed data volumes are treated similarly to OS volumes. However, fixed data volumes must meet additional criteria to be considered encryptable:
+
+- It must not be a dynamic volume.
+- It must not be a recovery partition.
+- It must not be a hidden volume.
+- It must not be a system partition.
+- It must not be backed by virtual storage.
+- It must not have a reference in the BCD store.
+
+The following list shows the supported values:
+
+- 0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
+- 1 – Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).
+
+If you want to disable this policy, use the following SyncML:
+
+```xml
@@ -133,70 +153,69 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is integer. Supported operations are Add, Get, Replace, and Delete.
Allows you to set the default encrytion method for each of the different drive types. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
+Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)*
-
GP name: *EncryptionMethodWithXts_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
+
GP name: EncryptionMethodWithXts_Name
+
GP path: Windows Components/Bitlocker Drive Encryption
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.
+This setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.
-
If you enable this setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511.
+If you enable this setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10, version 1511.
-
If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.
+If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.
-
Sample value for this node to enable this policy and set the encryption methods is:
+ Sample value for this node to enable this policy and set the encryption methods is:
-``` syntax
+```xml
```
-
EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives
-
EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
-
EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.
+EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives
+EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
+EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.
-
The possible values for 'xx' are:
+ The possible values for 'xx' are:
- 3 = AES-CBC 128
- 4 = AES-CBC 256
- 6 = XTS-AES 128
- 7 = XTS-AES 256
-> [!Note]
+> [!NOTE]
> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.
-
If you want to disable this policy use the following SyncML:
+ If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -211,66 +230,66 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**SystemDrivesRequireStartupAuthentication**
-
This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup".
+This setting is a direct mapping to the Bitlocker Group Policy "Require additional authentication at startup".
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Require additional authentication at startup*
-
GP name: *ConfigureAdvancedStartup_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Require additional authentication at startup
+
GP name: ConfigureAdvancedStartup_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This setting is applied when you turn on BitLocker.
+This setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). This setting is applied when you turn on BitLocker.
-> [!Note]
+> [!NOTE]
> Only one of the additional authentication options can be required at startup, otherwise an error occurs.
-
If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.
+If you want to use BitLocker on a computer without a TPM, set the "ConfigureNonTPMStartupKeyUsage_Name" data. In this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive.
-
On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
+On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.
-> [!Note]
+> [!NOTE]
> In Windows 10, version 1703 release B, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
-
If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
+If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.
-
If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.
+If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.
-> [!Note]
+> [!NOTE]
> If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
-
Sample value for this node to enable this policy is:
+Sample value for this node to enable this policy is:
-``` syntax
+```xml
```
-
Data id:
+Data id:
ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive).
ConfigureTPMStartupKeyUsageDropDown_Name = (for computer with TPM) Configure TPM startup key.
@@ -279,22 +298,22 @@ The following diagram shows the BitLocker configuration service provider in tree
ConfigureTPMUsageDropDown_Name = (for computer with TPM) Configure TPM startup.
-
The possible values for 'xx' are:
+The possible values for 'xx' are:
true = Explicitly allow
false = Policy not set
-
The possible values for 'yy' are:
+The possible values for 'yy' are:
2 = Optional
1 = Required
0 = Disallowed
-
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -308,61 +327,61 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**SystemDrivesMinimumPINLength**
-
This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".
+This setting is a direct mapping to the Bitlocker Group Policy "Configure minimum PIN length for startup".
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name:*Configure minimum PIN length for startup*
-
GP name: *MinimumPINLength_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name:Configure minimum PIN length for startup
+
GP name: MinimumPINLength_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
+This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.
-> [!Note]
+> [!NOTE]
> In Windows 10, version 1703 release B, you can use a minimum PIN length of 4 digits.
>
>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
-
If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.
+If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.
-
If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.
+If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.
-
Sample value for this node to enable this policy is:
+Sample value for this node to enable this policy is:
-``` syntax
+```xml
```
-
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -377,70 +396,70 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**SystemDrivesRecoveryMessage**
-
This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name).
+This setting is a direct mapping to the Bitlocker Group Policy "Configure pre-boot recovery message and URL" (PrebootRecoveryInfo_Name).
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Configure pre-boot recovery message and URL*
-
GP name: *PrebootRecoveryInfo_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Configure pre-boot recovery message and URL
+
GP name: PrebootRecoveryInfo_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boot key recovery screen when the OS drive is locked.
-
+This setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boot key recovery screen when the OS drive is locked.
-
If you set the value to "1" (Use default recovery message and URL), the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and set the value "1" (Use default recovery message and URL).
-
-
If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.
-
-
If you set the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.
-
-
Sample value for this node to enable this policy is:
-``` syntax
+If you set the value to "1" (Use default recovery message and URL), the default BitLocker recovery message and URL will be displayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the default message, you must keep the policy enabled and set the value "1" (Use default recovery message and URL).
+
+If you set the value to "2" (Use custom recovery message), the message you set in the "RecoveryMessage_Input" data field will be displayed in the pre-boot key recovery screen. If a recovery URL is available, include it in the message.
+
+If you set the value to "3" (Use custom recovery URL), the URL you type in the "RecoveryUrl_Input" data field will replace the default URL in the default recovery message, which will be displayed in the pre-boot key recovery screen.
+
+Sample value for this node to enable this policy is:
+
+```xml
```
-
The possible values for 'xx' are:
+The possible values for 'xx' are:
- 0 = Empty
-- 1 = Use default recovery message and URL.
+- 1 = Use default recovery message and URL (in this case you don't need to specify a value for "RecoveryMessage_Input" or "RecoveryUrl_Input").
- 2 = Custom recovery message is set.
- 3 = Custom recovery URL is set.
- 'yy' = string of max length 900.
- 'zz' = string of max length 500.
-> [!Note]
+> [!NOTE]
> When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
-
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -455,93 +474,85 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-> [!Note]
+> [!NOTE]
> Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**SystemDrivesRecoveryOptions**
-
This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
+This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Choose how BitLocker-protected operating system drives can be recovered*
-
GP name: *OSRecoveryUsage_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Operating System Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Choose how BitLocker-protected operating system drives can be recovered
+
GP name: OSRecoveryUsage_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Operating System Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker.
+This setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the required startup key information. This setting is applied when you turn on BitLocker.
-
The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
-
-
In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
-
-
Set "OSHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
-
-
Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services), to choose which BitLocker recovery information to store in AD DS for operating system drives (OSActiveDirectoryBackupDropDown_Name). If you set "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you set "2" (Backup recovery password only), only the recovery password is stored in AD DS.
-
-
Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
-
-> [!Note]
-> If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
+The "OSAllowDRA_Name" (Allow certificate-based data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
-
If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
+In "OSRecoveryPasswordUsageDropDown_Name" and "OSRecoveryKeyUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
-
If this setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
+Set "OSHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
-
Sample value for this node to enable this policy is:
+Set "OSActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services), to choose which BitLocker recovery information to store in AD DS for operating system drives (OSActiveDirectoryBackupDropDown_Name). If you set "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you set "2" (Backup recovery password only), only the recovery password is stored in AD DS.
-``` syntax
+Set the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+
+> [!Note]
+> If the "OSRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
+
+If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
+
+If this setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
+
+Sample value for this node to enable this policy is:
+
+```xml
```
-
The possible values for 'xx' are:
-
-
true = Explicitly allow
-
false = Policy not set
-
-
+The possible values for 'xx' are:
+- true = Explicitly allow
+- false = Policy not set
-
The possible values for 'yy' are:
-
-
2 = Allowed
-
1 = Required
-
0 = Disallowed
-
+The possible values for 'yy' are:
+- 2 = Allowed
+- 1 = Required
+- 0 = Disallowed
-
The possible values for 'zz' are:
-
-
2 = Store recovery passwords only
-
1 = Store recovery passwords and key packages
-
-
+The possible values for 'zz' are:
+- 2 = Store recovery passwords only
+- 1 = Store recovery passwords and key packages
-
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -556,75 +567,74 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**FixedDrivesRecoveryOptions**
-
This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
+This setting is a direct mapping to the Bitlocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Choose how BitLocker-protected fixed drives can be recovered*
-
GP name: *FDVRecoveryUsage_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Fixed Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Choose how BitLocker-protected fixed drives can be recovered
+
GP name: FDVRecoveryUsage_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.
+This setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required credentials. This setting is applied when you turn on BitLocker.
-
The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
-
-
In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
-
-
Set "FDVHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
-
-
Set "FDVActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services) to enable saving the recovery key to AD.
-
-
Set the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
+The "FDVAllowDRA_Name" (Allow data recovery agent) data field is used to specify whether a data recovery agent can be used with BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents.
-
Set the "FDVActiveDirectoryBackupDropDown_Name" (Configure storage of BitLocker recovery information to AD DS) to choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "2" (Backup recovery password only) only the recovery password is stored in AD DS.
-
-> [!Note]
-> If the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field is set, a recovery password is automatically generated.
+In "FDVRecoveryPasswordUsageDropDown_Name" (Configure user storage of BitLocker recovery information) set whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key.
-
If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.
+Set "FDVHideRecoveryPage_Name" (Omit recovery options from the BitLocker setup wizard) to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setting.
-
If this setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
+Set "FDVActiveDirectoryBackup_Name" (Save BitLocker recovery information to Active Directory Domain Services) to enable saving the recovery key to AD.
-
Sample value for this node to enable this policy is:
+Set the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
-``` syntax
+Set the "FDVActiveDirectoryBackupDropDown_Name" (Configure storage of BitLocker recovery information to AD DS) to choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "1" (Backup recovery password and key package), both the BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "2" (Backup recovery password only) only the recovery password is stored in AD DS.
+
+> [!Note] > If the "FDVRequireActiveDirectoryBackup_Name" (Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives) data field is set, a recovery password is automatically generated.
+
+If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.
+
+If this setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
+
+Sample value for this node to enable this policy is:
+
+```xml
```
-
The possible values for 'xx' are:
+The possible values for 'xx' are:
true = Explicitly allow
false = Policy not set
-
The possible values for 'yy' are:
+The possible values for 'yy' are:
2 = Allowed
1 = Required
@@ -632,15 +642,15 @@ The following diagram shows the BitLocker configuration service provider in tree
-
The possible values for 'zz' are:
+The possible values for 'zz' are:
2 = Store recovery passwords only
1 = Store recovery passwords and key packages
-
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -655,54 +665,54 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**FixedDrivesRequireEncryption**
-
This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
+This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Deny write access to fixed drives not protected by BitLocker*
-
GP name: *FDVDenyWriteAccess_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Fixed Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Deny write access to fixed drives not protected by BitLocker
+
GP name: FDVDenyWriteAccess_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Fixed Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.
+This setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer.
-
If you enable this setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
+If you enable this setting, all fixed data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
-
Sample value for this node to enable this policy is:
+Sample value for this node to enable this policy is:
-``` syntax
+```xml
```
-
If you disable or do not configure this setting, all fixed data drives on the computer will be mounted with read and write access. If you want to disable this policy use the following SyncML:
+If you disable or do not configure this setting, all fixed data drives on the computer will be mounted with read and write access. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -717,67 +727,66 @@ The following diagram shows the BitLocker configuration service provider in tree
```
-
Data type is string. Supported operations are Add, Get, Replace, and Delete.
+Data type is string. Supported operations are Add, Get, Replace, and Delete.
**RemovableDrivesRequireEncryption**
-
This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
+This setting is a direct mapping to the Bitlocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
ADMX Info:
+ADMX Info:
-
GP English name: *Deny write access to removable drives not protected by BitLocker*
-
GP name: *RDVDenyWriteAccess_Name*
-
GP path: *Windows Components/Bitlocker Drive Encryption/Removeable Drives*
-
GP ADMX file name: *VolumeEncryption.admx*
+
GP English name: Deny write access to removable drives not protected by BitLocker
+
GP name: RDVDenyWriteAccess_Name
+
GP path: Windows Components/Bitlocker Drive Encryption/Removeable Drives
+
GP ADMX file name: VolumeEncryption.admx
-> [!Tip]
+> [!TIP]
> For a step-by-step guide to enable ADMX-backed policies, see [Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md). For additional information, see [Understanding ADMX-backed policies](understanding-admx-backed-policies.md).
-
This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
+This setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
-
If you enable this setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
+If you enable this setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
-
If the "RDVCrossOrg" (Deny write access to devices configured in another organization) option is set, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" group policy setting.
-
-
If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.
-
-> [!Note]
-> This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.
+If the "RDVCrossOrg" (Deny write access to devices configured in another organization) option is set, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" group policy setting.
-
Sample value for this node to enable this policy is:
+If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.
-``` syntax
+> [!Note] > This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.
+
+Sample value for this node to enable this policy is:
+
+```xml
```
-
The possible values for 'xx' are:
+The possible values for 'xx' are:
true = Explicitly allow
false = Policy not set
-
Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
+Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
$CmdID$
@@ -794,9 +803,9 @@ The following diagram shows the BitLocker configuration service provider in tree
**AllowWarningForOtherDiskEncryption**
-
Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.
+Allows the admin to disable the warning prompt for other disk encryption on the user machines that are targeted when the RequireDeviceEncryption policy is also set to 1.
-> [!Important]
+> [!IMPORTANT]
> Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. When RequireDeviceEncryption is set to 1 and AllowWarningForOtherDiskEncryption is set to 0, Windows will attempt to silently enable [BitLocker](https://docs.microsoft.com/windows/device-security/bitlocker/bitlocker-overview).
> [!Warning]
@@ -804,46 +813,46 @@ The following diagram shows the BitLocker configuration service provider in tree
-
Home
-
Pro
-
Business
-
Enterprise
-
Education
-
Mobile
-
Mobile Enterprise
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-
The following list shows the supported values:
+The following list shows the supported values:
- 0 – Disables the warning prompt. Starting in Windows 10, version 1803, the value 0 can only be set for Azure Active Directory joined devices. Windows will attempt to silently enable BitLocker for value 0.
- 1 (default) – Warning prompt allowed.
-``` syntax
+```xml
- 110
-
-
- ./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption
-
-
- int
-
- 0
-
+ 110
+
+
+ ./Device/Vendor/MSFT/BitLocker/AllowWarningForOtherDiskEncryption
+
+
+ int
+
+ 0
+
```
->[!NOTE]
+> [!NOTE]
>When you disable the warning prompt, the OS drive's recovery key will back up to the user's Azure Active Directory account. When you allow the warning prompt, the user who receives the prompt can select where to back up the OS drive's recovery key.
>
>The endpoint for a fixed data drive's backup is chosen in the following order:
@@ -856,11 +865,11 @@ The following diagram shows the BitLocker configuration service provider in tree
**AllowStandardUserEncryption**
Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where policy is pushed while current logged on user is non-admin/standard user Azure AD account.
-> [!Note]
+> [!NOTE]
> This policy is only supported in Azure AD accounts.
-
+
"AllowStandardUserEncryption" policy is tied to "AllowWarningForOtherDiskEncryption" policy being set to "0", i.e, silent encryption is enforced.
-
+
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
The expected values for this policy are:
@@ -870,7 +879,7 @@ The expected values for this policy are:
If you want to disable this policy use the following SyncML:
-``` syntax
+```xml
111
@@ -884,11 +893,166 @@ If you want to disable this policy use the following SyncML:
```
+
+**ConfigureRecoveryPasswordRotation**
+This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is int. Supported operations are Add, Delete, Get, and Replace.
+
+Supported values are:
+- 0 – Refresh off (default)
+- 1 – Refresh on for Azure AD-joined devices
+- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices
+
+**RotateRecoveryPasswords**
+This setting refreshes all recovery passwords for OS and fixed drives (removable drives are not included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. In case of errors, an error code will be returned so that server can take appropriate action to remediate.
+
+The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.
+
+Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client will not retry, but if needed, the server can re-issue the execute request.
+
+Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh.
+
+Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices cannot refresh recovery passwords if they are only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account.
+
+Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
+- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
+- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
+
+**Status**
+Interior node. Supported operation is Get.
+
+**Status/DeviceEncryptionStatus**
+This node reports compliance state of device encryption on the system.
+
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+
+Supported values:
+- 0 - Indicates that the device is compliant.
+- Any other value represents a non-compliant device.
+
+Value type is int. Supported operation is Get.
+
+**Status/RotateRecoveryPasswordsStatus**
+This node reports the status of RotateRecoveryPasswords request.
+
+Status code can be one of the following:
+
+- 2 – Not started
+- 1 - Pending
+- 0 - Pass
+- Any other code - Failure HRESULT
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is int. Supported operation is Get.
+
+**Status/RotateRecoveryPasswordsRequestID**
+This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
+
+
+
Home
+
Pro
+
Business
+
Enterprise
+
Education
+
Mobile
+
Mobile Enterprise
+
+
+
+
+
+
+
+
+
+
+
+Value type is string. Supported operation is Get.
+
### SyncML example
The following example is provided to show proper format and should not be taken as a recommendation.
-``` syntax
+```xml
@@ -934,7 +1098,7 @@ The following example is provided to show proper format and should not be taken
-
+
$CmdID$
@@ -951,7 +1115,7 @@ The following example is provided to show proper format and should not be taken
-
+
$CmdID$
@@ -964,7 +1128,7 @@ The following example is provided to show proper format and should not be taken
-
+
$CmdID$
@@ -979,7 +1143,7 @@ The following example is provided to show proper format and should not be taken
-
+
$CmdID$
@@ -1029,7 +1193,7 @@ The following example is provided to show proper format and should not be taken
-
+
$CmdID$
@@ -1042,8 +1206,8 @@ The following example is provided to show proper format and should not be taken
-
+
-```
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index 9d1fd9bf4d..19421997ba 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,12 +1,15 @@
---
title: BitLocker DDF file
description: BitLocker DDF file
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
-ms.date: 06/29/2018
+author: lomayor
+ms.localizationpriority: medium
+ms.date: 09/30/2019
+ms.reviewer:
+manager: dansimp
---
# BitLocker DDF file
@@ -18,9 +21,9 @@ This topic shows the OMA DM device description framework (DDF) for the **BitLock
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is the current version Windows 10, version 1809.
+The XML below is the current version for this CSP.
-``` syntax
+```xml
- com.microsoft/3.0/MDM/BitLocker
+ com.microsoft/5.0/MDM/BitLocker
@@ -734,6 +737,206 @@ The XML below is the current version Windows 10, version 1809.
+
+
+ ConfigureRecoveryPasswordRotation
+
+
+
+
+
+
+
+ Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
+ When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when
+ Active Directory back up for recovery password is configured to required.
+ For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
+ For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
+
+ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
+ 1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
+ 2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+
+ If you want to disable this policy use the following SyncML:
+
+
+ 112
+
+
+ ./Device/Vendor/MSFT/BitLocker/ConfigureRecoveryPasswordRotation
+
+
+ int
+
+ 0
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+
+
+ RotateRecoveryPasswords
+
+
+
+
+ Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
+ This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
+
+The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
+ * For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives."
+ *For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives."
+
+ Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes:
+
+* status\RotateRecoveryPasswordsStatus
+ * status\RotateRecoveryPasswordsRequestID
+
+
+
+Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
+
+
+ 113
+
+
+ ./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswords
+
+
+ chr
+
+ <RequestID/>
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Status
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DeviceEncryptionStatus
+
+
+
+
+ This node reports compliance state of device encryption on the system.
+ Value '0' means the device is compliant. Any other value represents a non-compliant device.
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ RotateRecoveryPasswordsStatus
+
+
+
+
+ This Node reports the status of RotateRecoveryPasswords request.
+ Status code can be one of the following:
+ NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ RotateRecoveryPasswordsRequestID
+
+
+
+
+ This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
+ This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus
+ To ensure the status is correctly matched to the request ID.
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/bootstrap-csp.md b/windows/client-management/mdm/bootstrap-csp.md
index e59f02fc74..1f88d3ae9f 100644
--- a/windows/client-management/mdm/bootstrap-csp.md
+++ b/windows/client-management/mdm/bootstrap-csp.md
@@ -2,11 +2,13 @@
title: BOOTSTRAP CSP
description: BOOTSTRAP CSP
ms.assetid: b8acbddc-347f-4543-a45b-ad2ffae3ffd0
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
@@ -16,12 +18,12 @@ ms.date: 06/26/2017
The BOOTSTRAP configuration service provider sets the Trusted Provisioning Server (TPS) for the device.
> **Note** BOOTSTRAP CSP is only supported in Windows 10 Mobile.
-
-
-
+>
+>
+>
> **Note** This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
-
+
The following image shows the BOOTSTRAP configuration service provider in tree format as used by Open Mobile Alliance (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
@@ -38,9 +40,9 @@ Required. Specifies the location of a Trusted Provisioning Server (TPS). The PRO
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md
index 343ffbf2c3..9e1c5633df 100644
--- a/windows/client-management/mdm/browserfavorite-csp.md
+++ b/windows/client-management/mdm/browserfavorite-csp.md
@@ -2,11 +2,13 @@
title: BrowserFavorite CSP
description: BrowserFavorite CSP
ms.assetid: 5d2351ff-2d6a-4273-9b09-224623723cbf
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
@@ -17,14 +19,14 @@ The BrowserFavorite configuration service provider is used to add and remove URL
> **Note** BrowserFavorite CSP is only supported in Windows Phone 8.1.
-
+
The BrowserFavorite configuration service provider manages only the favorites at the root favorite folder level. It does not manage subfolders under the root favorite folder nor does it manage favorites under a subfolder.
> **Note**
This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_INTERNET\_EXPLORER\_FAVORITES capabilities to be accessed from a network configuration application.
-
+
The following diagram shows the BrowserFavorite configuration service provider in tree format as used by Open Mobile Alliance Device (OMA) Client Provisioning. The OMA Device Management protocol is not supported with this configuration service provider.
@@ -35,7 +37,7 @@ Required. Specifies the user-friendly name of the favorite URL that is displayed
> **Note** The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
-
+
Adding the same favorite twice adds only one occurrence to the Favorites list. If a favorite is added when another favorite with the same name but a different URL is already in the Favorites list, the existing favorite is replaced with the new favorite.
@@ -47,7 +49,7 @@ Optional. Specifies the complete URL for the favorite.
Adding a new browser favorite.
-``` syntax
+```xml
@@ -96,16 +98,16 @@ The following table shows the Microsoft custom elements that this configuration
-
+
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
index 953ec2e528..d5a9dfc966 100644
--- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
+++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
@@ -2,11 +2,13 @@
title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business.
ms.assetid: 99E2F37D-1FF3-4511-8969-19571656780A
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 09/18/2017
---
@@ -35,7 +37,7 @@ The **Bulk assign and reclaim seats from users** operation returns reclaimed or
-
+
### URI parameters
The following parameters may be specified in the request URI.
@@ -71,13 +73,13 @@ The following parameters may be specified in the request URI.
-
+
## Response
### Response body
@@ -110,9 +112,9 @@ The response body contains [BulkSeatOperationResultSet](data-structures-windows-
-
+
-
+
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
index 8aa018c18c..2818c2e55f 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
@@ -1,15 +1,17 @@
---
title: Bulk enrollment
description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to re-image the devices. In Windows 10.
-MS-HAID:
-- 'p\_phdevicemgmt.bulk\_enrollment'
-- 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
+MS-HAID:
+ - 'p\_phdevicemgmt.bulk\_enrollment'
+ - 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
ms.assetid: DEB98FF3-CC5C-47A1-9277-9EF939716C87
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
@@ -30,12 +32,11 @@ On the desktop, you can create an Active Directory account, such as "enrollment@
On the desktop and mobile devices, you can use an enrollment certificate or enrollment username and password, such as "enroll@contoso.com" and "enrollmentpassword." These credentials are used in the provisioning package, which you can use to enroll multiple devices to the MDM service. Once the devices are joined, many users can use them.
->[!NOTE]
+> [!NOTE]
> - Bulk-join is not supported in Azure Active Directory Join.
> - Bulk enrollment does not work in Intune standalone environment.
-> - Bulk enrollment works in System Center Configuration Manager (SCCM) + Intune hybrid environment where the ppkg is generated from the SCCM console.
-
-
+> - Bulk enrollment works in Microsoft Endpoint Configuration Manager where the ppkg is generated from the Configuration Manager console.
+> - To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
## What you need
@@ -51,27 +52,27 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
-1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
-2. Click **Advanced Provisioning**.
+1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+2. Click **Advanced Provisioning**.
- 
-3. Enter a project name and click **Next**.
-4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**.
-5. Skip **Import a provisioning package (optional)** and click **Finish**.
-6. Expand **Runtime settings** > **Workplace**.
-7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**.
- The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
-8. On the left navigation pane, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
- Here is the list of available settings:
- - **AuthPolicy** - Select **OnPremise**.
- - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service.
- - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
- - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
- - **Secret** - Password
- For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
- Here is the screenshot of the ICD at this point.
- 
-9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
+ 
+3. Enter a project name and click **Next**.
+4. Select **All Windows editions**, since Provisioning CSP is common to all Windows 10 editions, then click **Next**.
+5. Skip **Import a provisioning package (optional)** and click **Finish**.
+6. Expand **Runtime settings** > **Workplace**.
+7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**.
+ The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
+8. On the left navigation pane, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
+ Here is the list of available settings:
+ - **AuthPolicy** - Select **OnPremise**.
+ - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service.
+ - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
+ - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
+ - **Secret** - Password
+ For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
+ Here is the screenshot of the ICD at this point.
+ 
+9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
10. When you are done adding all the settings, on the **File** menu, click **Save**.
11. On the main menu click **Export** > **Provisioning package**.
@@ -91,34 +92,34 @@ Using the ICD, create a provisioning package using the enrollment information re
Using the ICD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
-1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
-2. Click **Advanced Provisioning**.
-3. Enter a project name and click **Next**.
-4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions.
-5. Skip **Import a provisioning package (optional)** and click **Finish**.
-6. Specify the certificate.
- 1. Go to **Runtime settings** > **Certificates** > **ClientCertificates**.
- 2. Enter a **CertificateName** and then click **Add**.
- 3. Enter the **CertificatePasword**.
- 4. For **CertificatePath**, browse and select the certificate to be used.
- 5. Set **ExportCertificate** to False.
- 6. For **KeyLocation**, select **Software only**.
+1. Open the Windows ICD tool (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+2. Click **Advanced Provisioning**.
+3. Enter a project name and click **Next**.
+4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows 10 editions.
+5. Skip **Import a provisioning package (optional)** and click **Finish**.
+6. Specify the certificate.
+ 1. Go to **Runtime settings** > **Certificates** > **ClientCertificates**.
+ 2. Enter a **CertificateName** and then click **Add**.
+ 3. Enter the **CertificatePasword**.
+ 4. For **CertificatePath**, browse and select the certificate to be used.
+ 5. Set **ExportCertificate** to False.
+ 6. For **KeyLocation**, select **Software only**.
- 
-7. Specify the workplace settings.
- 1. Got to **Workplace** > **Enrollments**.
- 2. Enter the **UPN** for the enrollment and then click **Add**.
- The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
- 3. On the left column, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
- Here is the list of available settings:
- - **AuthPolicy** - Select **Certificate**.
- - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service.
- - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
- - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
- - **Secret** - the certificate thumbprint.
- For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
-8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
-9. When you are done adding all the settings, on the **File** menu, click **Save**.
+ 
+7. Specify the workplace settings.
+ 1. Got to **Workplace** > **Enrollments**.
+ 2. Enter the **UPN** for the enrollment and then click **Add**.
+ The UPN is a unique identifier for the enrollment. For bulk enrollment, this must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
+ 3. On the left column, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
+ Here is the list of available settings:
+ - **AuthPolicy** - Select **Certificate**.
+ - **DiscoveryServiceFullUrl** - specify the full URL for the discovery service.
+ - **EnrollmentServiceFullUrl** - Optional and in most cases, it should be left blank.
+ - **PolicyServiceFullUrl** - Optional and in most cases, it should be left blank.
+ - **Secret** - the certificate thumbprint.
+ For detailed descriptions of these settings, see [Provisioning CSP](provisioning-csp.md).
+8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (e.g., **Runtime settings** > **ConnectivityProfiles** > **WLANSetting**).
+9. When you are done adding all the settings, on the **File** menu, click **Save**.
10. Export and build the package (steps 10-13 in the procedure above).
11. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
12. Apply the package to your devices.
@@ -161,8 +162,7 @@ Here are links to step-by-step provisioning topics in Technet.
- [Provision PCs with apps and certificates for initial deployment](https://technet.microsoft.com/itpro/windows/deploy/provision-pcs-with-apps-and-certificates)
- [Provision PCs with common settings for initial deployment](https://technet.microsoft.com/itpro/windows/deploy/provision-pcs-for-initial-deployment)
-
-
+
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index 19669fb1b1..edb5e3bdfa 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -2,11 +2,13 @@
title: CellularSettings CSP
description: CellularSettings CSP
ms.assetid: ce8b6f16-37ca-4aaf-98b0-306d12e326df
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
@@ -51,16 +53,16 @@ The following image shows the CellularSettings CSP in tree format as used by Ope
-
+
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index 680d7840ab..042efca28b 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -2,11 +2,13 @@
title: Certificate authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
ms.assetid: 57DB3C9E-E4C9-4275-AAB5-01315F9D3910
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index a857467f1a..26580c5095 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -1,15 +1,17 @@
---
title: Certificate Renewal
description: The enrolled client certificate expires after a period of use.
-MS-HAID:
-- 'p\_phdevicemgmt.certificate\_renewal'
-- 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
+MS-HAID:
+ - 'p\_phdevicemgmt.certificate\_renewal'
+ - 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
ms.assetid: F910C50C-FF67-40B0-AAB0-CA7CE02A9619
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index aff0b23244..aab7f8755b 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -2,11 +2,13 @@
title: CertificateStore CSP
description: CertificateStore CSP
ms.assetid: 0fe28629-3cc3-42a0-91b3-3624c8462fd3
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 06/26/2017
---
@@ -17,7 +19,7 @@ The CertificateStore configuration service provider is used to add secure socket
> **Note** The CertificateStore configuration service provider does not support installing client certificates.
-
+
For the CertificateStore CSP, you cannot use the Replace command unless the node already exists.
@@ -32,7 +34,7 @@ Supported operation is Get.
> **Note** Root/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing root certificates.
-
+
**CA/System**
Defines the certificate store that contains cryptographic information, including intermediary certification authorities.
@@ -41,7 +43,7 @@ Supported operation is Get.
> **Note** CA/System is case sensitive. Please use the RootCATrustedCertificates CSP moving forward for installing CA certificates.
-
+
**My/User**
Defines the certificate store that contains public keys for client certificates. This is only used by enterprise servers to push down the public key of a client certificate. The client certificate is used by the device client to authenticate itself to the enterprise server for device management and downloading enterprise applications.
@@ -50,7 +52,7 @@ Supported operation is Get.
> **Note** My/User is case sensitive.
-
+
**My/System**
Defines the certificate store that contains public key for client certificate. This is only used by enterprise server to push down the public key of the client cert. The client cert is used by the device to authenticate itself to the enterprise server for device management and enterprise app downloading.
@@ -59,7 +61,7 @@ Supported operation is Get.
> **Note** My/System is case sensitive.
-
+
***CertHash***
Defines the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.
@@ -103,9 +105,9 @@ Supported operation is Get.
> **Note** Please use the ClientCertificateInstall CSP to install SCEP certificates moving forward. All enhancements to SCEP will happen in that CSP.
-
+
-**My/SCEP/****_UniqueID_**
+**My/SCEP/***UniqueID*
Required for SCEP certificate enrollment. A unique ID to differentiate certificate enrollment requests. Format is node.
Supported operations are Get, Add, Replace, and Delete.
@@ -117,7 +119,7 @@ Supported operations are Add, Replace, and Delete.
> **Note** Though the children nodes under Install support Replace commands, after the Exec command is sent to the device, the device takes the values that are set when the Exec command is accepted. You should not expect the node value change that occurs after the Exec command is accepted to impact the current undergoing enrollment. You should check the Status node value and make sure that the device is not at an unknown stage before changing the children node values.
-
+
**My/SCEP/*UniqueID*/Install/ServerURL**
Required for SCEP certificate enrollment. Specifies the certificate enrollment server. The server could specify multiple server URLs separated by a semicolon. Value type is string.
@@ -194,7 +196,7 @@ Required. Specifies the root CA thumbprint. It is a 20-byte value of the SHA1 ce
Supported operations are Get, Add, Delete, and Replace.
**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
-Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format **+**;**+**. Value type is chr.
+Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *\*+*\*;*\*+*\*. Value type is chr.
Supported operations are Get, Add, Delete, and Replace.
@@ -211,7 +213,7 @@ Valid values are one of the following:
> **Note** The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
-
+
**My/SCEP/*UniqueID*/Install/ValidPeriodUnits**
Optional. Specifies desired number of units used in validity period and subject to SCEP server configuration. Default is 0. The units are defined in ValidPeriod node. The valid period specified by MDM overwrites the valid period specified in the certificate template. For example, if ValidPeriod is days and ValidPeriodUnits is 30, it means the total valid duration is 30 days. Value type is an integer.
@@ -220,7 +222,7 @@ Supported operations are Get, Add, Delete, and Replace.
> **Note** The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) of the SCEP server as part of certificate enrollment request. How this valid period is used to create the certificate depends on the MDM server.
-
+
**My/SCEP/*UniqueID*/Install/Enroll**
Required. Triggers the device to start the certificate enrollment. The MDM server can later query the device to find out whether the new certificate is added. Value type is null, which means that this node does not contain a value.
@@ -277,7 +279,7 @@ Optional. Specifies the URL of certificate renewal server. If this node does not
> **Note** The renewal process follows the same steps as device enrollment, which means that it starts with Discovery service, followed by Enrollment policy service, and then Enrollment web service.
-
+
Supported operations are Add, Get, Delete, and Replace.
@@ -290,7 +292,7 @@ Supported operations are Add, Get, Delete, and Replace.
> **Note** When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
-
+
**My/WSTEP/Renew/RetryInterval**
Optional. Specifies the retry interval (in days) when the previous renewal failed. It applies to both manual certificate renewal and ROBO automatic certificate renewal. The retry schedule stops at the certificate expiration date.
@@ -305,7 +307,7 @@ Supported operations are Add, Get, Delete, and Replace.
> **Note** When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
-
+
**My/WSTEP/Renew/ROBOSupport**
Optional. Notifies the client if the MDM enrollment server supports ROBO auto certificate renewal. Value type is bool.
@@ -316,7 +318,7 @@ Supported operations are Add, Get, Delete, and Replace.
> **Note** When you set the renewal schedule over SyncML DM commands to ROBOSupport, RenewalPeriod, and RetryInterval, you must wrap them in Atomic commands.
-
+
**My/WSTEP/Renew/Status**
Required. Shows the latest action status for this certificate. Value type is an integer.
@@ -358,7 +360,7 @@ Supported operations are Add, Get, and Replace.
Add a root certificate to the MDM server.
-``` syntax
+```xml
1
@@ -377,7 +379,7 @@ Add a root certificate to the MDM server.
Get all installed client certificates.
-``` syntax
+```xml
1
@@ -392,7 +394,7 @@ Get all installed client certificates.
Delete a root certificate.
-``` syntax
+```xml
1
@@ -407,7 +409,7 @@ Delete a root certificate.
Configure the device to enroll a client certificate through SCEP.
-``` syntax
+```xml
100
@@ -586,7 +588,7 @@ Configure the device to enroll a client certificate through SCEP.
Configure the device to automatically renew an MDM client certificate with the specified renew period and retry interval.
-``` syntax
+```xml
1
@@ -627,9 +629,9 @@ Configure the device to automatically renew an MDM client certificate with the s
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index 820779ea14..9a2630fdb4 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -1,12 +1,14 @@
---
title: CertificateStore DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used only with OMA DM provisioning XML.
+description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML.
ms.assetid: D9A12D4E-3122-45C3-AD12-CC4FFAEC08B8
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: lomayor
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
**Device or User**
-
For device certificates, use **./Device/Vendor/MSFT** path and for user certificates use **./User/Vendor/MSFT** path.
+
For device certificates, use ./Device/Vendor/MSFT path and for user certificates use ./User/Vendor/MSFT path.
**ClientCertificateInstall**
The root node for the ClientCertificateInstaller configuration service provider.
@@ -38,7 +40,7 @@ The following image shows the ClientCertificateInstall configuration service pro
Supported operation is Get.
-**ClientCertificateInstall/PFXCertInstall/****_UniqueID_**
+**ClientCertificateInstall/PFXCertInstall/***UniqueID*
Required for PFX certificate installation. A unique ID to differentiate different certificate install requests.
The data type format is node.
@@ -70,7 +72,7 @@ The following image shows the ClientCertificateInstall configuration service pro
Supported operations are Get, Add, Delete, and Replace.
**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob**
-
CRYPT\_DATA\_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation.
+
CRYPT_DATA_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation.
The data type format is binary.
@@ -80,7 +82,7 @@ The following image shows the ClientCertificateInstall configuration service pro
If Add is called on this node for a new PFX, the certificate will be added. When a certificate does not exist, Replace operation on this node will fail.
-
In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT\_DATA\_BLOB, which can be found in [CRYPT\_INTEGER\_BLOB](https://go.microsoft.com/fwlink/p/?LinkId=523871).
+
In other words, using Replace or Add will result in the effect of either overwriting the old certificate or adding a new certificate CRYPT_DATA_BLOB, which can be found in CRYPT_INTEGER_BLOB.
**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertPassword**
Password that protects the PFX blob. This is required if the PFX is password protected.
@@ -107,7 +109,7 @@ The following image shows the ClientCertificateInstall configuration service pro
> **Note** You can only set PFXKeyExportable to true if KeyLocation=3. For any other KeyLocation value, the CSP will fail.
-
+
The data type bool.
Supported operations are Get, Add, and Replace.
@@ -138,8 +140,8 @@ The following image shows the ClientCertificateInstall configuration service pro
> **Note** An alert is sent after the SCEP certificate is installed.
-
-**ClientCertificateInstall/SCEP/****_UniqueID_**
+
+**ClientCertificateInstall/SCEP/***UniqueID*
A unique ID to differentiate different certificate installation requests.
@@ -150,7 +152,7 @@ The following image shows the ClientCertificateInstall configuration service pro
> **Note** Although the child nodes under Install support Replace commands, once the Exec command is sent to the device, the device will take the values that are set when the Exec command is accepted. The server should not expect the node value change after Exec command is accepted, as it will impact the current enrollment underway. The server should check the Status node value and make sure the device is not at an unknown state before changing child node values.
-
+
**ClientCertificateInstall/SCEP/*UniqueID*/Install/ServerURL**
Required for SCEP certificate enrollment. Specifies the certificate enrollment server. Multiple server URLs can be listed, separated by semicolons.
@@ -166,7 +168,7 @@ The following image shows the ClientCertificateInstall configuration service pro
Supported operations are Add, Get, Delete, and Replace.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping**
-
Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus **+**. For example, *OID1*+*OID2*+*OID3*.
+
Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus +. For example, OID1+OID2+OID3.
Data type is string.
Required for enrollment. Specifies the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have the second (0x20), fourth (0x80) or both bits set. If the value doesn’t have those bits set, the configuration will fail.
@@ -187,7 +189,7 @@ Data type is string.
> **Note** Even if the private key is protected by TPM, it is not protected with a TPM PIN.
-
+
The data type is an integer corresponding to one of the following values:
| Value | Description |
@@ -197,7 +199,7 @@ Data type is string.
| 3 | (Default) Private key saved in software KSP. |
| 4 | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specifed, otherwise enrollment will fail. |
-
+
Supported operations are Add, Get, Delete, and Replace.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage**
@@ -234,7 +236,7 @@ Data type is string.
> **Note** This name is typically ignored by the SCEP server; therefore the MDM server typically doesn’t need to provide it.
-
+
Data type is string.
Supported operations are Add, Get, Delete, and Replace.
@@ -251,7 +253,7 @@ Data type is string.
Supported operations are Add, Get, Delete, and Replace.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm**
-
Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with **+**.
+
Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with +.
For Windows Hello for Business, only SHA256 is the supported algorithm.
@@ -269,7 +271,7 @@ Data type is string.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. Refer to the name type definitions in MSDN for more information.
-
Each pair is separated by semicolon. For example, multiple SANs are presented in the format of *\[name format1\]*+*\[actual name1\]*;*\[name format 2\]*+*\[actual name2\]*.
+
Each pair is separated by semicolon. For example, multiple SANs are presented in the format of [name format1]+[actual name1];[name format 2]+[actual name2].
Data type is string.
@@ -288,7 +290,7 @@ Data type is string.
> **Note** The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
-
+
Supported operations are Add, Get, Delete, and Replace.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits**
@@ -298,7 +300,7 @@ Data type is string.
>**Note** The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
-
+
Supported operations are Add, Get, Delete, and Replace.
**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName**
@@ -352,7 +354,7 @@ Data type is string.
| 16 | Action failed |
| 32 | Unknown |
-
+
**ClientCertificateInstall/SCEP/*UniqueID*/ErrorCode**
Optional. An integer value that indicates the HRESULT of the last enrollment error code.
@@ -370,7 +372,7 @@ Data type is string.
Enroll a client certificate through SCEP.
-``` syntax
+```xml
@@ -569,7 +571,7 @@ Enroll a client certificate through SCEP.
Add a PFX certificate. The PFX certificate password is encrypted with a custom certificate fro "My" store.
-``` syntax
+```xml
@@ -666,9 +668,9 @@ Add a PFX certificate. The PFX certificate password is encrypted with a custom c
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index b5ef7a8349..8601f82b20 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -2,11 +2,13 @@
title: ClientCertificateInstall DDF file
description: ClientCertificateInstall DDF file
ms.assetid: 7F65D045-A750-4CDE-A1CE-7D152AA060CA
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index adffb8bef0..567dfd207e 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -2,11 +2,13 @@
title: CM\_CellularEntries CSP
description: CM\_CellularEntries CSP
ms.assetid: f8dac9ef-b709-4b76-b6f5-34c2e6a3c847
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 08/02/2017
---
@@ -20,24 +22,24 @@ The following diagram shows the CM\_CellularEntries configuration service provid
-**_entryname_**
+***entryname***
Defines the name of the connection.
-
The [CMPolicy configuration service provider](cmpolicy-csp.md) uses the value of *entryname* to identify the connection that is associated with a policy and [CM\_ProxyEntries configuration service provider](cm-proxyentries-csp.md) uses the value of *entryname* to identify the connection that is associated with a proxy.
Type: Int. Specifies if the Connection Manager will automatically attempt to connect to the APN when a connection is available.
-
A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS.
+
A value of "0" specifies that AlwaysOn is not supported, and the Connection Manager will only attempt to connect to the APN when an application requests the connection. This setting is recommended for applications that use a connection occasionally, for example, an APN that only controls MMS.
-
A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs.
+
A value of "1" specifies that AlwaysOn is supported, and the Connection Manager will automatically attempt to connect to the APN when it is available. This setting is recommended for general purpose Internet APNs.
There must be at least one AlwaysOn Internet connection provisioned for the mobile operator.
**AuthType**
Optional. Type: String. Specifies the method of authentication used for a connection.
-
A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
+
A value of "CHAP" specifies the Challenge Handshake Application Protocol. A value of "PAP" specifies the Password Authentication Protocol. A value of "None" specifies that the UserName and Password parameters are ignored. The default value is "None".
**ConnectionType**
Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available:
@@ -75,48 +77,48 @@ The following diagram shows the CM\_CellularEntries configuration service provid
-
+
**Desc.langid**
Optional. Specifies the UI display string used by the defined language ID.
-
A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as `Desc.0409` with a value of `"GPRS Connection"` will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no **Desc** parameter is provisioned for a given language, the system will default to the name used to create the entry.
+
A parameter name in the format of Desc.langid will be used as the language-specific identifier for the specified entry. For example, a parameter defined as Desc.0409 with a value of "GPRS Connection" will force "GPRS Connection" to be displayed in the UI to represent this connection when the device is set to English language (language ID 0409). Descriptions for multiple languages may be provisioned using this mechanism, and the system will automatically switch among them if the user changes language preferences on the device. If no Desc parameter is provisioned for a given language, the system will default to the name used to create the entry.
**Enabled**
Specifies if the connection is enabled.
-
A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
+
A value of "0" specifies that the connection is disabled. A value of "1" specifies that the connection is enabled.
**IpHeaderCompression**
Optional. Specifies if IP header compression is enabled.
-
A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
+
A value of "0" specifies that IP header compression for the connection is disabled. A value of "1" specifies that IP header compression for the connection is enabled.
**Password**
-
Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
+
Required if AuthType is set to a value other than "None". Specifies the password used to connect to the APN.
**SwCompression**
Optional. Specifies if software compression is enabled.
-
A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
+
A value of "0" specifies that software compression for the connection is disabled. A value of "1" specifies that software compression for the connection is enabled.
**UserName**
-
Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
+
Required if AuthType is set to a value other than "None". Specifies the user name used to connect to the APN.
**UseRequiresMappingsPolicy**
Optional. Specifies if the connection requires a corresponding mappings policy.
-
A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
+
A value of "0" specifies that the connection can be used for any general Internet communications. A value of "1" specifies that the connection is only used if a mapping policy is present.
-
For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic.
+
For example, if the multimedia messaging service (MMS) APN should not have any other traffic except MMS, you can configure a mapping policy that sends MMS traffic to this connection. Then, you set the value of UseRequiresMappingsPolicy to be equal to "1" and Connection Manager will only use the connection for MMS traffic. Without this, Connection Manager will try to use the connection for any general purpose Internet traffic.
**Version**
-
Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
+
Type: Int. Specifies the XML version number and is used to verify that the XML is supported by Connection Manager's configuration service provider.
-
This value must be "1" if included.
+
This value must be "1" if included.
**GPRSInfoAccessPointName**
-
Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
+
Specifies the logical name to select the GPRS gateway. For more information about allowable values, see GSM specification 07.07 "10.1.1 Define PDP Context +CGDCONT".
**Roaming**
Optional. Type: Int. This parameter specifies the roaming conditions under which the connection should be activated. The following conditions are available:
@@ -132,22 +134,22 @@ The following diagram shows the CM\_CellularEntries configuration service provid
Optional. Type: GUID. Specifies a GUID to use to identify a specific connection in the modem. If a value is not specified, the default value is 00000000-0000-0000-0000-000000000000. This parameter is only used on LTE devices.
**ApnId**
-
Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices.
+
Optional. Type: Int. Specifies the purpose of the APN. If a value is not specified, the default value is "0" (none). This parameter is only used on LTE devices.
**IPType**
-
Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4".
+
Optional. Type: String. Specifies the network protocol of the connection. Available values are "IPv4", "IPv6", "IPv4v6", and "IPv4v6xlat". If a value is not specified, the default value is "IPv4".
-> [!Warning]
+> [!WARNING]
> Do not use IPv6 or IPv4v6xlat on a device or network that does not support IPv6. Data functionality will not work. In addition, the device will not be able to connect to a roaming network that does not support IPv6 unless you configure roaming connections with an IPType of IPv4v6.
-
+
**ExemptFromDisablePolicy**
-
Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt).
+
Added back in Windows 10, version 1511. Optional. Type: Int. This should only be specified for special purpose connections whose applications directly manage their disable state (such as MMS). A value of "0" specifies that the connection is subject to the disable policy used by general purpose connections (not exempt). A value of "1" specifies that the connection is exempt. If a value is not specified, the default value is "0" (not exempt).
-
To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed.
+
To allow MMS when data is set to OFF, set both ExemptFromDisablePolicy and UseRequiresMappingsPolicy to "1". This indicates that the connection is a dedicated MMS connection and that it should not be disabled when all other connections are disabled. As a result, MMS can be sent and received when data is set to OFF. Note that sending MMS while roaming is still not allowed.
-> [!Important]
+> [!IMPORTANT]
> Do not set ExemptFromDisablePolicy to "1", ExemptFromRoaming to "1", or UseRequiresMappingsPolicy to "1" for general purpose connections.
To avoid UX inconsistency with certain value combinations of ExemptFromDisablePolicy and AllowMmsIfDataIsOff, when you do not set ExemptFromDisablePolicy to 1 (default is 0), you should:
@@ -155,26 +157,25 @@ The following diagram shows the CM\_CellularEntries configuration service provid
- Hide the toggle for AllowMmsIfDataIsOff by setting AllowMmsIfDataIsOffEnabled to 0 (default is 1)
- Set AllowMMSIfDataIsOff to 1 (default is 0)
-
+
**ExemptFromRoaming**
-
Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt).
+
Added back in Windows 10, version 1511. Optional. Type: Int. This should be specified only for special purpose connections whose applications directly manage their roaming state. It should never be used with general purpose connections. A value of "0" specifies that the connection is subject to the roaming policy (not exempt). A value of "1" specifies that the connection is exempt (unaffected by the roaming policy). If a value is not specified, the default value is "0" (not exempt).
**TetheringNAI**
-
Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0".
+
Optional. Type: Int. CDMA only. Specifies if the connection is a tethering connection. A value of "0" specifies that the connection is not a tethering connection. A value of "1" specifies that the connection is a tethering connection. If a value is not specified, the default value is "0".
**IdleDisconnectTimeout**
Optional. Type: Int. Specifies how long an on-demand connection can be unused before Connection Manager tears the connection down. This value is specified in seconds. Valid value range is 5 to 60 seconds. If not specified, the default is 30 seconds.
-> [!Important]
-
You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used.
+> [!IMPORTANT]
+>
You must specify the IdleDisconnectTimeout value when updating an on-demand connection to ensure that the desired value is still configured. If it is not specified, the default value of 30 seconds may be used.
-
-> [!Note]
+> [!NOTE]
> If tear-down/activation requests occur too frequently, this value should be set to greater than 5 seconds.
-
+
**SimIccId**
For single SIM phones, this parm is optional. However, it is highly recommended to include this value when creating future updates. For dual SIM phones, this parm is required. Type: String. Specifies the SIM ICCID that services the connection.
@@ -183,6 +184,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
Required. Type: String. Specifies the purposes of the connection by a comma-separated list of GUIDs representing purpose values. The following purpose values are available:
- Internet - 3E5545D2-1137-4DC8-A198-33F1C657515F
+- LTE attach - 11A6FE68-5B47-4859-9CB6-1EAC96A8F0BD
- MMS - 53E2C5D3-D13C-4068-AA38-9C48FF2E55A8
- IMS - 474D66ED-0E4B-476B-A455-19BB1239ED13
- SUPL - 6D42669F-52A9-408E-9493-1071DCC437BD
@@ -196,7 +198,7 @@ The following diagram shows the CM\_CellularEntries configuration service provid
To delete a connection, you must first delete any associated proxies and then delete the connection. The following example shows how to delete the proxy and then the connection.
-``` syntax
+```xml
@@ -212,7 +214,7 @@ To delete a connection, you must first delete any associated proxies and then de
Configuring a GPRS connection:
-``` syntax
+```xml
@@ -229,7 +231,7 @@ Configuring a GPRS connection:
Configuring an LTE connection:
-``` syntax
+```xml
@@ -248,7 +250,7 @@ Configuring an LTE connection:
Configuring a CDMA connection:
-``` syntax
+```xml
@@ -297,16 +299,16 @@ The following table shows the Microsoft custom elements that this configuration
-
+
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/cm-proxyentries-csp.md b/windows/client-management/mdm/cm-proxyentries-csp.md
index 50b393f039..301c28ea8e 100644
--- a/windows/client-management/mdm/cm-proxyentries-csp.md
+++ b/windows/client-management/mdm/cm-proxyentries-csp.md
@@ -2,11 +2,13 @@
title: CM\_ProxyEntries CSP
description: CM\_ProxyEntries CSP
ms.assetid: f4c3dc71-c85a-4c68-9ce9-19f408ff7a0a
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -16,12 +18,12 @@ ms.date: 06/26/2017
The CM\_ProxyEntries configuration service provider is used to configure proxy connections on the mobile device.
> **Note** CM\_ProxyEntries CSP is only supported in Windows 10 Mobile.
-
-
-
+>
+>
+>
> **Note** This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-
+
The following diagram shows the CM\_ProxyEntries configuration service provider management object in tree format as used by Open Mobile Alliance Client Provisioning (OMA CP) and OMA Device Management(OMA DM). Support for OMA DM was added in Windows 10, version 1607.
@@ -88,7 +90,7 @@ Specifies the username used to connect to the proxy.
To delete both a proxy and its associated connection, you must delete the proxy first, and then delete the connection. The following example shows how to delete the proxy and then the connection.
-``` syntax
+```xml
@@ -133,16 +135,16 @@ The following table shows the Microsoft custom elements that this configuration
-
+
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 6b1ae02496..1dfca8abb1 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -2,11 +2,13 @@
title: CMPolicy CSP
description: CMPolicy CSP
ms.assetid: 62623915-9747-4eb1-8027-449827b85e6b
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -18,7 +20,7 @@ The CMPolicy configuration service provider defines rules that the Connection Ma
> **Note**
This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-
+
Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicy configuration service provider can have multiple policies
@@ -61,7 +63,7 @@ Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
-**Conn****_XXX_**
+**Conn***XXX*
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
**ConnectionID**
@@ -110,7 +112,7 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th
-
+
For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available:
@@ -185,7 +187,7 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ
-
+
For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available:
@@ -220,7 +222,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type.
-
+
**Type**
Specifies the type of connection being referenced. The following list describes the available connection types:
@@ -238,7 +240,7 @@ Specifies the type of connection being referenced. The following list describes
Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
-``` syntax
+```xml
@@ -283,7 +285,7 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
-``` syntax
+```xml
@@ -332,7 +334,7 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
Adding an application-based mapping policy:
-``` syntax
+```xml
@@ -399,7 +401,7 @@ Adding an application-based mapping policy:
Adding a host-based mapping policy:
-``` syntax
+```xml
@@ -496,16 +498,16 @@ Adding a host-based mapping policy:
-
+
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 46f6724edb..08d0040594 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -2,11 +2,13 @@
title: CMPolicyEnterprise CSP
description: CMPolicyEnterprise CSP
ms.assetid: A0BE3458-ABED-4F80-B467-F842157B94BF
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -18,7 +20,7 @@ The CMPolicyEnterprise configuration service provider is used by the enterprise
> **Note**
This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application.
-
+
Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies
@@ -61,7 +63,7 @@ Specifies whether the list of connections is in preference order.
A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
-**Conn****_XXX_**
+**Conn***XXX*
Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
**ConnectionID**
@@ -110,7 +112,7 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th
-
+
For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available:
@@ -185,7 +187,7 @@ For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network typ
-
+
For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available:
@@ -220,7 +222,7 @@ For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type.
-
+
**Type**
Specifies the type of connection being referenced. The following list describes the available connection types:
@@ -238,7 +240,7 @@ Specifies the type of connection being referenced. The following list describes
Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
-``` syntax
+```xml
@@ -283,7 +285,7 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
-``` syntax
+```xml
@@ -332,7 +334,7 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
Adding an application-based mapping policy:
-``` syntax
+```xml
@@ -399,7 +401,7 @@ Adding an application-based mapping policy:
Adding a host-based mapping policy:
-``` syntax
+```xml
@@ -496,16 +498,16 @@ Adding a host-based mapping policy:
-
+
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 8082e19a7b..1eb4a02627 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -2,11 +2,13 @@
title: CMPolicyEnterprise DDF file
description: CMPolicyEnterprise DDF file
ms.assetid: 065EF07A-0CF3-4EE5-B620-3464A75B7EED
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
[!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot.
-For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224). For CSP DDF files, see [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+For information about the bridge WMI provider classes that map to these CSPs, see [MDM Bridge WMI Provider](https://msdn.microsoft.com/library/windows/desktop/dn905224). For CSP DDF files, see [CSP DDF files download](#csp-ddf-files-download).
Additional lists:
-- [List of CSPs supported in Windows Holographic](#hololens)
-- [List of CSPs supported in Microsoft Surface Hub ](#surfacehubcspsupport)
+- [List of CSPs supported in HoloLens devices](#hololens)
+- [List of CSPs supported in Microsoft Surface Hub](#surfacehubcspsupport)
- [List of CSPs supported in Windows 10 IoT Core](#iotcoresupport)
-The following tables show the configuration service providers support in Windows 10.
-Footnotes:
-- 1 - Added in Windows 10, version 1607
-- 2 - Added in Windows 10, version 1703
-- 3 - Added in Windows 10, version 1709
-- 4 - Added in Windows 10, version 1803
-- 5 - Added in Windows 10, version 1809
-
@@ -176,6 +172,34 @@ Footnotes:
+
+[ApplicationControl CSP](applicationcontrol-csp.md)
+
+
+
+
+
+
+
[EnterpriseAPN CSP](enterpriseapn-csp.md)
@@ -2500,8 +2552,6 @@ Footnotes:
-
-
[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)
@@ -2646,63 +2696,53 @@ Footnotes:
-
- Footnotes:
-- 1 - Added in Windows 10, version 1607
-- 2 - Added in Windows 10, version 1703
-- 3 - Added in Windows 10, version 1709
-- 4 - Added in Windows 10, version 1803
-- 5 - Added in Windows 10, version 1809
-
## CSP DDF files download
You can download the DDF files for various CSPs from the links below:
-
+- [Download all the DDF files for Windows 10, version 1903](https://download.microsoft.com/download/6/F/0/6F019079-6EB0-41B5-88E8-D1CE77DBA27B/Windows10_1903_DDF_download.zip)
+- [Download all the DDF files for Windows 10, version 1809](https://download.microsoft.com/download/6/A/7/6A735141-5CFA-4C1B-94F4-B292407AF662/Windows10_1809_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1803](https://download.microsoft.com/download/6/2/7/6276FE19-E3FD-4254-9C16-3C31CAA2DE50/Windows10_1803_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1709](https://download.microsoft.com/download/9/7/C/97C6CF99-F75C-475E-AF18-845F8CECCFA4/Windows10_1709_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1703](https://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1607](https://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
-## CSPs supported in Windows Holographic
+## CSPs supported in HoloLens devices
-The following list shows the configuration service providers supported in Windows Holographic editions.
+The following list shows the CSPs supported in HoloLens devices:
-| Configuration service provider | Windows Holographic edition | Windows Holographic for Business edition |
-|--------|--------|------------|
-| [AccountManagement CSP](accountmanagement-csp.md) |  | 4 |
-| [Accounts CSP](accounts-csp.md) |  | 
-| [AppLocker CSP](applocker-csp.md) |  |  |
-| [AssignedAccess CSP](assignedaccess-csp.md) |  | 4 |
-| [CertificateStore CSP](certificatestore-csp.md) |  | |
-| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) |  |  |
-| [DevDetail CSP](devdetail-csp.md) |  |  |
-| [DeveloperSetup CSP](developersetup-csp.md) |  | 2 (runtime provisioning via provisioning packages only; no MDM support)|
-| [DeviceStatus CSP](devicestatus-csp.md) |  |  |
-| [DevInfo CSP](devinfo-csp.md) |  |  |
-| [DiagnosticLog CSP](diagnosticlog-csp.md) |  |  |
-| [DMAcc CSP](dmacc-csp.md) |  |  |
-| [DMClient CSP](dmclient-csp.md) |  |  |
-| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) |  |  |
-| [NodeCache CSP](nodecache-csp.md) |  |  |
-[PassportForWork CSP](passportforwork-csp.md) |  |  |
-| [Policy CSP](policy-configuration-service-provider.md) |  |  |
-| [RemoteFind CSP](remotefind-csp.md) |  | 4 |
-| [RemoteWipe CSP](remotewipe-csp.md) |  | 4 |
-| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) |  |  |
-| [Update CSP](update-csp.md) |  |  |
-| [VPN2 CSP](vpnv2-csp.md) |  |  |
-| [WiFi CSP](wifi-csp.md) |  |  |
-| [WindowsLicensing CSP](windowslicensing-csp.md) |  |  |
-
- Footnotes:
-- 1 - Added in Windows 10, version 1607
-- 2 - Added in Windows 10, version 1703
-- 3 - Added in Windows 10, version 1709
-- 4 - Added in Windows 10, version 1803
-- 5 - Added in Windows 10, version 1809
+| Configuration service provider | HoloLens (1st gen) Development Edition | HoloLens (1st gen) Commercial Suite | HoloLens 2 |
+|------|--------|--------|--------|
+| [AccountManagement CSP](accountmanagement-csp.md) |  | 4 | 
+| [Accounts CSP](accounts-csp.md) |  |  |  |
+| [ApplicationControl CSP](applicationcontrol-csp.md) |  |  |  |
+| [AppLocker CSP](applocker-csp.md) |  |  |  |
+| [AssignedAccess CSP](assignedaccess-csp.md) |  | 4 |  |
+| [CertificateStore CSP](certificatestore-csp.md) |  | |  |
+| [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) |  |  |  |
+| [DevDetail CSP](devdetail-csp.md) |  |  |  |
+| [DeveloperSetup CSP](developersetup-csp.md) |  | 2 (runtime provisioning via provisioning packages only; no MDM support)|  |
+| [DeviceManageability CSP](devicemanageability-csp.md) |  |  |  |
+| [DeviceStatus CSP](devicestatus-csp.md) |  |  |  |
+| [DevInfo CSP](devinfo-csp.md) |  |  |  |
+| [DiagnosticLog CSP](diagnosticlog-csp.md) |  |  |  |
+| [DMAcc CSP](dmacc-csp.md) |  |  |  |
+| [DMClient CSP](dmclient-csp.md) |  |  |  |
+| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) |  |  |  |
+| [NetworkProxy CSP](networkproxy-csp.md) |  |  |  |
+| [NodeCache CSP](nodecache-csp.md) |  |  |  |
+[PassportForWork CSP](passportforwork-csp.md) |  |  |  |
+| [Policy CSP](policy-configuration-service-provider.md) |  |  |  |
+| [RemoteFind CSP](remotefind-csp.md) |  | 4 |  |
+| [RemoteWipe CSP](remotewipe-csp.md) |  | 4 |  |
+| [RootCATrustedCertificates CSP](rootcacertificates-csp.md) |  |  |  |
+| [Update CSP](update-csp.md) |  |  |  |
+| [VPNv2 CSP](vpnv2-csp.md) |  |  |  |
+| [WiFi CSP](wifi-csp.md) |  |  |  |
+| [WindowsLicensing CSP](windowslicensing-csp.md) |  |  |  |
+
## CSPs supported in Microsoft Surface Hub
- [AccountManagement CSP](accountmanagement-csp.md)
@@ -2750,12 +2790,19 @@ The following list shows the configuration service providers supported in Window
- [Policy CSP](policy-configuration-service-provider.md)
- [Provisioning CSP (Provisioning only)](provisioning-csp.md)
- [Reboot CSP](reboot-csp.md)
-- [RemoteWipe CSP](remotewipe-csp.md) 1
+- [RemoteWipe CSP](remotewipe-csp.md)5
- [RootCATrustedCertificates CSP](rootcacertificates-csp.md)
- [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md)
- [Update CSP](update-csp.md)
- [VPNv2 CSP](vpnv2-csp.md)
- [WiFi CSP](wifi-csp.md)
- Footnotes:
-- 1 - Added in Windows 10, version 1809
+
+
+ Footnotes:
+- 1 - Added in Windows 10, version 1607.
+- 2 - Added in Windows 10, version 1703.
+- 3 - Added in Windows 10, version 1709.
+- 4 - Added in Windows 10, version 1803.
+- 5 - Added in Windows 10, version 1809.
+- 6 - Added in Windows 10, version 1903.
diff --git a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md b/windows/client-management/mdm/create-a-custom-configuration-service-provider.md
deleted file mode 100644
index 8604379b77..0000000000
--- a/windows/client-management/mdm/create-a-custom-configuration-service-provider.md
+++ /dev/null
@@ -1,95 +0,0 @@
----
-title: Create a custom configuration service provider
-description: Create a custom configuration service provider
-ms.assetid: 0cb37f03-5bf2-4451-8276-23f4a1dee33f
-ms.author: maricia
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: MariciaAlforque
-ms.date: 06/26/2017
----
-
-# Create a custom configuration service provider
-
-Mobile device OEMs can create custom configuration service providers to manage their devices. A configuration service provider includes an interface for creating, editing, and deleting nodes, and the nodes themselves. Each node contains data for one registry value and can optionally support get, set, and delete operations.
-
-To design a custom configuration service provider, the OEM must perform the following steps:
-
-1. Establish node semantics
-2. Shape the configuration service provider's subtree
-3. Choose a transactioning scheme for each node
-4. Determine node operations
-
-For more information, see [Designing a custom configuration service provider](design-a-custom-windows-csp.md).
-
-To write a custom configuration service provider, the OEM must implement the following interfaces:
-
-- [IConfigServiceProvider2](iconfigserviceprovider2.md) (one per configuration service provider)
-
-- [ICSPNode](icspnode.md) (one per node)
-
-- [ICSPNodeTransactioning](icspnodetransactioning.md) (optional, for internally transactioned nodes only)
-
-- [ICSPValidate](icspvalidate.md) (optional, for UI only)
-
-This code must be compiled into a single .dll file and added to a package by using the instructions found in "Adding content to a package" in [Creating packages](https://msdn.microsoft.com/library/windows/hardware/dn756642). While writing this code, OEMs can store registry settings and files in the following locations.
-
-
-
-
-
-
-
-
-
File location
-
%DataDrive%\SharedData\OEM\CSP\
-
-
-
Registry location
-
$(HKLM.SOFTWARE)\OEM\CSP\
-
-
-
-
-
-For examples of how to perform common tasks such as adding a node, replacing a node's value, querying a node's value, or enumerating a node's children, see [Samples for writing a custom configuration service provider](samples-for-writing-a-custom-configuration-service-provider.md).
-
-To register the configuration service provider as a COM object, you must add the following registry setting to your package. This step is required. In the following sample, replace *uniqueCSPguid* with a new, unique CLSID generated for this purpose. Replace *dllName* with the name of the .dll file that contains the code for your configuration service provider.
-
-``` syntax
-
-
-
-
-
-```
-
-To register the configuration service provider with ConfigManager2, you must add the following registry setting to your package. This step is required. In the following sample, replace *dllName* with the name of the configuration service provider (the name of the root node). Replace *uniqueCSPguid* with the same *uniqueCSPguid* value as in the preceding example.
-
-``` syntax
-
-
-
-
-
-```
-
-To make the configuration service provider accessible from WAP XML, you must register it with the WAP data processing unit by setting the following registry key in your package. Replace *Name* with the name of the configuration service provider. Leave the GUID value exactly as written here.
-
-``` syntax
-
-
-
-
-
-```
-
-
-
-
-
-
-
-
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 06c4308457..05add93e6a 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -2,11 +2,13 @@
title: CustomDeviceUI CSP
description: CustomDeviceUI CSP
ms.assetid: 20ED1867-7B9E-4455-B397-53B8B15C95A3
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -28,7 +30,7 @@ AppID string value is the default appid/AUMID to launch during startup. The supp
**BackgroundTasksToLaunch**
List of package names of background tasks that need to be launched on device startup. The supported operation is Get.
-**BackgroundTasksToLaunch/****_BackgroundTaskPackageName_**
+**BackgroundTasksToLaunch/***BackgroundTaskPackageName*
Package Full Name of the App that needs be launched in the background. This can contain no entry points, a single entry point, or multiple entry points. The supported operations are Add, Delete, Get, and Replace.
## SyncML examples
@@ -36,7 +38,7 @@ Package Full Name of the App that needs be launched in the background. This can
**Set StartupAppID**
-``` syntax
+```xml
@@ -58,7 +60,7 @@ Package Full Name of the App that needs be launched in the background. This can
**Get all background tasks**
-``` syntax
+```xml
@@ -76,7 +78,7 @@ Package Full Name of the App that needs be launched in the background. This can
**Add background task**
-``` syntax
+```xml
@@ -96,9 +98,9 @@ Package Full Name of the App that needs be launched in the background. This can
```
-
+
-
+
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index d862212b6c..12b590ef8c 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -2,11 +2,13 @@
title: CustomDeviceUI DDF
description: CustomDeviceUI DDF
ms.assetid: E6D6B902-C57C-48A6-9654-CCBA3898455E
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
-
+
## BulkSeatOperationResultSet
@@ -98,16 +100,16 @@ Specifies the properties of the alternate identifier.
@@ -139,7 +141,7 @@ Specifies the properties of the alternate identifier.
-
+
## FrameworkPackageDetails
@@ -170,7 +172,7 @@ Specifies the properties of the alternate identifier.
@@ -211,7 +213,7 @@ Specifies the properties of the alternate identifier.
-
+
## InventoryDistributionPolicy
@@ -239,7 +241,7 @@ Specifies the properties of the alternate identifier.
-
+
## InventoryEntryDetails
@@ -260,7 +262,7 @@ Specifies the properties of the alternate identifier.
-
+
## InventoryStatus
@@ -356,7 +358,7 @@ Specifies the properties of the alternate identifier.
-
+
## LicenseType
@@ -384,7 +386,7 @@ Specifies the properties of the alternate identifier.
-
+
## LocalizedProductDetail
@@ -422,18 +424,18 @@ Specifies the properties of the localized product.
@@ -508,7 +510,7 @@ Specifies the properties of the localized product.
-
+
## PackageLocation
@@ -535,7 +537,7 @@ Specifies the properties of the localized product.
-
+
## ProductArchitectures
@@ -565,7 +567,7 @@ Specifies the properties of the localized product.
-
+
## ProductDetails
@@ -586,7 +588,7 @@ Specifies the properties of the localized product.
-
+
## ProductImage
@@ -656,7 +658,7 @@ Specifies the properties of the product image.
purpose
string
-
Tag for the purpose of the image, e.g. "screenshot" or "logo".
+
Tag for the purpose of the image, e.g. "screenshot" or "logo".
height
@@ -676,12 +678,12 @@ Specifies the properties of the product image.
backgroundColor
string
-
Format "#RRGGBB"
+
Format "#RRGGBB"
foregroundColor
string
-
Format "#RRGGBB"
+
Format "#RRGGBB"
fileSize
@@ -691,7 +693,7 @@ Specifies the properties of the product image.
-
+
## ProductKey
@@ -725,7 +727,7 @@ Specifies the properties of the product key.
-
+
## ProductPackageDetails
@@ -746,7 +748,7 @@ Specifies the properties of the product key.
frameworkDependencyPackages
-
collection of [FrameworkPackageDetails](#frameworkpackagedetails)
@@ -802,7 +804,7 @@ Specifies the properties of the product key.
-
+
## ProductPackageFormat
@@ -829,7 +831,7 @@ Specifies the properties of the product key.
-
+
## ProductPackageSet
@@ -855,13 +857,13 @@ Specifies the properties of the product key.
productPackages
-
collection of [ProductPackageDetails](#productpackagedetails)
-
+
## PublisherDetails
@@ -927,7 +929,7 @@ Specifies the properties of the publisher details.
-
+
## SeatAction
@@ -951,7 +953,7 @@ Specifies the properties of the publisher details.
-
+
## SeatDetails
@@ -982,18 +984,18 @@ Specifies the properties of the publisher details.
@@ -1021,7 +1023,7 @@ Specifies the properties of the publisher details.
-
+
## SeatState
@@ -1045,7 +1047,7 @@ Specifies the properties of the publisher details.
-
+
## SupportedProductPlatform
@@ -1068,20 +1070,20 @@ Specifies the properties of the publisher details.
-
+
## VersionInfo
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 9782ed9ad1..746d5b282e 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2,12 +2,15 @@
title: Defender CSP
description: Defender CSP
ms.assetid: 481AA74F-08B2-4A32-B95D-5A3FD05B335C
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
-ms.date: 07/19/2018
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/21/2019
---
# Defender CSP
@@ -26,7 +29,7 @@ An interior node to group all threats detected by Windows Defender.
Supported operation is Get.
-**Detections/****_ThreatId_**
+**Detections/***ThreatId*
The ID of a threat that has been detected by Windows Defender.
Supported operation is Get.
@@ -120,7 +123,7 @@ The following table describes the supported values:
| 50 | Ransomware |
| 51 | ASR Rule |
-
+
Supported operation is Get.
@@ -136,7 +139,7 @@ The following list shows the supported values:
- 2 = Manual steps required
- 3 = Full scan required
- 4 = Reboot required
-- 5 = Remediated with non critical failures
+- 5 = Remediated with noncritical failures
- 6 = Quarantined
- 7 = Removed
- 8 = Cleaned
@@ -213,7 +216,7 @@ Supported product status values:
Example:
-``` syntax
+```xml
@@ -222,7 +225,7 @@ Example:
./Vendor/MSFT/Defender/Health/ProductStatus
-
+
@@ -241,7 +244,7 @@ The following list shows the supported values:
- 2 = Pending reboot
- 4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan)
- 8 = Pending offline scan
-- 16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
+- 16 = Pending critical failure (Windows Defender has failed critically and an Administrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
Supported operation is Get.
@@ -350,6 +353,53 @@ The data type is a string.
Supported operation is Get.
+**Health/TamperProtectionEnabled**
+Indicates whether the Windows Defender tamper protection feature is enabled.
+
+The data type is a boolean.
+
+Supported operation is Get.
+
+**Health/IsVirtualMachine**
+Indicates whether the device is a virtual machine.
+
+The data type is a string.
+
+Supported operation is Get.
+
+**Configuration**
+An interior node to group Windows Defender configuration information.
+
+Supported operation is Get.
+
+**Configuration/TamperProtection**
+Tamper protection helps protect important security features from unwanted changes and interference. This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
+
+Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
+
+The data type is a Signed blob.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Intune tamper protection setting UX supports three states:
+- Not configured (default): Does not have any impact on the default state of the device.
+- Enabled: Enables the tamper protection feature.
+- Disabled: Turns off the tamper protection feature.
+
+When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+
+**Configuration/EnableFileHashComputation**
+Enables or disables file hash computation feature.
+When this feature is enabled Windows defender will compute hashes for files it scans.
+
+The data type is a integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:
+- 1 – Enable.
+- 0 (default) – Disable.
+
**Scan**
Node that can be used to start a Windows Defender scan on a device.
@@ -372,5 +422,4 @@ Supported operations are Get and Execute.
## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
-
+[Configuration service provider reference](configuration-service-provider-reference.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 7d4f147be9..e5c1dcd59e 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -2,12 +2,15 @@
title: Defender DDF file
description: Defender DDF file
ms.assetid: 39B9E6CF-4857-4199-B3C3-EC740A439F65
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
-ms.date: 07/12/2018
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/21/2019
---
# Defender DDF file
@@ -17,9 +20,9 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
-The XML below is for Windows 10, version 1809.
+The XML below is the current version for this CSP.
-``` syntax
+```xml
+
+ TamperProtectionEnabled
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ IsVirtualMachine
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ Configuration
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ TamperProtection
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ EnableFileHashComputation
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ Scan
@@ -697,4 +806,4 @@ The XML below is for Windows 10, version 1809.
## Related topics
-[Defender configuration service provider](defender-csp.md)
\ No newline at end of file
+[Defender configuration service provider](defender-csp.md)
diff --git a/windows/client-management/mdm/design-a-custom-windows-csp.md b/windows/client-management/mdm/design-a-custom-windows-csp.md
deleted file mode 100644
index 66df907c0c..0000000000
--- a/windows/client-management/mdm/design-a-custom-windows-csp.md
+++ /dev/null
@@ -1,167 +0,0 @@
----
-title: Design a custom configuration service provider
-description: Design a custom configuration service provider
-MS-HAID:
-- 'p\_phDeviceMgmt.designing\_a\_custom\_configuration\_service\_provider'
-- 'p\_phDeviceMgmt.design\_a\_custom\_windows\_csp'
-ms.assetid: 0fff9516-a71a-4036-a57b-503ef1a81a37
-ms.author: maricia
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: MariciaAlforque
-ms.date: 06/26/2017
----
-
-# Design a custom configuration service provider
-
-To design a custom configuration service provider, the OEM must perform the following steps:
-
-1. Establish node semantics
-2. Shape the configuration service provider's subtree
-3. Choose a transactioning scheme for each node
-4. Determine node operations
-
-For more information about the larger process of writing a new configuration service provider, see [Create a custom configuration service provider](create-a-custom-configuration-service-provider.md).
-
-## Establish node semantics
-
-First, determine the nodes you need based on the kind of data to be stored in the registry.
-
-Nodes can represent anything from abstract concepts or collections (such as email accounts or connection settings) to more concrete objects (such as registry keys and values, directories, and files).
-
-### Example
-
-For example, a hypothetical Email configuration service provider might have these nodes:
-
-- Account: The name of the email account (such as "Hotmail")
-
-- Username: The user name or email address ("exampleAccount@hotmail.com")
-
-- Password: The user's password
-
-- Server: The DNS address of the server ("mail-serv1-example.mail.hotmail.com")
-
-The `Account`, `Username`, and `Server` nodes would hold text-based information about the email account, the user's email address, and the server address associated with that account. The `Password` node, however, might hold a binary hash of the user's password.
-
-## Shape the configuration service provider's subtree
-
-After determining what the nodes represent, decide where each node fits in the settings hierarchy.
-
-The root node of a configuration service provider's subtree must be the name of the configuration service provider. In this example, the root node is `Email`.
-
-All of the nodes defined in the previous step must reside under the configuration service provider's root node. Leaf nodes should be used to store data, and interior nodes should be used to group the data into logical collections. Node URIs must be unique. In other words, no two nodes can have both the same parent and the same name.
-
-There are three typical scenarios for grouping and structuring the nodes:
-
-- If all of the data belongs to the same component and no further categorizing or grouping is required, you can build a flat tree in which all values are stored directly under the root node. For examples of this design, see [DevInfo configuration service provider](devinfo-csp.md), [HotSpot configuration service provider](hotspot-csp.md), and [w4 APPLICATION configuration service provider](w4-application-csp.md).
-
-- If the configuration service provider's nodes represent a preexisting set of entities whose structure is well-defined (such as directories and files), the configuration service provider's nodes can simply mirror the existing structure.
-
-- If the data must be grouped by type or component, a more complex structure is required. This is especially true when there can be multiple instances of the dataset on the device, and each set is indexed by an ID, account name, or account type. In this case, you must build a more complex tree structure. For examples, see [ActiveSync configuration service provider](activesync-csp.md), [CertificateStore configuration service provider](certificatestore-csp.md), and [CMPolicy configuration service provider](cmpolicy-csp.md).
-
-### Example
-
-The following image shows an incorrect way to structure the hypothetical `Email` configuration service provider. The interior `Account` nodes group the account data (server name, user name, and user password).
-
-
-
-However, the account nodes in this design are not unique. Even though the nodes are grouped sensibly, the path for each of the leaf nodes is ambiguous. There is no way to disambiguate the two `Username` nodes, for example, or to reliably access the same node by using the same path. This structure will not work. The easiest solution to this problem is usually to replace an interior node (the grouping node) by:
-
-1. Promoting a child node.
-
-2. Using the node value as the name of the new interior node.
-
-The following design conveys the same amount of information as the first design, but all nodes have a unique path, and therefore it will work.
-
-
-
-In this case, the `Server` nodes have been promoted up one level to replace the `Account` nodes, and their values are now used as the node names. For example, you could have two different email accounts on the phone, with server names "www.hotmail.com" and "exchange.microsoft.com", each of which stores a user name and a password.
-
-Note that the process of shaping the configuration service provider’s subtree influences the choice of transactioning schemes for each node. If possible, peer nodes should not have dependencies on each other. Internode dependencies other than parent/child relationships create mandatory groups of settings, which makes configuration service provider development more difficult.
-
-## Choose a transactioning scheme for each node
-
-For each node, decide whether to use *external transactioning* or *internal transactioning* to manage the transaction phases (rollback persistence, rollback, and commitment) for the node.
-
-External transactioning is the simplest option because it allows ConfigManager2 to automatically handle the node's transactioning.
-
-However, you must use internal transactioning for the following types of nodes:
-
-- A node that supports the **Execute** method.
-
-- A node that contains sensitive information (such as a password) that must not be saved in plain text in the ConfigManager2 rollback document.
-
-- A node that has a dependency on another node that is not a parent. For example, if a parent node has two children that are both required, the configuration service provider could use internal transactioning to defer provisioning the account until both values are set.
-
-You can choose to mix transactioning modes in your configuration service provider, using internal transactioning for some operations but external transactioning for others. For more information about writing an internally transactioned node, see the [ICSPNodeTransactioning](icspnodetransactioning.md) interface.
-
-## Determine node operations
-
-The operations available for each node can vary depending on the purpose of the configuration service provider. The configuration service provider will be easier to use if the operations are consistent. For more information about the supported operations, see the [ICSPNode](icspnode.md) interface.
-
-For externally transactioned nodes, an operation implementation must include the contrary operations shown in the following table to allow rollback of the operation.
-
-For internally transactioned nodes, the practice of implementing the contrary commands for each command is recommended, but not required.
-
-
-
-
-
-
-
-
-
Node operation
-
Contrary node operation
-
-
-
-
-
Add
-
Clear and DeleteChild
-
-
-
Copy
-
To copy to a new node: Clear and DeleteChild
-
To copy to an existing node: Add and SetValue
-
-
-
Clear
-
To restore the state of the deleted node: SetValue and SetProperty
-
-
-
DeleteChild
-
To restore the old node: Add
-
-
-
DeleteProperty
-
To restore the deleted property: SetProperty
-
-
-
Execute
-
Externally transactioned nodes do not support the Execute command.
-
-
-
GetValue
-
None
-
-
-
Move
-
To restore a source node: Move
-
To restore an overwritten target node: Add and SetValue
Required. Returns the firmware version, as defined in the registry key HKEY\_LOCAL\_MACHINE\\System\\Platform\\DeviceTargetingInfo\\PhoneFirmwareRevision.
+
Required. Returns the firmware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneFirmwareRevision.
-
For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\BIOSVersion.
+
For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
Supported operation is Get.
@@ -49,9 +51,9 @@ The following diagram shows the DevDetail configuration service provider managem
Supported operation is Get.
**HwV**
-
Required. Returns the hardware version, as defined in the registry key HKEY\_LOCAL\_MACHINE\\System\\Platform\\DeviceTargetingInfo\\PhoneRadioHardwareRevision.
+
Required. Returns the hardware version, as defined in the registry key HKEY_LOCAL_MACHINE\System\Platform\DeviceTargetingInfo\PhoneRadioHardwareRevision.
-
For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY\_LOCAL\_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\BIOSVersion.
+
For Windows 10 for desktop editions, it returns the BIOS version as defined in the registry key HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion.
Supported operation is Get.
@@ -94,12 +96,12 @@ The following diagram shows the DevDetail configuration service provider managem
Supported operation is Get.
**Ext/Microsoft/OSPlatform**
-
Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName.
+
Required. Returns the OS platform of the device. For Windows 10 for desktop editions, it returns the ProductName as defined in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName.
Supported operation is Get.
**Ext/Microsoft/ProcessorType**
-
Required. Returns the processor type of the device as documented in SYSTEM\_INFO.
+
Required. Returns the processor type of the device as documented in SYSTEM_INFO.
Supported operation is Get.
@@ -109,7 +111,7 @@ The following diagram shows the DevDetail configuration service provider managem
Supported operation is Get.
**Ext/Microsoft/Resolution**
-
Required. Returns the UI screen resolution of the device (example: "480x800").
+
Required. Returns the UI screen resolution of the device (example: "480x800").
Supported operation is Get.
@@ -119,7 +121,7 @@ The following diagram shows the DevDetail configuration service provider managem
Supported operation is Get.
**Ext/Microsoft/ProcessorArchitecture**
-
Required. Returns the processor architecture of the device as "arm" or "x86".
+
Required. Returns the processor architecture of the device as "arm" or "x86".
Supported operation is Get.
@@ -186,7 +188,7 @@ Value type is string. Supported operation is Get.
**Ext/DeviceHardwareData**
Added in Windows 10 version 1703. Returns a base64-encoded string of the hardware parameters of a device.
-> [!Note]
+> [!NOTE]
> This node contains a raw blob used to identify a device in the cloud. It's not meant to be human readable by design and you cannot parse the content to get any meaningful hardware information.
Supported operation is Get.
@@ -195,9 +197,9 @@ Value type is string. Supported operation is Get.
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index e84b804e6c..b313ad3605 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -2,11 +2,13 @@
title: DevDetail DDF file
description: DevDetail DDF file
ms.assetid: 645fc2b5-2d2c-43b1-9058-26bedbe9f00d
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 07/11/2018
---
@@ -21,7 +23,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1809.
-``` syntax
+```xml
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 0d91af34b6..40e1d4d82e 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -2,11 +2,13 @@
title: DeveloperSetup CSP
description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
ms.assetid:
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2018
---
@@ -15,7 +17,7 @@ ms.date: 06/26/2018
The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](https://msdn.microsoft.com/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703.
> [!NOTE]
-The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM.
+> The DeveloperSetup configuration service provider (CSP) is only supported in Windows 10 Holographic Enterprise edition and with runtime provisioning via provisioning packages. It is not supported in MDM.
The following diagram shows the DeveloperSetup configuration service provider in tree format.
@@ -59,11 +61,11 @@ The user name must contain only ASCII characters and cannot contain a colon (:).
**DevicePortal/Connection/HttpPort**
An integer value that is used to configure the HTTP port for incoming connections to the Windows Device Portal service.
-If authentication is enabled, **HttpPort** will redirect the user to the (required) **HttpsPort**.
+If authentication is enabled, HttpPort will redirect the user to the (required) HttpsPort.
The only supported operation is Replace.
**DevicePortal/Connection/HttpsPort**
An integer value that is used to configure the HTTPS port for incoming connections to the Windows Device Portal service.
-
The only supported operation is Replace.
\ No newline at end of file
+
The only supported operation is Replace.
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 6ca207820f..21afb0f2a6 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -2,11 +2,13 @@
title: DeveloperSetup DDF file
description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
ms.assetid:
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -18,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
.
+- **KBArticleID** – The KB article number for this update that has details regarding the particular update. For example, .
## Recommended Flow for Using the Server-Server Sync Protocol
@@ -144,7 +146,7 @@ The following diagram shows the Update policies in a tree format.
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+
Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursStart) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
> [!NOTE]
> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** below for more information.
@@ -169,7 +171,7 @@ The following diagram shows the Update policies in a tree format.
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+
Added in Windows 10, version 1607. Allows the IT admin (when used with Update/ActiveHoursEnd) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
> [!NOTE]
> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured. See **Update/ActiveHoursMaxRange** above for more information.
@@ -198,7 +200,7 @@ The following diagram shows the Update policies in a tree format.
> [!IMPORTANT]
> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
-
+
If the policy is not configured, end-users get the default behavior (Auto install and restart).
@@ -288,7 +290,7 @@ The following diagram shows the Update policies in a tree format.
**Update/DeferFeatureUpdatesPeriodInDays**
> [!NOTE]
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
-
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+>
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
@@ -320,9 +322,9 @@ The following diagram shows the Update policies in a tree format.
- Update/RequireDeferUpgrade must be set to 1
- System/AllowTelemetry must be set to 1 or higher
-
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
@@ -389,9 +391,9 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
Supported values are 0-8, which refers to the number of months to defer upgrades.
-
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
**Update/EngagedRestartDeadline**
> [!NOTE]
@@ -494,14 +496,14 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
- 0 (default) – Deferrals are not paused.
- 1 – Deferrals are paused.
-
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
**Update/PauseFeatureUpdates**
> [!NOTE]
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
-
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+>
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
@@ -633,7 +635,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
> [!Important]
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Enterprise.
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enterprise and IoT Enterprise.
Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet.
@@ -646,7 +648,7 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego
Example
-``` syntax
+```xml
$CmdID$
@@ -672,7 +674,7 @@ Example
To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-
Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+
Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
> [!Note]
> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.
@@ -701,11 +703,11 @@ The update approval list enables IT to approve individual updates and update cla
> **Note** For the Windows 10 build, the client may need to reboot after additional updates are added.
-
+
Supported operations are Get and Add.
-**ApprovedUpdates/****_Approved Update Guid_**
+**ApprovedUpdates/***Approved Update Guid*
Specifies the update GUID.
To auto-approve a class of updates, you can specify the [Update Classifications](https://go.microsoft.com/fwlink/p/?LinkId=526723) GUIDs. We strongly recommend to always specify the DefinitionsUpdates classification (E0789628-CE08-4437-BE74-2495B842F43B), which are used for anti-malware signatures. There are released periodically (several times a day). Some businesses may also want to auto-approve security updates to get them deployed quickly.
@@ -728,7 +730,7 @@ Specifies the approved updates that failed to install on a device.
Supported operation is Get.
-**FailedUpdates/****_Failed Update Guid_**
+**FailedUpdates/***Failed Update Guid*
Update identifier field of the UpdateIdentity GUID that represent an update that failed to download or install.
Supported operation is Get.
@@ -748,7 +750,7 @@ The updates that are installed on the device.
Supported operation is Get.
-**InstalledUpdates/****_Installed Update Guid_**
+**InstalledUpdates/***Installed Update Guid*
UpdateIDs that represent the updates installed on a device.
Supported operation is Get.
@@ -758,7 +760,7 @@ The updates that are applicable and not yet installed on the device. This includ
Supported operation is Get.
-**InstallableUpdates/****_Installable Update Guid_**
+**InstallableUpdates/***Installable Update Guid*
Update identifiers that represent the updates applicable and not installed on a device.
Supported operation is Get.
@@ -782,7 +784,7 @@ The updates that require a reboot to complete the update session.
Supported operation is Get.
-**PendingRebootUpdates/****_Pending Reboot Update Guid_**
+**PendingRebootUpdates/***Pending Reboot Update Guid*
Update identifiers for the pending reboot state.
Supported operation is Get.
@@ -883,7 +885,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici
-
+
Here is the list of older policies that are still supported for backward compatibility. You can use these for Windows 10, version 1511 devices.
@@ -902,7 +904,7 @@ For policies supported for Windows Update for Business, when you set policies fo
For policies supported for Windows Update for Business, when you set 1511 policies on a device running 1607, the you will get the expected behavior for 1511 policies.
-
+
## Update management user experience screenshot
@@ -910,14 +912,14 @@ The following screenshots of the administrator console shows the list of update
-
+
## SyncML example
Set auto update to notify and defer.
-``` syntax
+```xml
@@ -966,7 +968,7 @@ The following diagram and screenshots show the process flow of the device update
-
+
diff --git a/windows/client-management/mdm/deviceinstanceservice-csp.md b/windows/client-management/mdm/deviceinstanceservice-csp.md
index 9c8435dbaa..09d6af05e4 100644
--- a/windows/client-management/mdm/deviceinstanceservice-csp.md
+++ b/windows/client-management/mdm/deviceinstanceservice-csp.md
@@ -2,11 +2,13 @@
title: DeviceInstanceService CSP
description: DeviceInstanceService CSP
ms.assetid: f113b6bb-6ce1-45ad-b725-1b6610721e2d
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -20,7 +22,7 @@ Stop using DeviceInstanceService CSP and use the updated [DeviceStatus CSP](devi
The DeviceInstance CSP is only supported in Windows 10 Mobile.
-
+
The following diagram shows the DeviceInstanceService configuration service provider in tree format.
@@ -68,7 +70,7 @@ The parent node to group SIM2 specific information in case of dual SIM mode.
The following sample shows how to query roaming status and phone number on the device.
-``` syntax
+```xml
2
@@ -86,7 +88,7 @@ The following sample shows how to query roaming status and phone number on the d
Response from the phone.
-``` syntax
+```xml
31
@@ -108,9 +110,9 @@ Response from the phone.
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 8d44aca043..246408076e 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -2,11 +2,13 @@
title: DeviceLock CSP
description: DeviceLock CSP
ms.assetid: 9a547efb-738e-4677-95d3-5506d350d8ab
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -124,7 +126,7 @@ Required. This node has the same set of policy nodes as the **ProviderID** node.
Set device lock policies:
-``` syntax
+```xml
13
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 11ec6e0bf0..545ebcdb9b 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -2,11 +2,13 @@
title: DeviceLock DDF file
description: DeviceLock DDF file
ms.assetid: 46a691b9-6350-4987-bfc7-f8b1eece3ad9
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -15,7 +17,7 @@ ms.date: 06/26/2017
This topic shows the OMA DM device description framework (DDF) for the **DeviceLock** configuration service provider. DDF files are used only with OMA DM provisioning XML.
-``` syntax
+```xml
**Note** Multiple SIMs are supported.
-
+
-**DeviceStatus/CellularIdentities/****_IMEI_**
+**DeviceStatus/CellularIdentities/***IMEI*
The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
**DeviceStatus/CellularIdentities/*IMEI*/IMSI**
@@ -74,7 +76,7 @@ Supported operation is Get.
**DeviceStatus/NetworkIdentifiers**
Node for queries on network and device properties.
-**DeviceStatus/NetworkIdentifiers/****_MacAddress_**
+**DeviceStatus/NetworkIdentifiers/***MacAddress*
MAC address of the wireless network card. A MAC address is present for each network card on the device.
**DeviceStatus/NetworkIdentifiers/*MacAddress*/IPAddressV4**
@@ -157,6 +159,12 @@ Valid values:
Supported operation is Get.
+If more than one antivirus provider is active, this node returns:
+- 1 – If every active antivirus provider has a valid signature status.
+- 0 – If any of the active antivirus providers has an invalid signature status.
+
+This node also returns 0 when no antivirus provider is active.
+
**DeviceStatus/Antivirus/Status**
Added in Windows, version 1607. Integer that specifies the status of the antivirus.
@@ -186,6 +194,12 @@ Valid values:
Supported operation is Get.
+If more than one antispyware provider is active, this node returns:
+- 1 – If every active antispyware provider has a valid signature status.
+- 0 – If any of the active antispyware providers has an invalid signature status.
+
+This node also returns 0 when no antispyware provider is active.
+
**DeviceStatus/Antispyware/Status**
Added in Windows, version 1607. Integer that specifies the status of the antispyware.
@@ -263,23 +277,23 @@ Supported operation is Get.
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityHwReq**
Added in Windows, version 1709. Virtualization-based security hardware requirement status. The value is a 256 value bitmask.
-- 0x0: System meets hardware configuration requirements
-- 0x1: SecureBoot required
-- 0x2: DMA Protection required
-- 0x4: HyperV not supported for Guest VM
-- 0x8: HyperV feature is not available
+- 0x0: System meets hardware configuration requirements
+- 0x1: SecureBoot required
+- 0x2: DMA Protection required
+- 0x4: HyperV not supported for Guest VM
+- 0x8: HyperV feature is not available
Supported operation is Get.
**DeviceStatus/DeviceGuard/VirtualizationBasedSecurityStatus**
Added in Windows, version 1709. Virtualization-based security status. Value is one of the following:
-- 0 - Running
-- 1 - Reboot required
-- 2 - 64 bit architecture required
-- 3 - not licensed
-- 4 - not configured
-- 5 - System doesn't meet hardware requirements
-- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
+- 0 - Running
+- 1 - Reboot required
+- 2 - 64 bit architecture required
+- 3 - not licensed
+- 4 - not configured
+- 5 - System doesn't meet hardware requirements
+- 42 – Other. Event logs in Microsoft-Windows-DeviceGuard have more details
Supported operation is Get.
@@ -287,11 +301,11 @@ Supported operation is Get.
**DeviceStatus/DeviceGuard/LsaCfgCredGuardStatus**
Added in Windows, version 1709. Local System Authority (LSA) credential guard status.
-- 0 - Running
-- 1 - Reboot required
-- 2 - Not licensed for Credential Guard
-- 3 - Not configured
-- 4 - VBS not running
+- 0 - Running
+- 1 - Reboot required
+- 2 - Not licensed for Credential Guard
+- 3 - Not configured
+- 4 - VBS not running
Supported operation is Get.
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 8f0e5a3364..fbdf08a6d0 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -2,11 +2,13 @@
title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.assetid: 780DC6B4-48A5-4F74-9F2E-6E0D88902A45
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 03/12/2018
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index bbff58b76c..7252e076c2 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -2,11 +2,13 @@
title: DevInfo CSP
description: DevInfo CSP
ms.assetid: d3eb70db-1ce9-4c72-a13d-651137c1713c
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 8b88fb1918..b81a21b82e 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -2,11 +2,13 @@
title: DevInfo DDF file
description: DevInfo DDF file
ms.assetid: beb07cc6-4133-4c0f-aa05-64db2b4a004f
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
@@ -93,7 +95,7 @@ Example: Enable the Debug channel logging
Example: Export the Debug logs
-``` syntax
+```xml
@@ -112,11 +114,11 @@ Example: Export the Debug logs
## Collect logs from Windows 10 Mobile devices
-Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/en-us/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
+Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
**To collect logs manually**
-1. Download and install the [Field Medic]( http://go.microsoft.com/fwlink/p/?LinkId=718232) app from the store.
+1. Download and install the [Field Medic]( https://go.microsoft.com/fwlink/p/?LinkId=718232) app from the store.
2. Open the Field Medic app and then click on **Advanced**.
@@ -190,7 +192,7 @@ You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is
Add a collector node
-``` syntax
+```xml
@@ -212,7 +214,7 @@ Add a collector node
Add the ETW provider to the trace
-``` syntax
+```xml
@@ -234,7 +236,7 @@ Add the ETW provider to the trace
Start collector trace logging
-``` syntax
+```xml
@@ -257,7 +259,7 @@ Start collector trace logging
Stop collector trace logging
-``` syntax
+```xml
@@ -312,7 +314,7 @@ For best results, ensure that the PC or VM on which you are viewing logs matches
Here's an example of how to collect current MDM device state data using the [DiagnosticLog CSP](diagnosticlog-csp.md), version 1.3, which was added in Windows 10, version 1607. You can collect the file from the device using the same FileDownload node in the CSP as you do for the etl files.
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 4b9157ad49..2e5300fe0d 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -2,27 +2,697 @@
title: DiagnosticLog CSP
description: DiagnosticLog CSP
ms.assetid: F76E0056-3ACD-48B2-BEA1-1048C96571C3
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
-ms.date: 06/26/2017
+author: manikadhiman
+ms.date: 11/19/2019
---
# DiagnosticLog CSP
+The DiagnosticLog configuration service provider (CSP) provides the following feature areas:
+- [DiagnosticArchive area](#diagnosticarchive-area). Capture and upload event logs, log files, and registry values for troubleshooting.
+- [Policy area](#policy-area). Configure Windows event log policies, such as maximum log size.
+- [EtwLog area](#etwlog-area). Control ETW trace sessions.
+- [DeviceStateData area](#devicestatedata-area). Provide additional device information.
+- [FileDownload area](#filedownload-area). Pull trace and state data directly from the device.
+
+The following are the links to different versions of the DiagnosticLog CSP DDF files:
+- [DiagnosticLog CSP version 1.4](diagnosticlog-ddf.md#version-1-4)
+- [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3)
+- [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
-The DiagnosticLog configuration service provider (CSP) is used for generating and collecting diagnostic information from the device: Event Tracing for Windows (ETW) log files and current MDM configured state of the device.
+The following diagram shows the DiagnosticLog CSP in tree format.
+
-DiagnosticLog CSP supports the following type of event tracing:
+**./Vendor/MSFT/DiagnosticLog**
+The root node for the DiagnosticLog CSP.
-- Collector-based tracing
-- Channel-based tracing
+Rest of the nodes in the DiagnosticLog CSP are described within their respective feature area sections.
+
+## DiagnosticArchive area
+
+The DiagnosticArchive functionality within the DiagnosticLog CSP is used to trigger devices to gather troubleshooting data into a zip archive file and upload that archive to cloud storage. DiagnosticArchive is designed for ad-hoc troubleshooting scenarios, such as an IT admin investigating an app installation failure using a collection of event log events, registry values, and app or OS log files.
+
+> [!Note]
+> DiagnosticArchive is a "break glass" backstop option for device troubleshooting. Diagnostic data such as log files can grow to many gigabytes. Gathering, transferring, and storing large amounts of data may burden the user's device, the network and cloud storage. Management servers invoking DiagnosticArchive must take care to minimize data gathering frequency and scope.
+
+The following section describes the nodes for the DiagnosticArchive functionality.
+
+**DiagnosticArchive**
+Added in version 1.4 of the CSP in Windows 10, version 1903. Root node for the DiagnosticArchive functionality.
+
+The supported operation is Get.
+
+**DiagnosticArchive/ArchiveDefinition**
+Added in version 1.4 of the CSP in Windows 10, version 1903.
+
+The supported operations are Add and Execute.
+
+The data type is string.
+
+Expected value:
+Set and Execute are functionality equivalent, and each accepts an XML snippet (as a string) describing what data to gather and where to upload it.
+
+The following is an example of the XML. This example instructs the CSP to gather:
+- All the keys and values under a registry path
+- All the *.etl files in a folder
+- The output of two commands
+- Additional files created by one of the commands
+- All the Application event log events.
+
+The results are zipped and uploaded to the specified SasUrl. The filename format is "DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip".
+
+``` xml
+
+ server generated guid value such as f1e20cb4-9789-4f6b-8f6a-766989764c6d
+ server generated url where the HTTP PUT will be accepted
+ HKLM\Software\Policies
+ %ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl
+ %windir%\system32\ipconfig.exe /all
+ %windir%\system32\mdmdiagnosticstool.exe -out %ProgramData%\temp\
+ %ProgramData%\temp\*.*
+ Application
+
+
+```
+The XML should include the following elements within the `Collection` element:
+
+**ID**
+The ID value is a server-generated GUID string that identifies this data-gathering request. To avoid accidental repetition of data gathering, the CSP ignores subsequent Set or Execute invocations with the same ID value.
+
+**SasUrl**
+The SasUrl value is the target URI to which the CSP uploads the results zip file. It is the responsibility of the management server to provision storage in such a way that the server accepts the HTTP PUT to this URL. For example, the device management service could:
+- Provision cloud storage, such as an Azure blob storage container or other storage managed by the device management server
+- Generate a dynamic https SAS token URL representing the storage location (and which is understood by the server to allow a one-time upload or time-limited uploads)
+- Pass this value to the CSP as the SasUrl value.
+
+Assuming a case where the management server's customer (such as an IT admin) is meant to access the data, the management server would also expose the stored data through its user interface or APIs.
+
+**One or more data gathering directives, which may include any of the following:**
+
+- **RegistryKey**
+ - Exports all of the key names and values under a given path (recursive).
+ - Expected input value: Registry path such as "HKLM\Software\Policies".
+ - Output format: Creates a .reg file, similar to the output of reg.exe EXPORT command.
+ - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, registry paths are restricted to those under HKLM and HKCR.
+
+- **Events**
+ - Exports all events from the named Windows event log.
+ - Expected input value: A named event log channel such as "Application" or "Microsoft-Windows-DeviceGuard/Operational".
+ - Output format: Creates a .evtx file.
+
+- **Commands**
+ - This directive type allows the execution of specific commands such as ipconfig.exe. Note that DiagnosticArchive and the Commands directives are not a general-purpose scripting platform. These commands are allowed in the DiagnosticArchive context to handle cases where critical device information may not be available through existing log files.
+ - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
+ - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
+ - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
+ - %windir%\\system32\\certutil.exe
+ - %windir%\\system32\\dxdiag.exe
+ - %windir%\\system32\\gpresult.exe
+ - %windir%\\system32\\msinfo32.exe
+ - %windir%\\system32\\netsh.exe
+ - %windir%\\system32\\nltest.exe
+ - %windir%\\system32\\ping.exe
+ - %windir%\\system32\\powercfg.exe
+ - %windir%\\system32\\w32tm.exe
+ - %windir%\\system32\\wpr.exe
+ - %windir%\\system32\\dsregcmd.exe
+ - %windir%\\system32\\dispdiag.exe
+ - %windir%\\system32\\ipconfig.exe
+ - %windir%\\system32\\logman.exe
+ - %windir%\\system32\\tracelog.exe
+ - %programfiles%\\windows defender\\mpcmdrun.exe
+ - %windir%\\system32\\MdmDiagnosticsTool.exe
+ - %windir%\\system32\\pnputil.exe
+
+- **FoldersFiles**
+ - Captures log files from a given path (without recursion).
+ - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log".
+ - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed:
+ - %PROGRAMFILES%
+ - %PROGRAMDATA%
+ - %PUBLIC%
+ - %WINDIR%
+ - %TEMP%
+ - %TMP%
+ - Additionally, only files with the following extensions are captured:
+ - .log
+ - .txt
+ - .dmp
+ - .cab
+ - .zip
+ - .xml
+ - .html
+ - .evtx
+ - .etl
+
+**DiagnosticArchive/ArchiveResults**
+Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.
+
+The supported operation is Get.
+
+The data type is string.
+
+A Get to the above URI will return the results of the data gathering for the last diagnostics request. For the example above it returns:
+
+``` xml
+
+
+
+
+ 1
+ 1
+ 0
+ SyncHdr
+ 200
+
+
+ 2
+ 1
+ 1
+ Get
+ 200
+
+
+ 3
+ 1
+ 1
+
+
+ ./Vendor/MSFT/DiagnosticLog/DiagnosticArchive/ArchiveResults
+
+
+
+ f1e20cb4-9789-4f6b-8f6a-766989764c6d
+ HKLM\Software\Policies
+ C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl
+ %windir%\system32\ipconfig.exe /all
+ %windir%\system32\mdmdiagnosticstool.exe -out c:\ProgramData\temp\
+ c:\ProgramData\temp\*.*
+ Application
+
+
+
+
+
+
+
+```
+
+Each data gathering node is annotated with the HRESULT of the action and the collection is also annotated with an overall HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
+
+The zip file which is created also contains a results.xml file whose contents align to the Data section in the SyncML for ArchiveResults. Accordingly, an IT admin using the zip file for troubleshooting can determine the order and success of each directive without needing a permanent record of the SyncML value for DiagnosticArchive/ArchiveResults.
+
+
+## Policy area
+
+The Policy functionality within the DiagnosticLog CSP configures Windows event log policies, such as maximum log size.
+
+The following section describes the nodes for the Policy functionality.
+
+**Policy**
+Added in version 1.4 of the CSP in Windows 10, version 1903. Root node to control settings for channels in Event Log.
+
+The supported operation is Get.
+
+**Policy/Channels**
+Added in version 1.4 of the CSP in Windows 10, version 1903. Node that contains Event Log channel settings.
+
+The supported operation is Get.
+
+**Policy/Channels/_ChannelName_**
+Added in version 1.4 of the CSP in Windows 10, version 1903. Dynamic node to represent a registered channel. The node name must be a valid Windows event log channel name, such as ``Microsoft-Client-Licensing-Platform%2FAdmin``. When specifying the name in the LocURI, it must be URL encoded, otherwise it may unexpectedly translate into a different URI.
+
+Supported operations are Add, Delete, and Get.
+
+Add **Channel**
+``` xml
+
+
+
+ 2
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName
+
+
+
+ node
+
+
+
+
+
+
+
+```
+Delete **Channel**
+``` xml
+
+
+
+ 3
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName
+
+
+
+
+
+
+
+```
+Get **Channel**
+``` xml
+
+
+
+ 4
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName
+
+
+
+
+
+
+
+```
+**Policy/Channels/_ChannelName_/MaximumFileSize**
+Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting specifies the maximum size of the log file in megabytes.
+
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte and 2 terabytes in megabyte increments.
+
+If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+The data type is integer.
+
+Add **MaximumFileSize**
+``` xml
+
+
+
+ 6
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/MaximumFileSize
+
+
+
+ int
+ text/plain
+
+ 3
+
+
+
+
+
+```
+
+Delete **MaximumFileSize**
+``` xml
+
+
+
+ 7
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/MaximumFileSize
+
+
+
+
+
+
+
+```
+Get **MaximumFileSize**
+``` xml
+
+
+
+ 5
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/MaximumFileSize
+
+
+
+
+
+
+
+```
+
+Replace **MaximumFileSize**
+``` xml
+
+
+
+ 8
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/MaximumFileSize
+
+
+
+ int
+ text/plain
+
+ 5
+
+
+
+
+
+```
+
+**Policy/Channels/_ChannelName_/SDDL**
+Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting represents SDDL string controlling access to the channel.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+The data type is string.
+
+Default string is as follows:
+
+https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype.
+
+Add **SDDL**
+``` xml
+
+
+
+ 10
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/SDDL
+
+
+
+ chr
+ text/plain
+
+ YourSDDL
+
+
+
+
+
+```
+
+Delete **SDDL**
+``` xml
+
+
+
+
+ 11
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/SDDL
+
+
+
+
+
+
+
+```
+
+Get **SDDL**
+``` xml
+
+
+
+ 9
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/SDDL
+
+
+
+
+
+
+
+```
+
+Replace **SDDL**
+``` xml
+
+
+
+ 12
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/SDDL
+
+
+
+ chr
+ text/plain
+
+ YourNewSDDL
+
+
+
+
+
+```
+
+**Policy/Channels/_ChannelName_/ActionWhenFull**
+Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting controls Event Log behavior when the log file reaches its maximum size.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+The data type is string.
+
+The following are the possible values:
+- Truncate — When the log file reaches its maximum file size, new events are not written to the log and are lost.
+- Overwrite — When the log file reaches its maximum file size, new events overwrite old events.
+- Archive — When the log file reaches its maximum size, the log file is saved to the location specified by the "Archive Location" policy setting. If archive location value is not set, the new file is saved in the same directory as current log file.
+
+If you disable or do not configure this policy setting, the locally configured value will be used as default. Every channel that is installed, whether inbox or by ISVs, is responsible for defining its own local configuration, and that configuration can be changed by any administrator. Values set via this policy override but do not replace local configuration.
+
+
+Add **ActionWhenFull**
+``` xml
+
+
+
+ 14
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/ActionWhenFull
+
+
+
+ chr
+ text/plain
+
+ Archive
+
+
+
+
+
+```
+
+Delete **ActionWhenFull**
+``` xml
+
+
+
+ 15
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/ActionWhenFull
+
+
+
+
+
+
+
+```
+
+Get **ActionWhenFull**
+``` xml
+
+
+
+ 13
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/ActionWhenFull
+
+
+
+
+
+
+
+```
+
+Replace **ActionWhenFull**
+``` xml
+
+
+
+ 16
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/ActionWhenFull
+
+
+
+ chr
+ text/plain
+
+ Truncate
+
+
+
+
+
+```
+
+**Policy/Channels/_ChannelName_/Enabled**
+Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting specifies whether the channel should be enabled or disabled.
+
+Supported operations are Add, Delete, Get, and Replace.
+
+The data type is boolean.
+
+The following are the possible values:
+- TRUE — Enables the channel.
+- FALSE — Disables the channel.
+
+If you disable or do not configure this policy setting, the locally configured value is used as default.
+
+Get **Enabled**
+``` xml
+
+
+
+ 17
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/Enabled
+
+
+
+
+
+
+
+```
+
+Add **Enabled**
+``` xml
+
+
+
+ 18
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/Enabled
+
+
+
+ bool
+ text/plain
+
+ TRUE
+
+
+
+
+
+```
+
+Delete **Enabled**
+``` xml
+
+
+
+ 19
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/Enabled
+
+
+
+
+
+
+
+```
+
+Replace **Enabled**
+``` xml
+
+
+
+ 20
+
+
+
+ ./Vendor/MSFT/DiagnosticLog/Policy/Channels/ChannelName/Enabled
+
+
+
+ bool
+ text/plain
+
+ FALSE
+
+
+
+
+
+```
+
+## EtwLog area
+
+The Event Tracing for Windows (ETW) log feature of the DiagnosticLog CSP is used to control the following types of event tracing:
+- [Collector-based tracing](#collector-based-tracing)
+- [Channel-based tracing](#channel-based-tracing)
+
+The ETW log feature is designed for advanced usage, and assumes developers' familiarity with ETW. For more information, see [About Event Tracing](https://docs.microsoft.com/windows/win32/etw/about-event-tracing).
### Collector-based tracing
-This type of event tracing simultaneously collects event data from a collection of registered ETW providers.
+This type of event tracing collects event data from a collection of registered ETW providers.
An event collector is a container of registered ETW providers. Users can add or delete a collector node and register or unregister multiple providers in this collector.
@@ -45,13 +715,12 @@ For each registered provider in this collector, the user can:
- Change trace level to filter events from this provider
- Enable or disable the provider in the trace session
-The changes on **State**, **Keywords** and **TraceLevel** takes effect immediately while trace session is in progress.
+The changes on **State**, **Keywords**, and **TraceLevel** takes effect immediately while trace session is in progress.
-> **Note** Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
+> [!Note]
+> Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
-
-
-### Channel-based tracing
+ ### Channel-based tracing
The type of event tracing exports event data from a specific channel. This is only supported on the desktop.
@@ -67,40 +736,24 @@ For each channel node, the user can:
For more information about using DiagnosticLog to collect logs remotely from a PC or mobile device, see [Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md).
-Here are the links to the DDFs:
-
-- [DiagnosticLog CSP version 1.2](diagnosticlog-ddf.md#version-1-2)
-- [DiagnosticLog CSP version 1.3](diagnosticlog-ddf.md#version-1-3)
-
-The following diagram shows the DiagnosticLog configuration service provider in tree format.
-
-
-
-**./Vendor/MSFT/DiagnosticLog**
-The root node for the DiagnosticLog configuration service provider.
-
-The following steps describe the process for gathering diagnostics using this CSP.
+To gather diagnostics using this CSP:
1. Specify a *CollectorName* for the container of the target ETW providers.
2. (Optional) Set logging and log file parameters using the following options:
- - **TraceLogFileMode**
- - **LogFileSizeLimitMB**
-
- Each of these are described later in this topic.
+ - TraceLogFileMode
+ - LogFileSizeLimitMB
3. Indicate one or more target ETW providers by supplying its *ProviderGUID* to the Add operation of EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*.
4. (Optional) Set logging and log file parameters using the following options:
-
- - **TraceLevel**
- - **Keywords**
-
- Each of these are described later in this topic.
-
-5. Start logging using **TraceControl** EXECUTE command “START”
+ - TraceLevel
+ - Keywords
+5. Start logging using **TraceControl** EXECUTE command “START”.
6. Perform actions on the target device that will generate activity in the log files.
-7. Stop logging using **TraceControl** EXECUTE command “STOP”
-8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file)
+7. Stop logging using **TraceControl** EXECUTE command “STOP”.
+8. Collect the log file located in the `%temp%` folder using the method described in [Reading a log file](#reading-a-log-file).
+
+The following section describes the nodes for EtwLog functionality.
**EtwLog**
Node to contain the Error Tracing for Windows log.
@@ -112,14 +765,14 @@ Interior node to contain dynamic child interior nodes for active providers.
The supported operation is Get.
-**EtwLog/Collectors/****_CollectorName_**
+**EtwLog/Collectors/***CollectorName*
Dynamic nodes to represent active collector configuration.
Supported operations are Add, Delete, and Get.
Add a collector
-``` syntax
+```xml
@@ -141,7 +794,7 @@ Add a collector
Delete a collector
-``` syntax
+```xml
@@ -172,8 +825,6 @@ The following table represents the possible values:
| 0 | Stopped |
| 1 | Started |
-
-
**EtwLog/Collectors/*CollectorName*/TraceLogFileMode**
Specifies the log file logging mode.
@@ -183,30 +834,10 @@ Supported operations are Get and Replace.
The following table lists the possible values:
-
-
-
-
-
-
-
-
Value
-
Description
-
-
-
-
-
EVENT_TRACE_FILE_MODE_SEQUENTIAL (0x00000001)
-
Writes events to a log file sequentially; stops when the file reaches its maximum size.
-
-
-
EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002)
-
Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events.
-
-
-
-
-
+| Value | Description |
+|-------|--------------------|
+| EVENT_TRACE_FILE_MODE_SEQUENTIAL (0x00000001) | Writes events to a log file sequentially; stops when the file reaches its maximum size. |
+| EVENT_TRACE_FILE_MODE_CIRCULAR (0x00000002) | Writes events to a log file. After the file reaches the maximum size, the oldest events are replaced with incoming events. |
**EtwLog/Collectors/*CollectorName*/TraceControl**
Specifies the logging and report action state.
@@ -220,8 +851,6 @@ The following table lists the possible values:
| START | Start log tracing. |
| STOP | Stop log tracing |
-
-
The supported operation is Execute.
After you have added a logging task, you can start a trace by running an Execute command on this node with the value START.
@@ -230,7 +859,7 @@ To stop the trace, running an execute command on this node with the value STOP.
Start collector trace logging
-``` syntax
+```xml
@@ -253,7 +882,7 @@ Start collector trace logging
Stop collector trace logging
-``` syntax
+```xml
@@ -288,18 +917,17 @@ Interior node to contain dynamic child interior nodes for active providers.
The supported operation is Get.
-**EtwLog/Collectors/*CollectorName*/Providers/****_ProviderGUID_**
+**EtwLog/Collectors/*CollectorName*/Providers/***ProviderGUID*
Dynamic nodes to represent active provider configuration per provider GUID.
-> **Note** Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
-
-
+> [!Note]
+> Microsoft-WindowsPhone-Enterprise-Diagnostics-Provider (GUID - 3da494e4-0fe2-415C-b895-fb5265c5c83b) has the required debug resource files built into Windows OS, which will allow the logs files to be decoded on the remote machine. Any other logs may not have the debug resources required to decode.
Supported operations are Add, Delete, and Get.
Add a provider
-``` syntax
+```xml
@@ -321,7 +949,7 @@ Add a provider
Delete a provider
-``` syntax
+```xml
@@ -338,55 +966,26 @@ Delete a provider
```
-**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/TraceLevel**
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/TraceLevel**
Specifies the level of detail included in the trace log.
The data type is an integer.
Supported operations are Get and Replace.
-The following table lists the possible values.
+The following table lists the possible values:
-
-
-
-
-
-
-
-
Value
-
Description
-
-
-
-
-
1 – TRACE_LEVEL_CRITICAL
-
Abnormal exit or termination events
-
-
-
2 – TRACE_LEVEL_ERROR
-
Severe error events
-
-
-
3 – TRACE_LEVEL_WARNING
-
Warning events such as allocation failures
-
-
-
4 – TRACE_LEVEL_INFORMATION
-
Non-error events, such as entry or exit events
-
-
-
5 – TRACE_LEVEL_VERBOSE
-
Detailed information
-
-
-
-
-
+| Value | Description |
+|-------|--------------------|
+| 1 – TRACE_LEVEL_CRITICAL | Abnormal exit or termination events |
+| 2 – TRACE_LEVEL_ERROR | Severe error events |
+| 3 – TRACE_LEVEL_WARNING | Warning events such as allocation failures |
+| 4 – TRACE_LEVEL_INFORMATION | Non-error events, such as entry or exit events |
+| 5 – TRACE_LEVEL_VERBOSE | Detailed information |
Set provider **TraceLevel**
-``` syntax
+```xml
@@ -407,10 +1006,10 @@ Set provider **TraceLevel**
```
-**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/Keywords**
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/Keywords**
Specifies the provider keywords to be used as MatchAnyKeyword for this provider.
-the data type is a string.
+The data type is a string.
Supported operations are Get and Replace.
@@ -418,7 +1017,7 @@ Default value is 0 meaning no keyword.
Get provider **Keywords**
-``` syntax
+```xml
@@ -438,7 +1037,7 @@ Get provider **Keywords**
Set provider **Keywords**
-``` syntax
+```xml
@@ -461,43 +1060,23 @@ Set provider **Keywords**
```
-**EtwLog/Collectors/*CollectorName*/Providers/*ProvderGUID*/State**
+**EtwLog/Collectors/*CollectorName*/Providers/*ProviderGUID*/State**
Specifies if this provider is enabled in the trace session.
The data type is a boolean.
Supported operations are Get and Replace. This change will be effective during active trace session.
-The following table lists the possible values. Default value is TRUE.
+The following table lists the possible values:
-
-
-
-
-
-
-
-
Value
-
Description
-
-
-
-
-
TRUE
-
Provider is enabled in the trace session.
-
-
-
FALSE
-
Provider is disables in the trace session.
-
-
-
-
-
+| Value | Description |
+|-------|--------------------|
+| TRUE | Provider is enabled in the trace session. This is the default. |
+| FALSE | Provider is disabled in the trace session. |
Set provider **State**
-``` syntax
+```xml
@@ -523,14 +1102,14 @@ Interior node to contain dynamic child interior nodes for registered channels.
The supported operation is Get.
-**EtwLog/Channels/****_ChannelName_**
+**EtwLog/Channels/***ChannelName*
Dynamic nodes to represent a registered channel. The node name must be a valid Windows event log channel name, such as "Microsoft-Client-Licensing-Platform%2FAdmin"
Supported operations are Add, Delete, and Get.
Add a channel
-``` syntax
+```xml
@@ -552,7 +1131,7 @@ Add a channel
Delete a channel
-``` syntax
+```xml
@@ -576,7 +1155,7 @@ The supported operation is Execute.
Export channel event data
-``` syntax
+```xml
@@ -604,7 +1183,7 @@ Default value is empty string.
Get channel **Filter**
-``` syntax
+```xml
@@ -628,36 +1207,16 @@ The data type is a boolean.
Supported operations are Get and Replace.
-The following table lists the possible values.
+The following table lists the possible values:
-
-
-
-
-
-
-
-
Value
-
Description
-
-
-
-
-
TRUE
-
Channel is enabled.
-
-
-
FALSE
-
Channel is disabled.
-
-
-
-
-
+| Value | Description |
+|-------|--------------------|
+| TRUE | Channel is enabled. |
+| FALSE | Channel is disabled. |
Get channel **State**
-``` syntax
+```xml
@@ -676,7 +1235,7 @@ Get channel **State**
Set channel **State**
-``` syntax
+```xml
@@ -697,6 +1256,12 @@ Set channel **State**
```
+## DeviceStateData area
+
+The DeviceStateData functionality within the DiagnosticLog CSP provides additional device information.
+
+The following section describes the nodes for the DeviceStateData functionality.
+
**DeviceStateData**
Added in version 1.3 of the CSP in Windows 10, version 1607. Node for all types of device state data that are exposed.
@@ -705,7 +1270,7 @@ Added in version 1.3 of the CSP in Windows 10, version 1607. Triggers the snapp
The supported value is Execute.
-``` syntax
+```xml
@@ -726,13 +1291,24 @@ The supported value is Execute.
```
+## FileDownload area
+The FileDownload feature of the DiagnosticLog CSP enables a management server to pull data directly from the device. In the FileDownload context the client and server roles are conceptually reversed, with the management server acting as a client to download the data from the managed device.
+
+### Comparing FileDownload and DiagnosticArchive
+Both the FileDownload and DiagnosticArchive features can be used to get data from the device to the management server, but they are optimized for different workflows.
+
+- FileDownload enables the management server to directly pull byte-level trace data from the managed device. The data transfer takes place through the existing OMA-DM/SyncML context. It is typically used together with the EtwLogs feature as part of an advanced monitoring or diagnostic flow. FileDownlod requires granular orchestration by the management server, but avoids the need for dedicated cloud storage.
+- DiagnosticArchive allows the management server to give the CSP a full set of instructions as single command. Based on those instructions the CSP orchestrates the work client-side to package the requested diagnostic files into a zip archive and upload that archive to cloud storage. The data transfer happens outside of the OMA-DM session, via an HTTP PUT.
+
+The following section describes the nodes for the FileDownload functionality.
+
**FileDownload**
Node to contain child nodes for log file transportation protocols and corresponding actions.
**FileDownload/DMChannel**
Node to contain child nodes using DM channel for transport protocol.
-**FileDownload/DMChannel/****_FileContext_**
+**FileDownload/DMChannel/***FileContext*
Dynamic interior nodes that represents per log file context.
**FileDownload/DMChannel/*FileContext*/BlockSizeKB**
@@ -746,7 +1322,7 @@ Supported operations are Get and Replace.
Set **BlockSizeKB**
-``` syntax
+```xml
@@ -769,7 +1345,7 @@ Set **BlockSizeKB**
Get **BlockSizeKB**
-``` syntax
+```xml
@@ -795,7 +1371,7 @@ The only supported operation is Get.
Get **BlockCount**
-``` syntax
+```xml
@@ -821,7 +1397,7 @@ Supported operations are Get and Replace.
Set **BlockIndexToRead** at 0
-``` syntax
+```xml
@@ -844,7 +1420,7 @@ Set **BlockIndexToRead** at 0
Set **BlockIndexToRead** at 1
-``` syntax
+```xml
@@ -872,7 +1448,7 @@ The only supported operation is Get.
Get **BlockData**
-``` syntax
+```xml
@@ -892,29 +1468,18 @@ Get **BlockData**
**FileDownload/DMChannel/*FileContext*/DataBlocks**
Node to transfer the selected log file block to the DM server.
-**FileDownload/DMChannel/*FileContext*/DataBlocks/****_BlockNumber_**
+**FileDownload/DMChannel/*FileContext*/DataBlocks/***BlockNumber*
The data type is Base64.
-The only supported operation is Get.
-
-## Reading a log file
-
-
-1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**
-2. Select a log file in the Enumeration result
-3. Set **BlockSizeKB** per DM server payload limitation
-4. Get **BlockCount** to determine total read request
-5. Set **BlockIndexToRead** to initialize read start point
-6. Get **BlockData** for upload log block
-7. Increase **BlockIndexToRead**
-8. Repeat step 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)**
-
-
-
-
-
-
-
-
-
+The supported operation is Get.
+### Reading a log file
+To read a log file:
+1. Enumerate log file under **./Vendor/MSFT/DiagnosticLog/FileDownload/DMChannel**.
+2. Select a log file in the Enumeration result.
+3. Set **BlockSizeKB** per DM server payload limitation.
+4. Get **BlockCount** to determine total read request.
+5. Set **BlockIndexToRead** to initialize read start point.
+6. Get **BlockData** for upload log block.
+7. Increase **BlockIndexToRead**.
+8. Repeat step 5 to 7 until **BlockIndexToRead == (BlockIndexToRead – 1)**.
\ No newline at end of file
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 97ae506323..8bedac1205 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -2,11 +2,13 @@
title: DiagnosticLog DDF
description: DiagnosticLog DDF
ms.assetid: 9DD75EDA-5913-45B4-9BED-20E30CDEBE16
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -21,6 +23,7 @@ The content below are the latest versions of the DDF files:
- [DiagnosticLog CSP version 1.2](#version-1-2)
- [DiagnosticLog CSP version 1.3](#version-1-3)
+- [DiagnosticLog CSP version 1.4](#version-1-4)
## DiagnosticLog CSP version 1.2
@@ -1282,6 +1285,893 @@ The content below are the latest versions of the DDF files:
```
+## DiagnosticLog CSP version 1.4
+```xml
+
+
+]>
+
+ 1.2
+
+ DiagnosticLog
+ ./Vendor/MSFT
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.4/MDM/DiagnosticLog
+
+
+
+ EtwLog
+
+
+
+
+ Root node of all types of event logging nodes that CSP manages.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Collectors
+
+
+
+
+ Root node of registered "Collector" nodes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each dynamic node represents a registered 'Collector' node. CSP will maintain an ETW trace session for this collector with its name used as a unique identifier. In a collector, a valid ETW provider can be registered and unregistered. The collector's associated trace session will enable the registered providers in it if the provider's state is 'Enabled'. Each provider's state, trace level and keywords can be controlled separately. The name of this node must not be a valid Windows event channel name. It can be a etw provider guid as long as it is not equal to an already registered 'Provider' node name.
+
+
+
+
+
+
+
+
+
+ CollectorName
+
+
+
+
+
+ TraceStatus
+
+
+
+
+ This node is used for getting the status of this collector node's associated trace session. 1 means "in progress"; 0 means "not started or stopped".
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TraceLogFileMode
+
+
+
+
+
+ 1
+ This node is used for setting or getting the trace log file mode of this collector node's associated trace session. The only two allowed values are 1 and 2, which are EVENT_TRACE_FILE_MODE_SEQUENTIAL and EVENT_TRACE_FILE_MODE_CIRCULAR. Default value is 1.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TraceControl
+
+
+
+
+
+ This node is to trigger "start" and "stop" of this collector node's associated trace session. "Get" returns the name of this node.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LogFileSizeLimitMB
+
+
+
+
+
+ 4
+ This node is used for setting or getting the trace log file size limit(in Megabytes) of this collector node's associated trace session. The value range is 1~2048. Default value is 4.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Providers
+
+
+
+
+ Root node of all providers registered in this collector node.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each dynamic node represents an ETW provider registered in this collector node. The node name must be a valid provider GUID.
+
+
+
+
+
+
+
+
+
+ ProviderGuid
+
+
+
+
+
+ Keywords
+
+
+
+
+
+ "0"
+ This node is used for setting or getting the keywords of the event provider in this collector node's associated trace session. The string is in the form of hexadecimal digits and 16 chars wide. It'll be internally converted into ULONGLONG data type in the CSP. Default value is "0", which means all events from this provider are included. If the associated trace session is in progress, new keywords setting is applied immediately; if not, it'll be applied next time that session is started.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TraceLevel
+
+
+
+
+
+ 5
+ This node is used for setting or getting the trace level of this event provider in this collector node's associated trace session. Default value is 5, which is TRACE_LEVEL_VERBOSE. If the associated trace session is in progress, new trace level setting is applied immediately;if not, it'll be applied next time that session is started.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ State
+
+
+
+
+
+ true
+ This node is used for setting or getting the state of the event provider in this collector node's associated trace session. If the trace session isn't started, changing the value controls whether to enable the provider or not when session is started; if trace session is already started, changing its value causes enabling or disabling the provider in the live trace session. Default value is true.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+ Channels
+
+
+
+
+ Root node of registered "Channel" nodes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each dynamic node represents a registered 'Channel' node. The node name must be a valid Windows event log channel name, e.g. "Microsoft-Client-Licensing-Platform%2FAdmin". When specifying the name in the LocURI, it must be url encoded or it'll be translated into a different URI unexpectedly.
+
+
+
+
+
+
+
+
+
+ ChannelName
+
+
+
+
+
+ Export
+
+
+
+
+
+ This node is to trigger exporting events into a log file from this node's associated Windows event channel. The log file's extension is .evtx, which is the standard extension of windows event channel log. The "Get" command returns the name of this node.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ State
+
+
+
+
+
+ This node is used for setting or getting the 'Enabled' state of this node's associated windows event channel in the system. Setting it to "TRUE" enables the channel; setting it to "FALSE" disables the channel.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Filter
+
+
+
+
+
+ ""
+ This node is used for setting or getting the xpath query string to filter the events when exporting the log file from the channel. Default value is empty string.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+ DeviceStateData
+
+
+
+
+ Root node of all types of device state data that CSP exposes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ MdmConfiguration
+
+
+
+
+ This node is to trigger snapping of the Device Management state data with "SNAP".
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+ FileDownload
+
+
+
+
+ Root node of all csp nodes that are related to log file download in csp.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DMChannel
+
+
+
+
+ Root node of all csp nodes that are used for controlling file download for their associated log file generated by logging csp nodes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each dynamic node represents a 'FileContext' node corresponding to a log file generated by one of the logging CSP nodes(underneath 'EtwLog' node). The node name must be the name of a registered 'Provider', 'Collector' or 'Channel' node. The log file and its location will be determined by CSP based on the node name. File download is done by dividing the log file into multiple blocks of configured block size and then sending the blocks as requested by MDM server.
+
+
+
+
+
+
+
+
+
+ FileContext
+
+
+
+
+
+ BlockSizeKB
+
+
+
+
+
+ 4
+ This node is used for setting or getting the block size (in Kilobytes) for the download of associated log file. The value range is 1~16. Default value is 4.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ BlockCount
+
+
+
+
+ This node is used for getting the total number of blocks for the associated log file. If the log file isn't generated yet, the value returned is -1; if the trace session is in progress, the value returned is -2.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ BlockIndexToRead
+
+
+
+
+
+ This node is used for setting and getting the block index that points to the data block for 'BlockData' node. The value range is 0~(BlockCount-1).
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ BlockData
+
+
+
+
+ This node is used to get the binary data of the block that 'BlockIndexToRead' node is pointing to.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ DataBlocks
+
+
+
+
+ Root node of all 'BlockNumber' nodes for the associated log file. The number of its children should be the total block count of the log file. No children nodes exist if 'BlockCount' node's value is less than 0.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each dynamic node represents a 'BlockNumber' node. The node name is an integer equal to the index of the block which this node stands for. Therefore the node name should be ranging from 0 to (BlockCount -1). It returns the binary data of the block which this node is referring to.
+
+
+
+
+
+
+
+
+
+ BlockNumber
+
+
+
+
+
+
+
+
+
+
+ Policy
+
+
+
+
+ Contains policy for diagnostic settings.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Channels
+
+
+
+
+ Contains policy for Event Log channel settings.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Each dynamic node represents a registered 'Channel' node. The node name must be a valid Windows event log channel name, e.g. "Microsoft-Client-Licensing-Platform%2FAdmin". When specifying the name in the LocURI, it must be url encoded or it'll be translated into a different URI unexpectedly.
+
+
+
+
+
+
+
+
+
+ ChannelName
+
+
+
+
+
+ MaximumFileSize
+
+
+
+
+
+
+
+ Maximum size of the channel log file in MB.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ SDDL
+
+
+
+
+
+
+
+ SDDL String controlling access to the channel. Default: https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ActionWhenFull
+
+
+
+
+
+
+
+ Action to take when the log file reaches maximum size. "Truncate", "Overwrite", "Archive".
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Enabled
+
+
+
+
+
+
+
+ This policy setting specifies whether the channel should be enabled or disabled. Set value to TRUE to enable and FALSE to disable.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+ DiagnosticArchive
+
+
+
+
+ Root note for archive definition and collection.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ArchiveDefinition
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ArchiveResults
+
+
+
+
+ Pull up the results of the last archive run.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+```
+
## Related topics
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index d794478a6f..3cb1682333 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -5,11 +5,13 @@ MS-HAID:
- 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
- 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
ms.assetid: 33B2B248-631B-451F-B534-5DA095C4C8E8
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -103,7 +105,7 @@ After the previous package is sent, the unenrollment process begins.
When the server initiates disconnection, all undergoing sessions for the enrollment ID are aborted immediately to avoid deadlocks. The server will not get a response for the unenrollment, instead a generic alert notification is sent with messageid=1.
-``` syntax
+```xml
4
1226
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 8db057501d..aa61f9d50b 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -2,11 +2,13 @@
title: DMAcc CSP
description: DMAcc CSP
ms.assetid: 43e73d8a-6617-44e7-8459-5c96f4422e63
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -17,7 +19,7 @@ The DMAcc configuration service provider allows an OMA Device Management (DM) ve
> **Note** This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application.
-
+
For the DMAcc CSP, you cannot use the Replace command unless the node already exists.
@@ -62,7 +64,7 @@ Interior node for DM server address.
Required.
-**AppAddr/****_ObjectName_**
+**AppAddr/***ObjectName*
Required. Defines the OMA DM server address. Only one server address can be configured.
When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is "1". This is the first DM address encountered in the w7 APPLICATION configuration service provider, other DM accounts are ignored.
@@ -84,7 +86,7 @@ Interior node for port information.
Optional.
-**Port/****_ObjectName_**
+**Port/***ObjectName*
Required. Only one port number can be configured.
When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is "1".
@@ -106,7 +108,7 @@ Value type is string. Supported operations are Add, Get, and Replace.
***AccountUID*/AppAuth**
Optional. Defines authentication settings.
-**AppAuth/****_ObjectName_**
+**AppAuth/***ObjectName*
Required. Defines one set of authentication settings.
When mapping the [w7 APPLICATION configuration service provider](w7-application-csp.md) to the DMAcc Configuration Service Provider, the name of this element is same name as the AAuthLevel value ("CLRED" or "SRVCRED").
@@ -256,11 +258,11 @@ Stores specifies which certificate stores the DM client will search to find the
> **Note** %EF%80%80 is the UTF8-encoded character U+F000.
-
+
Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following:
-``` syntax
+```xml
```
@@ -277,9 +279,9 @@ Supported operations are Add, and Replace.
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 93a041f3d1..232f5672cd 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -2,11 +2,13 @@
title: DMAcc DDF file
description: DMAcc DDF file
ms.assetid: 44dc99aa-2a85-498b-8f52-a81863765606
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
**Provider/****_ProviderID_**
+**Provider/***ProviderID*
Required. This node contains the URI-encoded value of the bootstrapped device management account’s Provider ID. Scope is dynamic. This value is set and controlled by the MDM server. As a best practice, use text that doesn’t require XML/URI escaping.
For Intune, use **MS DM Server** for Windows desktop or **SCConfigMgr** for Windows mobile for the _ProviderID_.
@@ -55,20 +57,20 @@ Supported operations are Get and Add.
> **Note** Although hardware device IDs are guaranteed to be unique, there is a concern that this is not ultimately enforceable during a DM session. The device ID could be changed through the w7 APPLICATION configuration service provider’s **USEHWDEVID** parm by another management server. So during enterprise bootstrap and enrollment, a new device ID is specified by the enterprise server.
This node is required and must be set by the server before the client certificate renewal is triggered.
-
+
**Provider/*ProviderID*/ExchangeID**
Optional. Character string that contains the unique Exchange device ID used by the Outlook account of the user the session is running against. This is useful for the enterprise management server to correlate and merge records for a device that is managed by exchange and natively managed by a dedicated management server.
> **Note** In some cases for the desktop, this node will return "not found" until the user sets up their email.
-
+
Supported operation is Get.
The following is a Get command example.
-``` syntax
+```xml
12
@@ -99,7 +101,7 @@ Required. The character string that contains the device management server addres
> **Note** When the ManagementServerAddressList value is set, the device ignores the value in ManagementServiceAddress.
-
+
The DMClient configuration service provider will save the address to the same location as the w7 and DMS configuration service providers to ensure the management client has a single place to retrieve the current server address. The initial value for this node is the same server address value as bootstrapped via the [w7 APPLICATION configuration service provider](w7-application-csp.md).
@@ -146,7 +148,7 @@ This node is only supported in Windows 10 and later.
Once you set the value to 2.0, it will not go back to 1.0.
-
+
Supported operations are Get, Replace, and Delete.
@@ -171,7 +173,7 @@ To work around the timeout, you can use this setting to keep the session alive b
Here is an example of DM message sent by the device when it is in pending state:
-``` syntax
+```xml
1.2
@@ -225,9 +227,9 @@ Added in Windows 10, version 1607. The list of management server URLs in the fo
> **Note** The < and > should be escaped.
-
+
-``` syntax
+```xml
101
@@ -320,7 +322,7 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch
-
+
**Valid poll schedule: initial enrollment only \[no infinite schedule\]**
@@ -371,13 +373,13 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch
-
+
**Invalid poll schedule: disable all poll schedules**
> **Note** Disabling poll schedules results in UNDEFINED behavior and enrollment may fail if poll schedules are all set to zero.
-
+
@@ -426,7 +428,7 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch
-
+
**Invalid poll schedule: two infinite schedules**
@@ -485,7 +487,7 @@ If there is no infinite schedule set, then a 24-hour schedule is created and sch
-
+
If the device was previously enrolled in MDM with polling schedule configured via registry key values directly, the MDM server that supports using DMClient CSP to update polling schedule must first send an Add command to add a **./Vendor/MSFT/DMClient/Enrollment/<ProviderID>/Poll** node before it sends a Get/Replace command to query or update polling parameters via DMClient CSP
@@ -622,7 +624,7 @@ The status error mapping is listed below.
-
+
**Provider/*ProviderID*/CustomEnrollmentCompletePage**
Optional. Added in Windows 10, version 1703.
@@ -768,7 +770,7 @@ Note that <LocURI>./Vendor/MSFT/DMClient/Unenroll</LocURI> is suppor
The following SyncML shows how to remotely unenroll the device. Note that this command should be inserted in the general DM packages sent from the server to the device.
-``` syntax
+```xml
2
@@ -789,9 +791,9 @@ The following SyncML shows how to remotely unenroll the device. Note that this c
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 1c171bbb0f..15b21d0197 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -2,11 +2,13 @@
title: DMClient DDF file
description: DMClient DDF file
ms.assetid: A21B33AF-DB76-4059-8170-FADF2CB898A0
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is for Windows 10, version 1803.
-``` syntax
+```xml
- Number of days after last sucessful sync to unenroll
+ Number of days after last successful sync to unenroll
@@ -1966,4 +1968,4 @@ The XML below is for Windows 10, version 1803.
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 09918702d2..25b59bccc1 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -3,6 +3,8 @@ title: DMProcessConfigXMLFiltered function
description: Configures phone settings by using OMA Client Provisioning XML.
Search.Refinement.TopicID: 184
ms.assetid: 31D79901-6206-454C-AE78-9B85A3B3487F
+ms.reviewer:
+manager: dansimp
keywords: ["DMProcessConfigXMLFiltered function"]
topic_type:
- apiref
@@ -12,11 +14,11 @@ api_location:
- dmprocessxmlfiltered.dll
api_type:
- DllExport
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -44,16 +46,16 @@ Microsoft recommends that this function is not used to configure the following t
> **Note** The **DMProcessConfigXMLFiltered** function has full functionality in Windows 10 Mobile and Windows Phone 8.1, but it has a read-only functionality in Windows 10 desktop.
-
+
## Syntax
```C++
HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
- LPCWSTR pszXmlIn,
- const WCHAR **rgszAllowedCspNode,
- const DWORD dwNumAllowedCspNodes,
- BSTR *pbstrXmlOut
+ LPCWSTR pszXmlIn,
+ const WCHAR **rgszAllowedCspNode,
+ const DWORD dwNumAllowedCspNodes,
+ BSTR *pbstrXmlOut
);
```
@@ -61,25 +63,25 @@ HRESULT STDAPICALLTYPE DMProcessConfigXMLFiltered(
*pszXmlIn*
-
\[in\] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. **DMProcessConfigXMLFiltered** accepts only OMA Client Provisioning XML (also known as WAP provisioning). It does not accept OMA DM SyncML XML (also known as SyncML).
+
[in] The null–terminated input XML buffer containing the configuration data. The parameter holds the XML that will be used to configure the phone. DMProcessConfigXMLFiltered accepts only OMA Client Provisioning XML (also known as WAP provisioning). It does not accept OMA DM SyncML XML (also known as SyncML).
*rgszAllowedCspNode*
-
\[in\] Array of **WCHAR\*** that specify which configuration service provider nodes are allowed to be invoked.
+
[in] Array of WCHAR\* that specify which configuration service provider nodes are allowed to be invoked.
*dwNumAllowedCspNodes*
-
\[in\] Number of elements passed in *rgszAllowedCspNode*.
+
[in] Number of elements passed in rgszAllowedCspNode.
*pbstrXmlOut*
-
\[out\] The resulting null–terminated XML from configuration. The caller of **DMProcessConfigXMLFiltered** is responsible for cleanup of the output buffer that the *pbstrXmlOut* parameter references. Use [**SysFreeString**](https://msdn.microsoft.com/library/windows/hardware/ms221481) to free the memory.
+
[out] The resulting null–terminated XML from configuration. The caller of DMProcessConfigXMLFiltered is responsible for cleanup of the output buffer that the pbstrXmlOut parameter references. Use SysFreeString to free the memory.
@@ -124,7 +126,7 @@ Returns the standard **HRESULT** value **S\_OK** to indicate success. The follow
-
+
## Remarks
@@ -134,20 +136,20 @@ The usage of **DMProcessConfigXMLFiltered** depends on the configuration service
``` XML
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
```
@@ -156,8 +158,8 @@ Then, the second parameter in the call to **DMProcessConfigXMLFiltered** would h
``` C++
LPCWSTR rgszAllowedCspNodes[] =
{
- L"NAPDEF",
- L"BrowserFavorite"
+ L"NAPDEF",
+ L"BrowserFavorite"
};
```
@@ -170,18 +172,18 @@ WCHAR szProvxmlContent[] = L"...";
BSTR bstr = NULL;
HRESULT hr = DMProcessConfigXMLFiltered(
- szProvxmlContent,
- rgszAllowedCspNodes,
- _countof(rgszAllowedCspNodes),
- &bstr
- );
+ szProvxmlContent,
+ rgszAllowedCspNodes,
+ _countof(rgszAllowedCspNodes),
+ &bstr
+ );
/* check error */
if ( bstr != NULL )
{
- SysFreeString( bstr );
- bstr = NULL;
+ SysFreeString( bstr );
+ bstr = NULL;
}
```
@@ -224,7 +226,7 @@ if ( bstr != NULL )
[**SysFreeString**](https://msdn.microsoft.com/library/windows/hardware/ms221481)
-
+
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index 6e8aa70785..b395c7c3ba 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -1,12 +1,14 @@
---
title: DMSessionActions CSP
description: DMSessionActions CSP
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
+ms.reviewer:
+manager: dansimp
---
# DMSessionActions CSP
@@ -26,25 +28,25 @@ The following diagram shows the DMSessionActions configuration service provider
**./Device/Vendor/MSFT/DMSessionActions or ./User/Vendor/MSFT/DMSessionActions**
Defines the root node for the DMSessionActions configuration service provider.
-**_ProviderID_**
+***ProviderID***
Group settings per device management (DM) server. Each group of settings is distinguished by the Provider ID of the server. It must be the same DM server Provider ID value that was supplied through the w7 APPLICATION configuration service provider XML during the enrollment process. Only one enterprise management server is supported, which means that there should be only one ProviderID node under NodeCache.
Scope is dynamic. Supported operations are Get, Add, and Delete.
Required. The value is a complete OMA DM node URI. It can specify either an interior node or a leaf node in the device management tree. Scope is dynamic.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
@@ -61,4 +63,4 @@ The following diagram shows the DMSessionActions configuration service provider
**PowerSettings/MaxTimeSessionsSkippedInLowPowerState**
Maximum time in minutes when the device can skip the check-in with the server if the device is in low power state.
-
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
\ No newline at end of file
+
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index e587b4c69f..aef1210842 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -1,12 +1,14 @@
---
title: DMSessionActions DDF file
description: DMSessionActions DDF file
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
+ms.reviewer:
+manager: dansimp
---
# DMSessionActions DDF file
@@ -18,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index 710e19855a..e7d55aedc0 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -1,12 +1,14 @@
---
title: DynamicManagement CSP
description: DynamicManagement CSP
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
+ms.reviewer:
+manager: dansimp
---
# DynamicManagement CSP
@@ -27,7 +29,7 @@ The following diagram shows the DynamicManagement configuration service provider
Default value is False. Supported operations are Get and Replace.
Example to turn on NotificationsEnabled:
-``` syntax
+```xml
100
@@ -82,7 +84,7 @@ The following diagram shows the DynamicManagement configuration service provider
Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 meters radius of the specified latitude/longitude
-``` syntax
+```xml
200
@@ -136,7 +138,7 @@ Disable Cortana based on Geo location and time, From 9am-5pm, when in the 100 me
Disable camera using network trigger with time trigger, from 9-5, when ip4 gateway is 192.168.0.1
-``` syntax
+```xml
300
@@ -191,7 +193,7 @@ Disable camera using network trigger with time trigger, from 9-5, when ip4 gatew
Delete a context
-``` syntax
+```xml
400
@@ -204,7 +206,7 @@ Delete a context
Get ContextStatus and SignalDefinition from a specific context
-``` syntax
+```xml
400
@@ -221,4 +223,4 @@ Get ContextStatus and SignalDefinition from a specific context
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 0ca27a4ec0..3439bf646a 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -2,11 +2,13 @@
title: DynamicManagement DDF file
description: DynamicManagement DDF file
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -18,7 +20,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
-```
\ No newline at end of file
+```
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 38dc886b20..f687502610 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,12 +1,14 @@
---
title: EAP configuration
-description: The topic provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for the VPN profile and information about EAP certificate filtering in Windows 10.
+description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, plus info about EAP certificate filtering in Windows 10.
ms.assetid: DD3F2292-4B4C-4430-A57F-922FED2A8FAE
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
@@ -54,7 +56,7 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
9. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
- ``` syntax
+ ```powershell
Get-VpnConnection -Name Test
```
@@ -78,17 +80,17 @@ Here is an easy way to get the EAP configuration from your desktop using the ras
IdleDisconnectSeconds : 0
```
- ``` syntax
+ ```powershell
$a = Get-VpnConnection -Name Test
```
- ``` syntax
+ ```powershell
$a.EapConfigXmlStream.InnerXml
```
Here is an example output
- ``` syntax
+ ```xml
130013
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index e54767ae8b..ddb14a8d3f 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -2,11 +2,13 @@
title: EMAIL2 CSP
description: EMAIL2 CSP
ms.assetid: bcfc9d98-bc2e-42c6-9b81-0b5bf65ce2b8
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index cad330322f..f24a64e3e3 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -2,11 +2,13 @@
title: EMAIL2 DDF file
description: EMAIL2 DDF file
ms.assetid: 7e266db0-2fd9-4412-b428-4550f41a1738
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -19,7 +21,7 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The XML below is the current version for this CSP.
-``` syntax
+```xml
[!TIP]
>Intune has added a number of ADMX-backed administrative templates in public preview. Check if the policy settings you need are available in a template before using the SyncML method described below. [Learn more about Intune's administrative templates.](https://docs.microsoft.com/intune/administrative-templates-windows)
## Enable a policy
-1. Find the policy from the list [ADMX-backed policies](policy-configuration-service-provider.md#admx-backed-policies). You need the following information listed in the policy description.
- - GP English name
+> [!NOTE]
+> See [Understanding ADMX-backed policies](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
+
+1. Find the policy from the list [ADMX-backed policies](policies-admx-backed.md). You need the following information listed in the policy description.
+ - GP English name
- GP name
- GP ADMX file name
- GP path
@@ -59,10 +65,10 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
In this example you configure **Enable App-V Client** to **Enabled**.
-> [!Note]
+> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
-``` syntax
+```xml
@@ -91,140 +97,140 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
In this example, the policy is in **Administrative Templates > System > App-V > Publishing**.
- 1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy.
+ 1. Double-click **Publishing Server 2 Settings** to see the parameters you need to configure when you enable this policy.
- 
+ 
- 
+ 
- 2. Find the variable names of the parameters in the ADMX file.
+ 2. Find the variable names of the parameters in the ADMX file.
- You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
+ You can find the ADMX file name in the policy description in Policy CSP. In this example, the filename appv.admx is listed in [AppVirtualization/PublishingAllowServer2](policy-configuration-service-provider.md#appvirtualization-publishingallowserver2).
- 
+ 
- 3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
+ 3. Navigate to **C:\Windows\PolicyDefinitions** (default location of the admx files) and open appv.admx.
- 4. Search for GP name **Publishing_Server2_policy**.
+ 4. Search for GP name **Publishing_Server2_policy**.
- 5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor.
+ 5. Under **policy name="Publishing_Server2_Policy"** you can see the \ listed. The text id and enum id represents the data id you need to include in the SyncML data payload. They correspond to the fields you see in GP Editor.
- Here is the snippet from appv.admx:
+ Here is the snippet from appv.admx:
- ``` syntax
-
-
+ ```xml
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
- ```
+
+ ```
- 6. From the \ tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor.
+ 6. From the \ tag, copy all the text id and enum id and create an XML with data id and value fields. The value field contains the configuration settings you would enter in the GP Editor.
- Here is the example XML for Publishing_Server2_Policy :
+ Here is the example XML for Publishing_Server2_Policy :
- ``` syntax
-
-
-
-
-
-
-
-
-
-
- ```
+ ```xml
+
+
+
+
+
+
+
+
+
+
+ ```
- 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs.
+ 7. Create the SyncML to enable the policy. Payload contains \ and name/value pairs.
- Here is the example for **AppVirtualization/PublishingAllowServer2**:
+ Here is the example for **AppVirtualization/PublishingAllowServer2**:
-> [!Note]
+> [!NOTE]
> The \ payload must be XML encoded. To avoid encoding, you can use CData if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). If you are using Intune, select String as the data type.
- ``` syntax
+ ```xml
@@ -262,7 +268,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
The \ payload is \. Here is an example to disable AppVirtualization/PublishingAllowServer2.
-``` syntax
+```xml
@@ -287,7 +293,7 @@ The \ payload is \. Here is an example to disable AppVirtualiza
The \ payload is empty. Here an example to set AppVirtualization/PublishingAllowServer2 to "Not Configured."
-``` syntax
+```xml
diff --git a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
index 4c21520591..32ac15d67d 100644
--- a/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
+++ b/windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md
@@ -2,18 +2,20 @@
title: Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
description: Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet.
ms.assetid: ED3DAF80-847C-462B-BDB1-486577906772
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 06/26/2017
---
# Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices
-Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using System Center Configuration Manager.
+Like any Windows devices, Windows 10 Mobile devices use Microsoft Update by default to download updates over the Internet. However, in some enterprise environments, devices may not be able to access the Internet to retrieve their updates. Because of network restrictions or other enterprise policies, devices must download their updates from an internal location. This document describes how to enable offline updates using Microsoft Endpoint Configuration Manager.
Here is a table of update path to Windows 10 Mobile.
@@ -77,7 +79,7 @@ Down the road, after the upgrade to Windows 10 is complete, if you decide to pus
**Requirements:**
- The test device must be same as the other production devices that are receiving the updates.
-- Your test device must be enrolled with System Center Configuration Manager.
+- Your test device must be enrolled with Microsoft Endpoint Configuration Manager.
- Your device can connect to the Internet.
- Your device must have an SD card with at least 0.5 GB of free space.
- Ensure that the settings app and PhoneUpdate applet are available via Assigned Access.
@@ -91,7 +93,7 @@ The following diagram is a high-level overview of the process.
Define the baseline update set that will be applied to other devices. Use a device that is running the most recent image as the test device.
-Trigger the device to check for updates either manually or using System Center Configuration Manager.
+Trigger the device to check for updates either manually or using Microsoft Endpoint Configuration Manager.
**Manually**
@@ -102,19 +104,19 @@ Trigger the device to check for updates either manually or using System Center C
> **Note** There is a bug in all OS versions up to GDR2 where the CSP will not set the assigned value. There is no way to change or set this until GDR2 is deployed onto the device.
-**Using System Center Configuration Manager**
+**Using Microsoft Endpoint Configuration Manager**
1. Remotely trigger a scan of the test device by deploying a Trigger Scan Configuration Baseline.
- 
+ 
2. Set the value of this OMA-URI by browsing to the settings of this Configuration Item and selecting the newly created Trigger Scan settings from the previous step.
- 
+ 
3. Ensure that the value that is specified for this URI is greater than the value on the device(s) and that the Remediate noncompliant rules when supported option is checked. For the first time, any value that is greater than 0 will work, but for subsequent configurations, ensure that you specify an incremented value.
- 
+ 
4. Create a Configuration Baseline for TriggerScan and Deploy. It is recommended that this Configuration Baseline be deployed after the Controlled Updates Baseline has been applied to the device (the corresponding files are deployed on the device through a device sync session).
5. Follow the prompts for downloading the updates, but do not install the updates on the device.
@@ -130,16 +132,16 @@ There are two ways to retrieve this file from the device; one pre-GDR1 and one p
1. Create a Configuration Item using ConfigMgr to look at the registry entry ./Vendor/MSFT/EnterpriseExt/DeviceUpdate/ApprovedUpdatesXml.
- > **Note** In System Center Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
+ > **Note** In Microsoft Endpoint Configuration Manager, you may see an error about exceeding the file limit when using ApprovedUpdatesXml. However, the process still completes even if the file is large.
If the XML file is greater than 32K you can also use ./Vendor/MSFT/FileSystem/<*filename*>.
2. Set a baseline for this Configuration Item with a “dummy” value (such as zzz), and ensure that you do not remediate it.
The dummy value is not be set; it is only used for comparison.
-3. After the report XML is sent to the device, System Center Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
+3. After the report XML is sent to the device, Microsoft Endpoint Configuration Manager displays a compliance log that contains the report information. The log can contain significant amount of data.
4. Parse this log for the report XML content.
-For a step-by-step walkthrough, see [How to retrieve a device update report using System Center Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-system-center-configuration-manager-logs).
+For a step-by-step walkthrough, see [How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs](#how-to-retrieve-a-device-update-report-using-microsoft-endpoint-configuration-manager-logs).
**Post-GDR1: Retrieve the report xml file using an SD card**
@@ -226,7 +228,7 @@ This process has three parts:
1. Create a configuration item and specify that file path and name on the device as `NonPersistent\DUCustomContentURIs.xml`
2. Check the box **Remediate noncompliant settings**.
- 
+ 
3. Click **OK**.
@@ -236,11 +238,11 @@ This process has three parts:
1. Create a configuration baseline item and give it a name (such as ControlledUpdates).
2. Add the DUControlledUpdates and DUCustomContentURIs configuration items, and then click **OK**.
- 
+ 
3. Deploy the configuration baseline to the appropriate device or device collection.
- 
+ 
4. Click **OK**.
@@ -250,7 +252,7 @@ Now that the other "production" or "in-store" devices have the necessary informa
### Use this process for unmanaged devices
-If the update policy of the device is not managed or restricted by System Center Configuration Manager, an update process can be initiated on the device in one of the following ways:
+If the update policy of the device is not managed or restricted by Microsoft Endpoint Configuration Manager, an update process can be initiated on the device in one of the following ways:
- Initiated by a periodic scan that the device automatically performs.
- Initiated manually through **Settings** -> **Phone Update** -> **Check for Updates**.
@@ -259,21 +261,21 @@ If the update policy of the device is not managed or restricted by System Center
If the update policy of the device is managed or restricted by MDM, an update process can be initiated on the device in one of the following ways:
-- Trigger the device to scan for updates through System Center Configuration Manager.
+- Trigger the device to scan for updates through Microsoft Endpoint Configuration Manager.
Ensure that the trigger scan has successfully executed, and then remove the trigger scan configuration baseline.
> **Note** Ensure that the PhoneUpdateRestriction Policy is set to a value of 0, to ensure that the device will not perform an automatic scan.
-- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in System Center Configuration Manager.
+- Trigger the device to scan as part of a Maintenance Window defined by the IT Admin in Microsoft Endpoint Configuration Manager.
After the installation of updates is completed, the IT Admin can use the DUReport generated in the production devices to determine if the device successfully installed the list of updates. If the device did not, error codes are provided in the DUReport.xml. To retrieve the device update report from a device, perform the same steps defined in [Step 2](#step2).
## Example PowerShell script
-``` syntax
+```powershell
param (
# [Parameter (Mandatory=$true, HelpMessage="Input File")]
[String]$inputFile,
@@ -454,7 +456,7 @@ DownloadFiles $inputFile $downloadCache $localCacheURL
```
-## How to retrieve a device update report using System Center Configuration Manager logs
+## How to retrieve a device update report using Microsoft Endpoint Configuration Manager logs
Use this procedure for pre-GDR1 devices.
@@ -463,17 +465,17 @@ Use this procedure for pre-GDR1 devices.
1. Trigger a device scan. Go to **Settings** -> **Phone Update** -> **Check for Updates**.
Since the DUReport settings have not been remedied, you should see a non-compliance.
-2. In System Center Configuration Manager under **Assets and Compliance** > **Compliance Settings**, right-click on **Configuration Items**.
+2. In Microsoft Endpoint Configuration Manager under **Assets and Compliance** > **Compliance Settings**, right-click on **Configuration Items**.
3. Select **Create Configuration Item**.
- 
+ 
4. Enter a filename (such as GetDUReport) and then choose **Mobile Device**.
5. In the **Mobile Device Settings** page, check the box **Configure Additional Settings that are not in the default settings group**, and the click **Next**.
- 
+ 
6. In the **Additional Settings** page, click **Add**.
- 
+ 
7. In the **Browse Settings** page, click **Create Setting**.
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 24e4a9039a..ac08247a1f 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,44 +1,90 @@
---
title: Enroll a Windows 10 device automatically using Group Policy
description: Enroll a Windows 10 device automatically using Group Policy
-ms.author: maricia
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
-ms.date: 10/04/2017
+author: manikadhiman
+ms.date: 07/29/2019
+ms.reviewer:
+manager: dansimp
---
# Enroll a Windows 10 device automatically using Group Policy
Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
+The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
+
Requirements:
- AD-joined PC running Windows 10, version 1709 or later
- The enterprise has configured a mobile device management (MDM) service
- The enterprise AD must be [registered with Azure Active Directory (Azure AD)](azure-active-directory-integration-with-mdm.md)
- The device should not already be enrolled in Intune using the classic agents (devices managed using agents will fail enrollment with `error 0x80180026`)
+- The minimum Windows Server version requirement is based on the Hybrid AAD join requirement. See [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan) for more information.
-> [!Tip]
-> [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
+> [!TIP]
+> For additional information, see the following topics:
+> - [How to configure automatic registration of Windows domain-joined devices with Azure Active Directory](https://docs.microsoft.com/azure/active-directory/active-directory-conditional-access-automatic-device-registration-setup)
+> - [How to plan your hybrid Azure Active Directory join implementation](https://docs.microsoft.com/azure/active-directory/devices/hybrid-azuread-join-plan)
+> - [Azure Active Directory integration with MDM](https://docs.microsoft.com/windows/client-management/mdm/azure-active-directory-integration-with-mdm)
-To verify if the device is Azure AD registered, run `dsregcmd /status` from the command line.
+The auto-enrollment relies on the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
-Here is a partial screenshot of the result:
-
-
-
-The auto-enrollment relies of the presence of an MDM service and the Azure Active Directory registration for the PC. Starting in Windows 10, version 1607, once the enterprise has registered its AD with Azure AD, a Windows PC that is domain joined is automatically AAD registered.
-
-> [!Note]
+> [!NOTE]
> In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](https://msdn.microsoft.com/library/mt221945.aspx). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
-When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
+When the auto-enrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task will use the existing MDM service configuration from the Azure Active Directory information of the user. If multi-factor authentication is required, the user will get a prompt to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
-In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy is take precedence over MDM). In the future release of Windows 10, we are considering a feature that allows the admin to control which policy takes precedence.
+In Windows 10, version 1709, when the same policy is configured in GP and MDM, the GP policy wins (GP policy takes precedence over MDM). Since Windows 10, version 1803, a new setting allows you to change the policy conflict winner to MDM. For additional information, see [Windows 10 Group Policy vs. Intune MDM Policy who wins?](https://blogs.technet.microsoft.com/cbernier/2018/04/02/windows-10-group-policy-vs-intune-mdm-policy-who-wins/).
For this policy to work, you must verify that the MDM service provider allows the GP triggered MDM enrollment for domain joined devices.
+## Verify auto-enrollment requirements and settings
+To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
+The following steps demonstrate required settings using the Intune service:
+1. Verify that the user who is going to enroll the device has a valid Intune license.
+
+ 
+
+2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](https://docs.microsoft.com/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal).
+Also verify that the **MAM user scope** is set to **None**. Otherwise, it will have precedence over the MDM scope that will lead to issues.
+
+ 
+
+3. Verify that the device OS version is Windows 10, version 1709 or later.
+4. Auto-enrollment into Intune via Group Policy is valid only for devices which are hybrid Azure AD joined. This means that the device must be joined into both local Active Directory and Azure Active Directory. To verify that the device is hybrid Azure AD joined, run `dsregcmd /status` from the command line.
+
+ You can confirm that the device is properly hybrid-joined if both **AzureAdJoined** and **DomainJoined** are set to **YES**.
+
+ 
+
+ Additionally, verify that the SSO State section displays **AzureAdPrt** as **YES**.
+
+ 
+
+ This information can also be found on the Azure AD device list.
+
+ 
+
+5. Verify that the MDM discovery URL during auto-enrollment is https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc
+
+ 
+
+6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
+
+ 
+
+7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is properly deployed to all devices which should be enrolled into Intune.
+You may contact your domain administrators to verify if the group policy has been deployed successfully.
+
+8. Verify that the device is not enrolled with the old Intune client used on the Intune Silverlight Portal (this is the Intune portal used before the Azure portal).
+9. Verify that Azure AD allows the logon user to enroll devices.
+ 
+10. Verify that Microsoft Intune should allow enrollment of Windows devices.
+ 
+
## Configure the auto-enrollment Group Policy for a single PC
This procedure is only for illustration purposes to show how the new auto-enrollment policy works. It is not recommended for the production environment in the enterprise. For bulk deployment, you should use the [Group Policy Management Console process](#configure-the-auto-enrollment-for-a-group-of-devices).
@@ -48,7 +94,7 @@ Requirements:
- Enterprise has MDM service already configured
- Enterprise AD must be registered with Azure AD
-1. Run GPEdit.msc
+1. Run GPEdit.msc
Click Start, then in the text box type gpedit.
@@ -60,23 +106,34 @@ Requirements:
-4. Double-click **Auto MDM Enrollment with AAD Token**.
+4. Double-click **Enable Automatic MDM enrollment using default Azure AD credentials**.
-5. Click **Enable**, then click **OK**.
+5. Click **Enable**, then click **OK**.
- A task is created and scheduled to run every 5 minutes for the duration of 1 day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
+> [!NOTE]
+> In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed.
+The default behavior for older releases is to revert to **User Credential**.
- To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
+> [!NOTE]
+> Device credential group policy setting is not supported for enrolling into Microsoft Intune.
- If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot.
+When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD."
- 
+To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
-6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
+If two-factor authentication is required, you will be prompted to complete the process. Here is an example screenshot.
-7. Click **Info** to see the MDM enrollment information.
+
+
+> [!Tip]
+> You can avoid this behavior by using Conditional Access Policies in Azure AD.
+Learn more by reading [What is Conditional Access?](https://docs.microsoft.com/azure/active-directory/conditional-access/overview).
+
+6. To verify successful enrollment to MDM , click **Start > Settings > Accounts > Access work or school**, then select your domain account.
+
+7. Click **Info** to see the MDM enrollment information.
@@ -89,9 +146,9 @@ Requirements:
-2. Under **Best match**, click **Task Scheduler** to launch it.
+2. Under **Best match**, click **Task Scheduler** to launch it.
-3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
+3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
@@ -107,11 +164,76 @@ Requirements:
- Enterprise AD must be integrated with Azure AD.
- Ensure that PCs belong to same computer group.
-1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
-2. Create a Security Group for the PCs.
-3. Link the GPO.
-4. Filter using Security Groups.
-5. Enforce a GPO link
+> [!IMPORTANT]
+> If you do not see the policy, it may be because you don’t have the ADMX installed for Windows 10, version 1803, version 1809, or version 1903. To fix the issue, follow these steps (Note: the latest MDM.admx is backwards compatible):
+> 1. Download:
+> 1803 -->[Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880) or
+> 1809 --> [Administrative Templates for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576) or
+> 1903 --> [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495&WT.mc_id=rss_alldownloads_all)
+> 2. Install the package on the Primary Domain Controller (PDC).
+> 3. Navigate, depending on the version to the folder:
+> 1803 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 April 2018 Update (1803) v2**, or
+> 1809 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 October 2018 Update (1809) v2**, or
+> 1903 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2019 Update (1903) v3**
+> 4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
+> 5. Copy PolicyDefinitions folder to **C:\Windows\SYSVOL\domain\Policies**.
+> (If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain).
+> 6. Restart the Primary Domain Controller for the policy to be available.
+> This procedure will work for any future version as well.
+
+1. Create a Group Policy Object (GPO) and enable the Group Policy **Computer Configuration** > **Policies** > **Administrative Templates** > **Windows Components** > **MDM** > **Enable automatic MDM enrollment using default Azure AD credentials**.
+2. Create a Security Group for the PCs.
+3. Link the GPO.
+4. Filter using Security Groups.
+5. Enforce a GPO link.
+
+## Troubleshoot auto-enrollment of devices
+
+Investigate the log file if you have issues even after performing all the mandatory verification steps. The first log file to investigate is the event log on the target Windows 10 device.
+
+To collect Event Viewer logs:
+
+1. Open Event Viewer.
+2. Navigate to Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider > Admin.
+
+ > [!Tip]
+ > For guidance on how to collect event logs for Intune, see [Collect MDM Event Viewer Log YouTube video](https://www.youtube.com/watch?v=U_oCe2RmQEc).
+
+3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully:
+ 
+
+ If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons:
+ - The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed:
+ 
+ To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information.
+ - The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section.
+
+ The auto-enrollment process is triggered by a task (Microsoft > Windows > EnterpriseMgmt) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (Computer Configuration > Policies > Administrative Templates > Windows Components > MDM) is successfully deployed to the target machine as shown in the following screenshot:
+ 
+
+ > [!Note]
+ > This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task.
+
+ This task runs every 5 minutes for the duration of 1 day. To confirm if the task succeeded, check the task scheduler event logs:
+ Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational.
+ Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
+
+ 
+
+ When the task is completed, a new event ID 102 is logged.
+ 
+
+ Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
+
+ If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
+ One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (HKLM > Software > Microsoft > Enrollments). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
+
+ 
+
+ By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational event log file under event ID 7016.
+ A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display less entries as shown in the following screenshot:
+
+ 
### Related topics
@@ -120,3 +242,9 @@ Requirements:
- [Link a Group Policy Object](https://technet.microsoft.com/library/cc732979(v=ws.11).aspx)
- [Filter Using Security Groups](https://technet.microsoft.com/library/cc752992(v=ws.11).aspx)
- [Enforce a Group Policy Object Link](https://technet.microsoft.com/library/cc753909(v=ws.11).aspx)
+
+### Useful Links
+
+- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)
+- [Windows 10 Administrative Templates for Windows 10 October 2018 Update 1809](https://www.microsoft.com/download/details.aspx?id=57576)
+- [Windows 10 Administrative Templates for Windows 10 April 2018 Update 1803](https://www.microsoft.com/download/details.aspx?id=56880)
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
new file mode 100644
index 0000000000..e70eed0ce5
--- /dev/null
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -0,0 +1,906 @@
+---
+title: EnrollmentStatusTracking DDF
+description: View the OMA DM device description framework (DDF) for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: ManikaDhiman
+ms.date: 05/17/2019
+---
+
+# EnrollmentStatusTracking DDF
+
+
+This topic shows the OMA DM device description framework (DDF) for the **EnrollmentStatusTracking** configuration service provider. DDF files are used only with OMA DM provisioning XML.
+
+Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
+
+### EnrollmentStatusTracking CSP
+
+```xml
+
+]>
+
+ 1.2
+
+ EnrollmentStatusTracking
+ ./User/Vendor/MSFT
+
+
+
+
+ These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message.
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.0/MDM/EnrollmentStatusTracking
+
+
+
+ Setup
+
+
+
+
+ These settings are read by the Enrollment Status Page (ESP) during the Account Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Apps
+
+
+
+
+ Policy providers use these settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PolicyProviders
+
+
+
+
+ These settings are read by the Enrollment Status Page (ESP) during the Device Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true.
+
+
+
+
+
+
+
+
+
+
+
+
+ ProviderName
+
+
+
+
+
+ TrackingPoliciesCreated
+
+
+
+
+
+
+
+ Indicates when the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ Tracking
+
+
+
+
+ This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the provider responsible for installing these apps and providing status back to the Enrollment Status Page.
+
+
+
+
+
+
+
+
+
+
+
+
+ ProviderName
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A unique name for the app whose progress should be tracked in the ESP. The app name can be arbitrary as it is not used directly by the ESP, so the value can be defined however the policy provider chooses.
+
+
+
+
+
+
+
+
+
+
+
+
+ AppName
+
+
+
+
+
+ TrackingUri
+
+
+
+
+
+
+
+ An optional URI to another CSP for tracking the apps installation. If this value is not set, installation status is derived from the InstallationState node.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InstallationState
+
+
+
+
+
+
+
+ The installation state for the app. This node should be updated by the policy providers (not the MDM server) so the ESP can track the installation progress and update the status message. Expected values: 1 = NotInstalled, 2 = InProgress, 3 = Completed, 4 = Error
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RebootRequired
+
+
+
+
+
+
+
+ An optional node indicating if the app installation requires the ESP to issue a reboot. This node should be set by the policy provider installing the app (not the MDM server). Expected values: 1 = NotRequired, 2 = SoftReboot, 3 = HardReboot. If this node is not set, the ESP will not reboot the device for this app install.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+ HasProvisioningCompleted
+
+
+
+
+ false
+ This node is set by the Enrollment Status Page (ESP) when it completes. Providers are able to query this node to determine if the ESP is showing, allowing them to bifurcate their logic accordingly. For instance, when an app install requires a reboot, the policy provider should let the ESP issue the reboot by setting RebootRequired value for that app if and only if the ESP is running, otherwise, the policy provider is responsible for issuing a reboot themselves.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ EnrollmentStatusTracking
+ ./Device/Vendor/MSFT
+
+
+
+
+ These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message.
+
+
+
+
+
+
+
+
+
+
+ com.microsoft/1.0/MDM/EnrollmentStatusTracking
+
+
+
+ DevicePreparation
+
+
+
+
+ These settings are read by the Enrollment Status Page (ESP) during the Device Preparation phase. These setting are used to orchestrate any setup activities prior to provisioning the device in the Device Setup phase of the ESP.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PolicyProviders
+
+
+
+
+ These nodes indicate to the Enrollment Status Page (ESP) that it should wait in the Device Preparation phase until all PolicyProviders are installed or marked as not required.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This node represents a policy provider for the Enrollment Status Page (ESP). The node should be given a unique name for the policy provider. Registration of a policy provider indicates to the Enrollment Status Page that it should block in the Device Preparation phase until the provider sets its InstallationState node to 1 (not required) or 2 (complete). Once all registered policy providers have been marked as completed (or not required), the Enrollment Status Page will progress to the Device Setup phase.
+
+
+
+
+
+
+
+
+
+ ProviderName
+
+
+
+
+
+ InstallationState
+
+
+
+
+
+
+
+ This node communicates the policy provider installation state back to the Enrollment Status Page. Expected values: 1 = NotInstalled, 2 = NotRequired, 3= Completed, 4 = Error.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ LastError
+
+
+
+
+
+
+
+ If a policy provider fails to install, it can optionally set an HRESULT error code that the Enrollment Status Page can display in an error message to the user. This node will only be read by the Enrollment Status Page when the provider's InstallationState node is set to 3 (Error). This node is only intended to be set by the policy provider itself, not the MDM server.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ Timeout
+
+
+
+
+
+
+
+ An optional timeout (in minutes) for provider installation to complete before the Enrollment Status Page shows an error. Provider installation is considered complete when the InstallationState node is set to 2 (NotRequired) or 3 (Complete). If no timeout value is supplied the ESP will choose a default timeout value of 15 minutes.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ TrackedResourceTypes
+
+
+
+
+
+
+
+ This node's children registers which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with Enrollment Status Page tracking message.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Apps
+
+
+
+
+
+
+
+ false
+ This node registers the policy provider for App provisioning.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+ Setup
+
+
+
+
+ These settings are read by the Enrollment Status Page (ESP) during the Device Setup phase. Policy providers use these nodes to communicate progress state back to the ESP, which is then displayed to the user through progress message updates.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Apps
+
+
+
+
+ These settings are used to communicate what policies the Enrollment Status Page (ESP) should block on. Using these settings, policy providers register themselves and the set of policies that need to be tracked. The ESP will include the counts of these policy sets in the status message to the user, and blocks progress on that page until all policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which will then be reflected in the ESP status message.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ PolicyProviders
+
+
+
+
+ App policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with status to the user.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ This node represents an app policy provider for the Enrollment Status Page (ESP). Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true.
+
+
+
+
+
+
+
+
+
+
+
+
+ ProviderName
+
+
+
+
+
+ TrackingPoliciesCreated
+
+
+
+
+
+
+
+ Indicates when the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+ Tracking
+
+
+
+
+ These are the set of apps that are being tracked by the Enrollment Status Page.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ The name of the provider responsible for installing these apps and providing status back to the Enrollment Status Page.
+
+
+
+
+
+
+
+
+
+
+
+
+ ProviderName
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A unique name for the app whose progress should be tracked in the ESP. The app name can be arbitrary as it is not used directly by the ESP, so the value can be defined however the policy provider chooses.
+
+
+
+
+
+
+
+
+
+
+
+
+ AppName
+
+
+
+
+
+ TrackingUri
+
+
+
+
+
+
+
+ An optional URI to another CSP for tracking the apps installation. If this value is not set, installation status is derived from the InstallationState node.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ InstallationState
+
+
+
+
+
+
+
+ The installation state for the app. This node should be updated by the policy providers (not the MDM server) so the ESP can track the installation progress and update the status message. Expected values: 1 = NotInstalled, 2 = InProgress, 3 = Completed, 4 = Error
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ RebootRequired
+
+
+
+
+
+
+
+ An optional node indicating if the app installation requires the ESP to issue a reboot. This node should be set by the policy provider installing the app (not the MDM server). Expected values: 1 = NotRequired, 2 = SoftReboot, 3 = HardReboot. If this node is not set, the ESP will not reboot the device for this app install.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+
+ HasProvisioningCompleted
+
+
+
+
+ false
+ This node is set by the Enrollment Status Page (ESP) when it completes. Providers are able to query this node to determine if the ESP is showing, allowing them to bifurcate their logic accordingly. For instance, when an app install requires a reboot, the policy provider should let the ESP issue the reboot by setting RebootRequired value for that app if and only if the ESP is running, otherwise, the policy provider is responsible for issuing a reboot themselves.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
new file mode 100644
index 0000000000..6faa0a9b38
--- /dev/null
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -0,0 +1,179 @@
+---
+title: EnrollmentStatusTracking CSP
+description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: ManikaDhiman
+ms.date: 05/21/2019
+---
+
+# EnrollmentStatusTracking CSP
+
+During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](https://docs.microsoft.com/windows/deployment/windows-autopilot/enrollment-status).
+
+ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information.
+
+The EnrollmentStatusTracking CSP was added in Windows 10, version 1903.
+
+
+The following diagram shows the EnrollmentStatusTracking CSP in tree format.
+
+
+
+**./Vendor/MSFT**
+For device context, use **./Device/Vendor/MSFT** path and for user context, use **./User/Vendor/MSFT** path.
+
+**EnrollmentStatusTracking**
+Required. Root node for the CSP. This node is supported in both user context and device context.
+Provides the settings to communicate what policies the ESP must block on. Using these settings, policy providers register themselves and the set of policies that must be tracked. The ESP includes the counts of these policy settings in the status message that is displayed to the user. It also blocks ESP until all the policies are provisioned. The policy provider is expected to drive the status updates by updating the appropriate node values, which are then reflected in the ESP status message.
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/DevicePreparation**
+Required. This node is supported only in device context.
+Specifies the settings that ESP reads during the device preparation phase. These settings are used to orchestrate any setup activities prior to provisioning the device in the device setup phase of the ESP.
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders**
+Required. This node is supported only in device context.
+Indicates to the ESP that it should wait in the device preparation phase until all the policy providers have their InstallationState node set as 2 (NotRequired) or 3 (Completed).
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/_ProviderName_**
+Optional. This node is supported only in device context.
+Represents a policy provider for the ESP. The node should be given a unique name for the policy provider. Registration of a policy provider indicates to ESP that it should block in the device preparation phase until the provider sets its InstallationState node to 2 (NotRequired) or 3 (Completed). Once all the registered policy providers are marked as Completed or NotRequired, the ESP progresses to the device setup phase.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/InstallationState**
+Required. This node is supported only in device context.
+Communicates the policy provider installation state back to ESP.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is integer. Expected values are as follows:
+- 1 — NotInstalled
+- 2 — NotRequired
+- 3 — Completed
+- 4 — Error
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/LastError**
+Required. This node is supported only in device context.
+Represents the last error code during the application installation process. If a policy provider fails to install, it can optionally set an HRESULT error code that the ESP can display in an error message to the user. ESP reads this node only when the provider's InstallationState node is set to 4 (Error). This node must be set only by the policy provider, and not by the MDM server.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is integer.
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/Timeout**
+Optional. This node is supported only in device context.
+Represents the amount of time, in minutes, that the provider installation process can run before the ESP shows an error. Provider installation is complete when the InstallationState node is set to 2 (NotRequired) or 3 (Completed). If no timeout value is specified, ESP selects the default timeout value of 15 minutes.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is integer. The default is 15 minutes.
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes**
+Required. This node is supported only in device context.
+This node's children register which resource types the policy provider supports for provisioning. Only registered providers for a particular resource type will have their policies incorporated with ESP tracking message.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+**EnrollmentStatusTracking/DevicePreparation/PolicyProviders/*ProviderName*/TrackedResourceTypes/Apps**
+Required. This node is supported only in device context.
+This node specifies if the policy provider is registered for app provisioning.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is boolean. Expected values are as follows:
+- false — Indicates that the policy provider is not registered for app provisioning. This is the default.
+- true — Indicates that the policy provider is registered for app provisioning.
+
+**EnrollmentStatusTracking/Setup**
+Required. This node is supported in both user context and device context.
+Provides the settings that ESP reads during the account setup phase in the user context and device setup phase in the device context. Policy providers use this node to communicate progress status back to the ESP, which is then displayed to the user through progress messages.
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/Setup/Apps**
+Required. This node is supported in both user context and device context.
+Provides the settings to communicate to the ESP which app installations it should block on and provide progress in the status message to the user.
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**
+Required. This node is supported in both user context and device context.
+Specifies the app policy providers for this CSP. These are the policy providers the ESP should wait on before showing the tracking message with the status to the user.
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/Setup/Apps/PolicyProviders**/***ProviderName***
+Optional. This node is supported in both user context and device context.
+Represents an app policy provider for the ESP. Existence of this node indicates to the ESP that it should not show the tracking status message until the TrackingPoliciesCreated node has been set to true.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+**EnrollmentStatusTracking/Setup/Apps/PolicyProviders/*ProviderName*/TrackingPoliciesCreated**
+Required. This node is supported in both user context and device context.
+Indicates if the provider has created the required policies for the ESP to use for tracking app installation progress. The policy provider itself is expected to set the value of this node, not the MDM server.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is boolean. The expected values are as follows:
+- true — Indicates that the provider has created the required policies.
+- false — Indicates that the provider has not created the required policies. This is the default.
+
+**EnrollmentStatusTracking/Setup/Apps/Tracking**
+Required. This node is supported in both user context and device context.
+Root node for the app installations being tracked by the ESP.
+
+Scope is permanent. Supported operation is Get.
+
+**EnrollmentStatusTracking/Setup/Apps/Tracking/_ProviderName_**
+Optional. This node is supported in both user context and device context.
+Indicates the provider name responsible for installing the apps and providing status back to ESP.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/_AppName_**
+Optional. This node is supported in both user context and device context.
+Represents a unique name for the app whose progress should be tracked by the ESP. The policy provider can define any arbitrary app name as ESP does not use the app name directly.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/InstallationState**
+Optional. This node is supported in both user context and device context.
+Represents the installation state for the app. The policy providers (not the MDM server) must update this node for the ESP to track the installation progress and update the status message.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is integer. Expected values are as follows:
+- 1 — NotInstalled
+- 2 — InProgress
+- 3 — Completed
+- 4 — Error
+
+**EnrollmentStatusTracking/Setup/Apps/Tracking/*ProviderName*/*AppName*/RebootRequired**
+Optional. This node is supported in both user context and device context.
+Indicates if the app installation requires ESP to issue a reboot. The policy providers installing the app (not the MDM server) must set this node. If the policy providers do not set this node, the ESP will not reboot the device for the app installation.
+
+Scope is dynamic. Supported operations are Get, Add, Delete, and Replace.
+
+Value type is integer. Expected values are as follows:
+- 1 — NotRequired
+- 2 — SoftReboot
+- 3 — HardReboot
+
+**EnrollmentStatusTracking/Setup/HasProvisioningCompleted**
+Required. This node is supported in both user context and device context.
+ESP sets this node when it completes. Providers can query this node to determine if the ESP is showing, which allows them to determine if they still need to provide status updates for the ESP through this CSP.
+
+Scope is permanent. Supported operation is Get.
+
+Value type is boolean. Expected values are as follows:
+- true — Indicates that ESP has completed. This is the default.
+- false — Indicates that ESP is displayed, and provisioning is still going.
\ No newline at end of file
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index 755b31d58e..b809041a65 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -2,11 +2,13 @@
title: Enterprise app management
description: This topic covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
ms.assetid: 225DEE61-C3E3-4F75-BC79-5068759DFE99
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 09/22/2017
---
@@ -49,7 +51,7 @@ Inventory is specific to the package full name and lists bundled packs and resou
> **Note** On Windows 10 Mobile, XAP packages have the product ID in place of both the package family name and package full name.
-
+
Here are the nodes for each package full name:
- Name
@@ -76,7 +78,7 @@ Note that performing a full inventory of a device can be resource intensive on t
Here is an example of a query for all apps on the device.
-``` syntax
+```xml
1
@@ -90,7 +92,7 @@ Here is an example of a query for all apps on the device.
Here is an example of a query for a specific app for a user.
-``` syntax
+```xml
1
@@ -119,7 +121,7 @@ For detailed descriptions of each node, see [EnterpriseModernAppManagement CSP](
Here is an example of a query for all app licenses on a device.
-``` syntax
+```xml
1
@@ -133,7 +135,7 @@ Here is an example of a query for all app licenses on a device.
Here is an example of a query for all app licenses for a user.
-``` syntax
+```xml
1
@@ -159,7 +161,7 @@ For more information about the AllowAllTrustedApps policy, see [Policy CSP](poli
Here are some examples.
-``` syntax
+```xml
1
@@ -197,7 +199,7 @@ For more information about the AllowDeveloperUnlock policy, see [Policy CSP](pol
Here is an example.
-``` syntax
+```xml
1
@@ -242,7 +244,7 @@ Here are the requirements for this scenario:
Here are some examples.
-``` syntax
+```xml
1
@@ -279,7 +281,7 @@ In the SyncML, you need to specify the following information in the Exec command
Here is an example of an offline license installation.
-``` syntax
+```xml
1
@@ -301,19 +303,19 @@ If you purchased an app from the Store for Business and the app is specified for
Here are the requirements for this scenario:
-- The location of the app can be a local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_
-- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements.
-- The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled.
-- The user must be logged in, but association with AAD identity is not required.
+- The location of the app can be a local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_
+- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements.
+- The device does not need to have connectivity to the Microsoft Store, store services, or the have the Microsoft Store UI be enabled.
+- The user must be logged in, but association with AAD identity is not required.
> **Note** You must unlock the device to deploy nonStore apps or you must deploy the app license before deploying the offline apps. For details, see [Deploy an offline license to a user](#deploy-an-offline-license-to-a-user).
-
+
The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
Here is an example of a line-of-business app installation.
-``` syntax
+```xml
0
@@ -340,7 +342,7 @@ Here is an example of a line-of-business app installation.
Here is an example of an app installation with dependencies.
-``` syntax
+```xml
0
@@ -374,7 +376,7 @@ Here is an example of an app installation with dependencies.
Here is an example of an app installation with dependencies and optional packages.
-``` syntax
+```xml
0
@@ -418,25 +420,25 @@ Provisioning allows you to stage the app to the device and all users of the devi
Here are the requirements for this scenario:
-- The location of the app can be the local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_
-- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements.
-- The device does not need to have connectivity to the Microsoft Store, or store services enabled.
-- The device does not need any AAD identity or domain membership.
-- For nonStore app, your device must be unlocked.
-- For Store offline apps, the required licenses must be deployed prior to deploying the apps.
+- The location of the app can be the local files system (C:\\StagedApps\\app1.appx), a UNC path (\\\\server\\share\\app1.apx), or an HTTPS location (https://contoso.com/app1.appx\_
+- The user must have permission to access the content location. For HTTPs, you can use server authentication or certificate authentication using a certificate associated with the enrollment. HTTP locations are supported, but not recommended because of lack of authentication requirements.
+- The device does not need to have connectivity to the Microsoft Store, or store services enabled.
+- The device does not need any AAD identity or domain membership.
+- For nonStore app, your device must be unlocked.
+- For Store offline apps, the required licenses must be deployed prior to deploying the apps.
To provision app for all users of a device from a hosted location, the management server performs an Add and Exec command on the AppInstallation node in the device context. The Add command for the package family name is required to ensure proper removal of the app at unenrollment.
> **Note** When you remove the provisioned app, it will not remove it from the users that already installed the app.
-
+
Here is an example of app installation.
> **Note** This is only supported in Windows 10 for desktop editions.
-``` syntax
+```xml
0
@@ -473,7 +475,7 @@ Here is an example of app installation with dependencies.
> **Note** This is only supported in Windows 10 for desktop editions.
-``` syntax
+```xml
0
@@ -524,7 +526,7 @@ When an app is installed successfully, the node is cleaned up and no longer pres
Here is an example of a query for a specific app installation.
-``` syntax
+```xml
2
@@ -538,7 +540,7 @@ Here is an example of a query for a specific app installation.
Here is an example of a query for all app installations.
-``` syntax
+```xml
2
@@ -556,7 +558,7 @@ Application installations can take some time to complete, hence they are done as
Here is an example of an alert.
-``` syntax
+```xml
4
1226
@@ -592,7 +594,7 @@ To uninstall an app, you delete it under the origin node, package family name, a
Here is an example for uninstalling all versions of an app for a user.
-``` syntax
+```xml
1
@@ -606,7 +608,7 @@ Here is an example for uninstalling all versions of an app for a user.
Here is an example for uninstalling a specific version of the app for a user.
-``` syntax
+```xml
1
@@ -624,12 +626,12 @@ You can remove provisioned apps from a device for a specific version or for all
> **Note** You can only remove an app that has an inventory value IsProvisioned = 1.
-
+
Removing provisioned app occurs in the device context.
Here is an example for removing a provisioned app from a device.
-``` syntax
+```xml
1
@@ -643,7 +645,7 @@ Here is an example for removing a provisioned app from a device.
Here is an example for removing a specific version of a provisioned app from a device:
-``` syntax
+```xml
1
@@ -661,7 +663,7 @@ You can remove app licenses from a device per app based on the content ID.
Here is an example for removing an app license for a user.
-``` syntax
+```xml
1
@@ -675,7 +677,7 @@ Here is an example for removing an app license for a user.
Here is an example for removing an app license for a provisioned package (device context).
-``` syntax
+```xml
1
@@ -695,7 +697,7 @@ For user-based uninstallation, use ./User in the LocURI, and for provisioning, u
Here is an example. There is only one uninstall for hosted and store apps.
-``` syntax
+```xml
1226
@@ -721,7 +723,7 @@ To update an app from Microsoft Store, the device requires contact with the stor
Here is an example of an update scan.
-``` syntax
+```xml
1
@@ -735,7 +737,7 @@ Here is an example of an update scan.
Here is an example of a status check.
-``` syntax
+```xml
1
@@ -764,7 +766,7 @@ Turning off updates only applies to updates from the Microsoft Store at the devi
Here is an example.
-``` syntax
+```xml
1
@@ -793,7 +795,7 @@ You can install app on non-system volumes, such as a secondary partition or remo
Here is an example.
-``` syntax
+```xml
1
@@ -825,12 +827,12 @@ In Windows 10 Mobile IT administrators can set a policy to restrict user applic
> **Note** The feature is only for Windows 10 Mobile.
-
+
The RestrictAppDataToSystemVolume policy in [Policy CSP](policy-configuration-service-provider.md) enables you to restrict all user application data to stay on the system volume. When the policy is not configured or if it is disabled, and you move a package or when it is installed to a difference volume, then the user application data will moved to the same volume. You can set this policy to 0 (off, default) or 1.
Here is an example.
-``` syntax
+```xml
1
@@ -871,7 +873,7 @@ The valid values are 0 (off, default value) and 1 (on).
Here is an example.
-``` syntax
+```xml
1
@@ -897,7 +899,7 @@ Here is an example.
```
-
+
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index ecf0ae28ec..d2b3bddc1d 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -2,11 +2,13 @@
title: EnterpriseAPN CSP
description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
ms.assetid: E125F6A5-EE44-41B1-A8CC-DF295082E6B2
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 09/22/2017
---
@@ -15,7 +17,7 @@ ms.date: 09/22/2017
The EnterpriseAPN configuration service provider (CSP) is used by the enterprise to provision an APN for the Internet.
> [!Note]
-Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
+> Starting in Windows 10, version 1703 the EnterpriseAPN CSP is supported in Windows 10 Home, Pro, Enterprise, and Education editions.
The following image shows the EnterpriseAPN configuration service provider in tree format.
@@ -24,7 +26,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr
**EnterpriseAPN**
The root node for the EnterpriseAPN configuration service provider.
Name of the connection as seen by Windows Connection Manager.
Supported operations are Add, Get, Delete, and Replace.
@@ -50,7 +52,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr
Supported operations are Add, Get, Delete, and Replace.
**EnterpriseAPN/*ConnectionName*/ClassId**
-
GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM\_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.
+
GUID that defines the APN class to the modem. This is the same as the OEMConnectionId in CM_CellularEntries CSP. Normally this setting is not present. It is only required when IsAttachAPN is true and the attach APN is not only used as the Internet APN.
Supported operations are Add, Get, Delete, and Replace.
@@ -130,7 +132,7 @@ The following image shows the EnterpriseAPN configuration service provider in tr
## Examples
-``` syntax
+```xml
@@ -276,9 +278,9 @@ atomicZ
[Configuration service provider reference](configuration-service-provider-reference.md)
-
+
-
+
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index ebd171a390..319356f336 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -2,11 +2,13 @@
title: EnterpriseAPN DDF
description: EnterpriseAPN DDF
ms.assetid: A953ADEF-4523-425F-926C-48DA62EB9E21
-ms.author: maricia
+ms.reviewer:
+manager: dansimp
+ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: manikadhiman
ms.date: 12/05/2017
---
@@ -20,13 +22,13 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
The content below are the different versions of the DDF for this CSP.
-- [EnterpriseAPN CSP version 1.0 DDF](#enterpriseapn-csp-version-1-0-ddf)
-- [EnterpriseAPN CSP version 1.1 DDF](#enterpriseapn-csp-version-1-1-ddf)
-- [EnterpriseAPN CSP version 1.2 DDF](#enterpriseapn-csp-version-1-2-ddf)
+- [EnterpriseAPN CSP version 1.0 DDF](#enterpriseapn-csp-version-10-ddf)
+- [EnterpriseAPN CSP version 1.1 DDF](#enterpriseapn-csp-version-11-ddf)
+- [EnterpriseAPN CSP version 1.2 DDF](#enterpriseapn-csp-version-12-ddf)
-### EnterpriseAPN CSP version 1.0 DDF
+### EnterpriseAPN CSP version 1.0 DDF
-``` syntax
+```xml
```
-### EnterpriseAPN CSP version 1.1 DDF
+### EnterpriseAPN CSP version 1.1 DDF
-``` syntax
+```xml
```
-### EnterpriseAPN CSP version 1.2 DDF
+### EnterpriseAPN CSP version 1.2 DDF
-``` syntax
+```xml
**Note** The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile.
-
+
The following diagram shows the EnterpriseAppManagement configuration service provider in tree format.
@@ -55,7 +57,7 @@ Supported operations are Get and Add.
> **Note** Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00
-
+
***EnterpriseID*/Status**
Required. The integer value that indicates the current status of the application enrollment. Valid values are 0 (ENABLED), 1 (INSTALL\_DISABLED), 2 (REVOKED), and 3 (INVALID). Scope is dynamic.
@@ -77,7 +79,7 @@ Required. The root node for individual enterprise application inventory settings
Supported operation is Get.
-**/Inventory/****_ProductID_**
+**/Inventory/***ProductID*
Optional. A node that contains s single enterprise application product ID in GUID format. Scope is dynamic.
Supported operation is Get.
@@ -107,7 +109,7 @@ Required. This node groups application download-related parameters. The enterpri
Supported operation is Get.
-**/Download/****_ProductID_**
+**/Download/***ProductID*
Optional. This node contains the GUID for the installed enterprise application. Each installed application has a unique ID. Scope is dynamic.
Supported operations are Get, Add, and Replace.
@@ -166,12 +168,12 @@ Required. The integer value that indicates the status of the current download pr
7:DOWNLOAD_FAILED
-
Unable to connect to server, file doesn't exist, etc.
+
Unable to connect to server, file doesn't exist, etc.
-
+
Scope is dynamic. Supported operations are Get, Add, and Replace.
@@ -207,7 +209,7 @@ The Microsoft Store application has a GUID of d5dc1ebb-a7f1-df11-9264-00237de2db
Use the following SyncML format to query to see if the application is installed on a managed device:
-``` syntax
+```xml
1
@@ -220,7 +222,7 @@ Use the following SyncML format to query to see if the application is installed
Response from the device (it contains list of subnodes if this app is installed in the device).
-``` syntax
+```xml
31
@@ -264,7 +266,7 @@ The value actually applied to the device can be queried via the nodes under the
Enroll enterprise ID “4000000001” for the first time:
-``` syntax
+```xml
2
@@ -291,7 +293,7 @@ Enroll enterprise ID “4000000001” for the first time:
Update the enrollment token (for example, to update an expired application enrollment token):
-``` syntax
+```xml
2
@@ -308,7 +310,7 @@ Update the enrollment token (for example, to update an expired application enrol
Query all installed applications that belong to enterprise id “4000000001”:
-``` syntax
+```xml
2
@@ -323,7 +325,7 @@ Query all installed applications that belong to enterprise id “4000000001”:
Response from the device (that contains two installed applications):
-``` syntax
+```xml
31
@@ -436,13 +438,13 @@ Install or update the installed app with the product ID “{B316008A-141D-4A79-8
To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog.
> **Note**
-1. If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation).
+> 1. If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation).
-2. The application product ID curly braces need to be escaped where { is %7B and } is %7D.
+2. The application product ID curly braces need to be escaped where { is %7B and } is %7D.
-
+
-``` syntax
+```xml
2Large
@@ -121,7 +123,7 @@ Folder example:
```
An application that belongs in the folder would add an optional attribute **ParentFolderId**, which maps to **folderId** of the folder. In this case, the location of this application will be located inside the folder.
-``` syntax
+```xml
Medium
@@ -250,7 +252,7 @@ For example, in place of SettingPageDisplay, you would use ms-settings:display.
Here is an example for Windows 10, version 1703.
-``` syntax
+```xml
@@ -266,7 +268,7 @@ Here is an example for Windows 10, version 1703.
Starting in Windows 10, version 1511, you can specify the following quick action settings in the lockdown XML file. The following list shows the quick action settings and settings page dependencies (group and page).
-> [!Note]
+> [!NOTE]
> Only Windows 10, versions 1511 and 1607, the dependent settings group and pages are automatically added when the quick action item is specified in the lockdown XML. In Windows 10, version 1703, Quick action settings no longer require any dependencies from related group or page.
@@ -325,14 +327,14 @@ Starting in Windows 10, version 1703, Quick action settings no longer require an
In this example, all settings pages and quick action settings are allowed. An empty \ node indicates that none of the settings are blocked.
-``` syntax
+```xml
```
In this example for Windows 10, version 1511, all System setting pages are enabled. Note that the System page group is added as well as all of the System subpage names.
-``` syntax
+```xml
@@ -348,7 +350,7 @@ In this example for Windows 10, version 1511, all System setting pages are ena
```
Here is an example for Windows 10, version 1703.
-``` syntax
+```xml
@@ -374,13 +376,13 @@ Buttons | The following list identifies the hardware buttons on the device that
Custom3
-> [!Note]
+> [!NOTE]
> Lock down of the Start button only prevents the press and hold event.
>
> Custom buttons are hardware buttons that can be added to devices by OEMs.
Buttons example:
-``` syntax
+```xml
@@ -398,14 +400,14 @@ Buttons example:
```
The Search and custom buttons can be remapped or configured to open a specific application. Button remapping takes effect for the device and applies to all users.
-> [!Note]
+> [!NOTE]
> The lockdown settings for a button, per user role, will apply regardless of the button mapping.
>
> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
-``` syntax
+```xml
Browse to and select the enterprise license file to upgrade the HoloLens edition.You can also toggle Yes or No to hide parts of the first experience.To set up the device without the need to connect to a Wi-Fi network, toggle Skip Wi-Fi setup to On.Select a region and timezone in which the device will be used. 
In this section, you can enter the details of the Wi-Fi wireless network that the device should connect to automatically. To do this, select On, enter the SSID, the network type (Open or WPA2-Personal), and (if WPA2-Personal) the password for the wireless network.
You can enroll the device in Azure Active Directory, or create a local account on the deviceBefore you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, 
To provision the device with a certificate, click Add a certificate. Enter a name for the certificate, and then browse to and select the certificate to be used.
Toggle Yes or No to enable Developer Mode on the HoloLens. 
Do not set a password to protect your provisioning package. If the provisioning package is protected by a password, provisioning the HoloLens device will fail.
+ 
+ 
+ 
+ 
+ 
+ 
Toggle Yes or No for proxy settings. The default configuration for Surface Hub is to automatically detect proxy settings, so you can select No if that is the setting that you want. However, if your infrastructure previously required using a proxy server and has changed to not require a proxy server, you can use a provisioning package to revert your Surface Hub devices to the default settings by selecting Yes and Automatically detect settings. If you toggle Yes, you can select to automatically detect proxy settings, or you can manually configure the settings by entering a URL to a setup script, or a static proxy server address. You can also identify whether to use the proxy server for local addresses, and enter exceptions (addresses that Surface Hub should connect to directly without using the proxy server). 
You can enroll the device in Active Directory and specify a security group to use the Settings app, enroll in Azure Active Directory to allow global admins to use the Settings app, or create a local administrator account on the device.To enroll the device in Active Directory, enter the credentials for a least-privileged user account to join the device to the domain, and specify the security group to have admin credentials on Surface Hub. If a provisioning package that enrolls a device in Active Directory is going to be applied to a Surface Hub that was reset, the same domain account can only be used if the account listed is a domain administrator or is the same account that set up the Surface Hub initially. Otherwise, a different domain account must be used in the provisioning package.Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, 
Toggle Yes or No for enrollment in MDM. If you toggle Yes, you must provide a service account and password or certificate thumbprint that is authorized to enroll the device, and also specify the authentication type. If required by your MDM provider, also enter the URLs for the discovery service, enrollment service, and policy service. 
You can install multiple Universal Windows Platform (UWP) apps in a provisioning package. For help with the settings, see 
You don't configure any settings in this step. It provides instructions for including a configuration file that contains a list of device accounts. The configuration file must not contain column headers. When you apply the provisioning package to Surface Hub, if a Surface Hub configuration file is included on the USB drive, you can select the account and friendly name for the device from the file. See 
+ ++
+ ++
+ ++
+
+ 
+
+ 
+
+ 
