diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index c1e7bc502b..96e3566542 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -466,8 +466,7 @@
   "branches_to_filter": [
     ""
   ],
-  "git_repository_url_open_to_public_contributors": "https://github.com/MicrosoftDocs/windows-itpro-docs",
-  "git_repository_branch_open_to_public_contributors": "master",
+  "git_repository_url_open_to_public_contributors": "https://cpubwin.visualstudio.com/_git/it-client",
   "skip_source_output_uploading": false,
   "need_preview_pull_request": true,
   "resolve_user_profile_using_github": true,
diff --git a/bcs/TOC.md b/bcs/TOC.md
index ec9e79cbfc..1b161ed802 100644
--- a/bcs/TOC.md
+++ b/bcs/TOC.md
@@ -1 +1,4 @@
-# [Microsoft 365 Business FAQ](support/microsoft-365-business-faqs.md)
\ No newline at end of file
+# [Microsoft 365 Business documentation and resources](index.md)
+# [Support]()
+## [Microsoft 365 Business FAQ](support/microsoft-365-business-faqs.md)
+## [Transition a Microsoft 365 Business CSP subscription](support/transition-csp-subscription.md)
\ No newline at end of file
diff --git a/bcs/index.md b/bcs/index.md
index a3e8fd2ef9..dd287d45da 100644
--- a/bcs/index.md
+++ b/bcs/index.md
@@ -680,7 +680,26 @@ description: Learn about the product documentation and resources available for M
                                         </div>
                                     </div>
                                 </a>
-                            </li> 
+                            </li>
+                            <li>
+                                <a href="support/transition-csp-subscription.md" target="_blank">
+                                    <div class="cardSize">
+                                        <div class="cardPadding">
+                                            <div class="card">
+                                                <div class="cardImageOuter">
+                                                    <div class="cardImage bgdAccent1">
+                                                        <img src="images/bcs-partner-advanced-management- billing-7.svg" alt="Billing" />
+                                                    </div>
+                                                </div>
+                                                <div class="cardText">
+                                                    <h3>Transition a Microsoft 365 Business CSP subscription</h3>
+                                                    <p>Find out how you can transition a Microsoft 365 Business CSP subscription from preview to GA.</p>
+                                                </div>
+                                            </div>
+                                        </div>
+                                    </div>
+                                </a>
+                            </li>
                             <!-- placeholder
                             <li>
                                 <a href="#">
diff --git a/bcs/support/images/pc_customer_m365bpreview_suspend.png b/bcs/support/images/pc_customer_m365bpreview_suspend.png
new file mode 100644
index 0000000000..7017cf8105
Binary files /dev/null and b/bcs/support/images/pc_customer_m365bpreview_suspend.png differ
diff --git a/bcs/support/images/pc_customer_m365bpreview_suspend_confirm.png b/bcs/support/images/pc_customer_m365bpreview_suspend_confirm.png
new file mode 100644
index 0000000000..f44337889b
Binary files /dev/null and b/bcs/support/images/pc_customer_m365bpreview_suspend_confirm.png differ
diff --git a/bcs/support/images/pc_customer_reviewnewsubscription.png b/bcs/support/images/pc_customer_reviewnewsubscription.png
new file mode 100644
index 0000000000..6f67c31383
Binary files /dev/null and b/bcs/support/images/pc_customer_reviewnewsubscription.png differ
diff --git a/bcs/support/images/pc_customer_subscriptions.PNG b/bcs/support/images/pc_customer_subscriptions.PNG
new file mode 100644
index 0000000000..77fba8ef8b
Binary files /dev/null and b/bcs/support/images/pc_customer_subscriptions.PNG differ
diff --git a/bcs/support/images/pc_customer_subscriptions_1.png b/bcs/support/images/pc_customer_subscriptions_1.png
new file mode 100644
index 0000000000..fc27c2c26c
Binary files /dev/null and b/bcs/support/images/pc_customer_subscriptions_1.png differ
diff --git a/bcs/support/images/pc_customer_userslicenses_m365b_validate.png b/bcs/support/images/pc_customer_userslicenses_m365b_validate.png
new file mode 100644
index 0000000000..1af38b82af
Binary files /dev/null and b/bcs/support/images/pc_customer_userslicenses_m365b_validate.png differ
diff --git a/bcs/support/microsoft-365-business-faqs.md b/bcs/support/microsoft-365-business-faqs.md
index 000227321c..f1d4a9918c 100644
--- a/bcs/support/microsoft-365-business-faqs.md
+++ b/bcs/support/microsoft-365-business-faqs.md
@@ -7,329 +7,180 @@ ms.topic: article 
 ms.prod: microsoft-365-business
 ms.localizationpriority: high
 audience: microsoft-business 
-keywords: Microsoft 365 Business, Microsoft 365, SMB, FAQ, frequently asked questions, answers
-ms.date: 08/04/2017
+keywords: Microsoft 365 Business, Microsoft 365, SMB, FAQ, frequently asked questions, answers, business
+ms.date: 11/01/2017
 ---
 
 
 # Microsoft 365 Business Frequently Asked Questions
 
-## Introduction
+## General
 
-What is Microsoft 365 Business? 
---------------------------------
+### What is Microsoft 365 Business? 
+Microsoft 365 is an integrated solution that brings together best-in-class productivity tools, security and device management capabilities for small to medium-sized businesses. 
 
-Microsoft 365 Business is a new solution designed for small and midsize businesses (SMB), bringing together the best-in-class productivity and collaboration capabilities of Office 365 with device management and security solutions to safeguard business data.
+**A holistic set of business productivity and collaboration tools** 
+* Word, Excel, PowerPoint, Outlook, OneNote, Publisher, and Access 
+* Exchange, OneDrive, Skype for Business, Microsoft Teams, SharePoint 
+* Business apps from Office (Bookings, Outlook Customer Manager, MileIQ<sup>[1](#footnote1)</sup>, Microsoft Listings<sup>[1](#footnote1)</sup>, Microsoft Connections<sup>[1](#footnote1)</sup>, Microsoft Invoicing<sup>[1](#footnote1)</sup>) 
+ 
+**Enterprise-grade device management and security capabilities** 
+* App protection for Office mobile apps 
+* Device management for Windows 10 PCs 
+* Consistent security configuration across devices 
+* Protection of company data across devices 
+* Windows Defender, always-on and up-to-date 
+ 
+**Simplified device deployment and user setup** 
+* Single admin console to setup and manage users and devices 
+* Auto-installation of Office apps on Windows 10 PCs 
+* Always up-to-date Office + Windows 10 
+* Streamlined deployment of PCs with Windows AutoPilot
 
-Microsoft 365 Business enables you to:
+### Who should consider adopting Microsoft 365 Business? 
+Microsoft 365 Business was built for small and medium-sized customers that have little to no IT resources on staff and want best-in-class productivity and collaboration capabilities of Office 365 together with device management and security solutions that safeguard business data. The Microsoft 365 Business customer is ready to move their IT operations to the cloud and is interested in maintaining a proactive stance to help protect data on both company and employee-owned devices.
 
--   **Create your best with tools like** Word, Excel, PowerPoint, Outlook, OneNote and Access.
--   **Be productive from anywhere,** with business-class email from Outlook and access to cloud files with OneDrive for Business.
--   **Conduct online meetings and get instant messaging** with Skype for Business.
--   **Collaborate in real time with the chat-based workspace** Microsoft Teams.
--   **Safeguard your business** by enforcing malware protection for Windows devices, with Windows Defender.
--   **Help protect your data and intellectual property** with App Protection for Office mobile apps on iOS and Android devices, and
-    Mobile Device Management (MDM) for Windows 10 PCs.
--   **Save time and be protected** with consistent configuration across newly deployed PCs running Windows 10 Business and auto deployment
-    of Office 365 apps, provided by Windows AutoPilot.
--   **Be secured and always up to date** with Office 365 updates and Windows 10.
--   **Simply manage technology costs** in one subscription, with simple per user, per month pricing.
+### How can I get Microsoft 365 Business for my business? 
+Microsoft 365 Business may be purchased through a <a href="https://www.microsoft.com/solution-providers/search" target="_blank">Microsoft Partner</a> or directly from <a href="https://www.microsoft.com//microsoft-365/business" target="_blank">Microsoft</a>. In choosing whether to purchase directly from Microsoft or via a Microsoft Partner, you should consider your on-staff capability and desire to maintain an IT infrastructure. A Microsoft Partner can help you deploy and manage your IT infrastructure including Microsoft solutions.
 
-Where can I find out more about Microsoft 365 Business? 
---------------------------------------------------------
+### How much does Microsoft 365 Business cost? 
+Microsoft 365 Business is offered at USD$20.00 user/month based on an _annual contract_ if purchased directly from Microsoft. When purchased through a Microsoft Partner, pricing can vary based on the services the partner provides and their pricing model for Microsoft 365 Business. There are no planned pricing discounts for government, education or non-profit organizations. 
 
-Customers and partners can visit [https://www.microsoft.com/microsoft-365/business](https://www.microsoft.com/microsoft-365/business) where they can sign up to see a demo of Microsoft 365 Business in
-action. The preview will be accessible from the web site on August 2, 2017.
+### Is there a cap to how many Microsoft 365 Business seats a customer can have? 
+Microsoft 365 Business was designed for small to medium sized businesses with low to medium IT complexity requirements. Customers may purchase up to 300 Microsoft 365 Business licenses for their organization. Customers can mix and match cloud subscriptions; as a result, depending on their organization’s IT requirements, customers may add Microsoft 365 Enterprise licenses to the same account. 
+ 
+When considering an environment consisting of multiple subscription types, customers should work with their trusted IT advisors to determine how best to manage and secure the various subscriptions as Microsoft 365 Business and Microsoft 365 Enterprise use different capabilities to secure and manage applications and data.
 
-Who should consider adopting Microsoft 365 Business? 
------------------------------------------------------
+### Can I combine Microsoft 365 Business with other Microsoft subscription offerings? 
+Yes, customers can combine their Microsoft 365 Business subscriptions with plans and add-ons from Azure, Dynamics 365, Enterprise Mobility + Security, and Office 365.
 
-Microsoft 365 Business was built for small and midsize customers that have little to no IT resources on staff and want best-in-class productivity and collaboration capabilities of Office 365 together with
-device management and security solutions that safeguard business data.
+### Is everyone in my business required to have a Microsoft 365 Business subscription? 
+No, not everyone needs a Microsoft 365 Business subscription, although the security and management benefits are available only to those users with devices managed with a Microsoft 365 Business subscription. 
+ 
+Standardizing an IT environment serves to help reduce maintenance and security costs over time and is a state that businesses should strive to attain. However, we recognize that some small and medium size customers update their software primarily when they upgrade their hardware, over an extended period. Businesses can deploy Microsoft 365 Business to part of their organization, but for best protection of sensitive business data and consistent collaboration experiences, deployment to all users is recommended.
 
-How can I get Microsoft 365 Business for my business? 
-------------------------------------------------------
+### How can I know if the hardware and software I run today is compatible with Microsoft 365 Business? 
+If the hardware you run today runs Windows 7 Pro or later, it likely meets the minimum requirements for Microsoft 365 Business. Certain Windows 10 features such as Cortana, Windows Hello and multitouch require specific hardware that is only available on newer PCs. See the <a href="https://www.microsoft.com/windows/windows-10-specifications" target="_blank">Windows 10 Pro system requirements</a> for additional details. 
+ 
+Existing desktop (Win32) application compatibility is strong in Windows 10, with most existing applications working without any changes. Customers and their trusted IT advisors should read the recommended application testing process for <a href="https://docs.microsoft.com/windows/deployment/planning/windows-10-compatibility#recommended-application-testing-process" target="_blank">Windows 10 compatibility</a> and review the <a href="https://products.office.com/office-system-requirements#subscription-plans-section" target="_blank">Office system requirements</a> to ensure a smooth transition to Microsoft 365 Business. 
 
-Microsoft 365 Business may be purchased through a [Microsoft Partner](https://partnercenter.microsoft.com/en-us/pcv/search) or directly from
-[Microsoft](https://www.microsoft.com/microsoft-365/business). In choosing whether to purchase directly from Microsoft or via a Microsoft Partner, you should consider your on-staff capability and desire to
-maintain an IT infrastructure. A Microsoft Partner can help you deploy and manage your IT infrastructure including Microsoft solutions.
+### What is Windows 10 Business? 
+Windows 10 Business is a set of cloud-services and device management capabilities that complement Windows 10 Pro and enable the centralized management and security controls of Microsoft 365 Business. Windows 10 Business also comes with Windows AutoPilot, a service that streamlines the deployment of new Windows 10 PCs. If you have devices that are licensed for Windows 7, 8 and 8.1 Professional, Microsoft 365 Business provides an upgrade to Windows 10 Pro which is the prerequisite for deploying Windows 10 Business. 
 
-How much will Microsoft 365 Business cost? 
--------------------------------------------
+### How does Microsoft 365 Business help support our Bring Your Own Device (BYOD) policy? 
+Many employees prefer to use their own mobile phones or tablets to access personal and work information rather than carrying multiple devices for each purpose. The use of personal devices for work, while commonplace, increases the risk that business information could end up in the wrong hands. Many competing mobile data protection solutions require users to switch to a specific mode on their device or use another complex mechanism that users may find intrusive and therefore avoid using. 
+ 
+Microsoft 365 Business offers customers a simple but powerful means of enabling employees to use their personal devices for work while providing the business with the ability to prevent those devices from accessing, retaining and/or sharing business information. More specifically: 
+* **App Protection for Office mobile apps** helps protect Office data, including email, calendar, contacts, and documents on iOS and Android mobile devices, by enforcing policies such as automatically deleting business data after a prescribed amount of time of not connecting to the service, requiring that information is stored only to OneDrive for Business, requiring a PIN/fingerprint verification to access Office apps, and preventing company data from being copied from an Office app into personal apps. 
+* **Device Management for Windows 10 PCs** allows businesses to choose to set and enforce capabilities such as Windows Defender protection for malware, automatic updates, and turning off screens after a prescribed amount of time. In addition, lost or stolen Windows 10 devices can be completely wiped of business applications and data through the Admin center. 
 
-Microsoft 365 Business will be offered at USD\$20.00/mo./user based on an annual contract if purchased directly from Microsoft. When purchased through a Microsoft Partner, pricing can vary based on the services the
-partner provides and their pricing model for Microsoft 365 Business. There are no planned pricing discounts for government, education or non-profit organizations.
-
-How are customers billed for Microsoft 365 Business subscriptions? 
--------------------------------------------------------------------
-
-When Microsoft 365 Business is purchased via a Microsoft Partner, the bill will come from that Partner and may include additional products and services outside of the subscription pricing. When purchased directly
-from Microsoft, the customer is billed by Microsoft.
-
-Is there a cap to how many Microsoft 365 Business seats a customer can have? 
------------------------------------------------------------------------------
-
-Microsoft 365 Business was designed for small to medium sized businesses with low to medium IT complexity requirements. Customers may purchase up to 300 Microsoft 365 Business licenses for their organization. Depending
-on their organization’s IT requirements, they may add Microsoft 365 Enterprise licenses to the same environment.
-
-When considering an environment consisting of multiple subscription types, customers should work with their trusted IT advisors to determine how best to manage and secure the various subscriptions as Microsoft 365
-Business and Microsoft 365 Enterprise use different capabilities to secure and manage applications and data.
-
-Can I combine Microsoft 365 Business with other Microsoft subscription offerings? 
-----------------------------------------------------------------------------------
-
-Yes, customers can combine their Microsoft 365 Business subscriptions with plans and add-ons from Azure, Dynamics and Office 365.
-
-Does everyone in my business required to have a Microsoft 365 Business subscription? 
--------------------------------------------------------------------------------------
-
-No, not everyone needs a Microsoft 365 Business subscription, although the security and management benefits are available only to those users with devices managed with a Microsoft 365 Business subscription.
-
-Standardizing an IT environment serves to help reduce maintenance and security costs over time and is a state that businesses should strive to attain. However, we recognize that some small and medium size customers
-update their software primarily when they upgrade their hardware, over an extended period of time. Businesses can deploy Microsoft 365 Business to part of their organization, but for best protection of sensitive
-business data and consistent collaboration experiences, deployment to all users is recommended.
-
-How can I know if the hardware and software I run today is compatible with Microsoft 365 Business? 
----------------------------------------------------------------------------------------------------
-
-If the hardware you run today runs Windows 7 Professional or later, it likely meets the minimum requirements for Microsoft 365 Business.
-Certain Windows 10 features such as Cortana, Windows Hello and multi-touch require specific hardware that is only available on newer PCs. See the [Windows 10 Pro system
-requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications) for additional details.
-
-Existing desktop (Win32) application compatibility is strong in Windows 10, with most existing applications working without any changes. Customers and their trusted IT advisors should read the recommended
-application testing process for [Windows 10 compatibility](https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-compatibility#recommended-application-testing-process)
-and review the [Office system requirements](https://products.office.com/en-us/office-system-requirements#subscription-plans-section) to ensure a smooth transition to Microsoft 365 Business.
-
-What is Windows 10 Business? 
------------------------------
-
-Windows 10 Business is a set of cloud-services and device management capabilities that complement Windows 10 Pro and enable the centralized management and security controls of Microsoft 365 Business. Windows 10 Business also comes with Windows AutoPilot, a service that streamlines the deployment of new Windows 10 PCs. If you have devices that are licensed for Windows 7, 8 and 8.1 Professional, Microsoft 365 Business provides an upgrade to Windows 10 Pro which is the prerequisite for deploying Windows 10 Business.
-
-How does Microsoft 365 Business help support my company’s Bring Your Own Device (BYOD) policy? 
------------------------------------------------------------------------------------------------
-
-Many employees prefer to use their own mobile phones or tablets to access personal and work information rather than carrying multiple devices for each purpose. The use of personal devices for work, while commonplace, increases the risk that business information could end up in the wrong hands. Many competing mobile data protection solutions require users to switch to a specific mode on their device or use another complex mechanism that users may find intrusive and therefore avoid using.
-
-Microsoft 365 Business offers customers a simple but powerful means of enabling employees to use their personal devices for work while providing the business with the ability to prevent those devices from accessing, retaining and/or sharing business information. More specifically:
-
--   **App Protection for Office mobile** helps **apps** protect Office data, including email, calendar, contacts, and documents on iOS and Android mobile devices, by enforcing policies such as automatically deleting business data after a prescribed amount of time of not connecting to the service, requiring that information is stored only to OneDrive for Business, requiring a PIN/fingerprint verification to access Office apps, and preventing company data from being copied from an Office app into personal apps.
--   **Mobile Device Management** (MDM) for Windows 10 devices allows businesses to choose to set and enforce capabilities such as Windows Defender protection for malware, automatic updates, and turning off screens after a prescribed amount of time. In addition, lost or stolen Windows 10 devices can be completely wiped of business applications and data through the Admin center.
-
-How does Microsoft 365 Business help protect PCs in my organization from malicious attacks? 
---------------------------------------------------------------------------------------------
-
-PCs managed with Microsoft 365 Business are protected with Windows Defender, which is the No. 1 antivirus feature on Windows 10, protecting more computers against viruses, malware, spyware, and other threats than
-any other solution. With Microsoft 365 Business, businesses can ensure Windows Defender protection is running and always up to date on all their Windows 10 devices.
+### How does Microsoft 365 Business help protect PCs in my organization from malicious attacks? 
+PCs managed with Microsoft 365 Business are protected with Windows Defender, which is the No. 1 antivirus feature on Windows 10, protecting more computers against viruses, malware, spyware, and other threats than any other solution. With Microsoft 365 Business, businesses can ensure Windows Defender protection is running and always up to date on all their Windows 10 devices
 
 ### What's the difference between Office 365 Business Premium, Microsoft 365 Business and Microsoft 365 Enterprise? 
-
-Microsoft has a variety of productivity and security management offerings that small to medium-sized customers may consider when upgrading their desktop and device infrastructure, each bringing increasingly powerful features and functionality.
+Microsoft has a variety of productivity and security management offerings that small to medium-sized customers may consider when upgrading their desktop and device infrastructure, each bringing increasingly powerful features and functionality. 
 
 **Office 365 Business Premium** delivers best-in-class productivity with Office 365 apps and services but does not include the application protection and device management capabilities of Microsoft 365 Business.
 
-**Microsoft 365 Business** combines Office 365 apps and services with mobile application management and Windows 10 Pro to enable remote management and help protect devices against viruses and malware. It includes a simplified management console through which device and data policies may be administered. Many small to midsize businesses can be best served with Microsoft 365 Business, although those in highly regulated industries may require more advanced functionality provided by Microsoft 365 Enterprise plans (E3 and E5).
-
+**Microsoft 365 Business** combines Office 365 apps and services with mobile application management and Windows 10 Pro to enable remote management and help protect devices against viruses and malware. It includes a simplified management console through which device and data policies may be administered. Many small to medium-sized businesses can be best served with Microsoft 365 Business, although those in highly regulated industries may require more advanced functionality provided by Microsoft 365 Enterprise plans (E3 and E5). 
+ 
 **Microsoft 365 Enterprise** is a set of licensing plans that offer increased levels of mobility and security management over Microsoft 365 Business and are designed for enterprise customers and those customers that are required or regulated to provide the highest level of protection for their data. In addition, Microsoft 365 Business plans provide additional functionality including business intelligence and analytics tools.
 
-Can I switch my Office 365 plan to Microsoft 365 Business? 
------------------------------------------------------------
+### Can I switch my Office 365 plan to Microsoft 365 Business? 
+Yes, customers may switch their plans from a qualifying Office 365 plan to Microsoft 365 Business. Depending on the customer’s current plan there may be a decrease or increase in monthly charges.
 
-Yes, customers may switch their plans from a qualifying Office 365 plan to Microsoft 365 Business is generally available. Depending on the customer’s current plan there may be a decrease or increase in monthly charges.
+### In what regions is Microsoft 365 Business available? 
+The Microsoft 365 Business will be available to all partners and customers where Office 365 is available. See the list of <a href="https://products.office.com/business/international-availability" target="_blank">Office 365 international availability for languages, countries and regions</a>. 
 
-In what regions will Microsoft 365 Business be available? 
-----------------------------------------------------------
+### Is there a Microsoft 365 Business trial I may use to evaluate the offer? 
+A Microsoft 365 Business trial will be available later this year both for direct customers and for CSPs. 
+ 
+### What should customers and partners know before running Microsoft 365 Business within their organization? 
+Customers that wish to experience the complete capabilities of Microsoft 365 Business must be running Windows 7, 8.1 or 10 Pro<sup>[2](#footnote2)</sup> on their existing desktops. Customers who use on-premises Active Directory to enable login to PCs will switch devices over cloud identity and management as part of their deployment. Existing Windows 10 Pro PCs should be running Creators Update if they have not already done so. 
 
-The Microsoft 365 Business will be available to all partners and customers where Office 365 is available. [See the list of Office 365 international availability for languages, countries and regions](https://products.office.com/en-us/business/international-availability).
+## Deployment
 
-## Public Preview 
+### What should customers consider when planning a Microsoft 365 Business deployment? 
+The most direct path to a successful Microsoft 365 Business deployment is to engage with a Microsoft Partner. They have extensive training and experience with a wide variety of customer scenarios and are best equipped to understand your environment and needs. Customers that have experienced IT on staff can use the <a href="https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364" target="_blank">Microsoft 365 Business Getting Started</a> to assist them in their Microsoft 365 Business deployment. 
 
-Who has access to the Microsoft 365 Business preview? 
-------------------------------------------------------
+### Does Microsoft 365 Business include the full capabilities of Microsoft Intune? 
+Microsoft 365 Business includes a robust set of mobile app management capabilities powered by Microsoft’s MDM solution (Microsoft Intune). These are a subset of features, specifically chosen to meet the needs of SMBs and organized to be easily managed via a simplified administration experience. If a company requires the full capabilities of Intune, they can purchase a qualifying plan separately. 
 
-The Microsoft 365 Business preview is available to new customers as well as existing Office 365 subscribers in all [markets where Office 365 is currently available](https://products.office.com/en-us/business/international-availability).
+### Does Azure Active Directory P1 come with Microsoft 365 Business? 
+Microsoft 365 Business is built on technology from across Microsoft and while it shares some features with Azure Active Directory, it is not a full version. The security and management policies created in Microsoft 365 Business rely on some Azure functionality but does not include all features (e.g. selfservice features, conditional access features, and reporting). Customers may choose to purchase Azure Active Directory Premium as an add-on to Microsoft 365 Business. 
+ 
+### Does Microsoft 365 Business allow customers to manage Macs? 
+The security and management capabilities of Microsoft 365 Business pertain to iOS and Android mobile and tablet devices, and Windows PCs. 
+ 
+### What is Windows AutoPilot? 
+Windows AutoPilot is a service that streamlines the deployment of new Windows 10 PCs. This process can be done when the end-user logs on to Microsoft 365 Business for the first time—without IT ever touching the device—by leveraging centralized management controls of Microsoft 365 Business. You can also use Windows AutoPilot for existing PCs that are running Windows 10 Professional Creators Update (or later) and have been factory reset. Details about Windows AutoPilot can be found in <a href="https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/" target="_blank">this June blog post</a>.
 
-I’m an existing Office 365 customer. Can I access the Microsoft 365 Business preview? 
--------------------------------------------------------------------------------------
+## Compatibility
 
-Microsoft 365 Business can be used with existing Office 365 Business Premium subscriptions. Office 365 Business Premium subscribers that move to Microsoft 365 Business would not experience any end-user impacts (re-install Office, lose functionality, etc) upon assignment of the license. Customers running Office 365 Enterprise E3/E5 may experience end user impacts if they move to Microsoft 365 Business, it is not a recommended transition path at this time.
-
-When will Microsoft 365 Business preview be available? 
--------------------------------------------------------
-
-The Microsoft 365 Business preview will be available starting on August 2, 2017.
-
-In what regions is the Microsoft 365 Business preview available? 
------------------------------------------------------------------
-
-The Microsoft 365 Business preview is available to all partners and customers where Office 365 is available. [See the list of Office 365 international availability for languages, countries and regions](https://products.office.com/en-us/business/international-availability).
-
-When will Microsoft 365 Business be generally available? 
----------------------------------------------------------
-
-Microsoft 365 Business is expected to be generally available toward the end of the calendar year.
-
-Is there a limit to how many users can experience the preview? 
----------------------------------------------------------------
-
-Each organization can up to 300 users on Microsoft 365 Business during the preview.
-
-What should customers and partners know before running Microsoft 365 Business within their organization? 
----------------------------------------------------------------------------------------------------------
-
-Customers that wish to experience the complete capabilities of Microsoft 365 Business must be running Windows 7, 8.1 or 10 Pro\* on their existing desktops. Customers who use on-premises Active Directory must switch to cloud identity and management as part of their deployment. Existing Windows 10 Pro PCs should be running Creators Update if they have not already done so.
-
-\*Devices running Windows 7 or 8.1 Pro are eligible for an upgrade to
-Windows 10 Pro within the Microsoft 365 Business preview.
-
-Is there any charge for the Microsoft 365 Business preview? 
-------------------------------------------------------------
-
-No, Microsoft will not charge for the preview. If you work with an outside [IT partner](https://partnercenter.microsoft.com/en-us/pcv/search) and require assistance to deploy Microsoft 365 Business preview, they may charge you for their deployment services and assistance. At the end of the preview customers may convert to a paid subscription to continue using Microsoft 365 Business.
-
-I’m an existing Office 365 customer. Will I be charged for an Office 365 subscription while I am using the Microsoft 365 Business preview?
-------------------------------------------------------------------------------------------------------------------------------------------
-
-The Microsoft 365 Business preview is free and does not require an existing Office 365 Business Premium subscription. Current Office 365 customers will continue to be billed for active Office 365 subscriptions that are not associated with the Microsoft 365 Business preview.
-
-What is the best way to deploy Microsoft 365 Business in my organization? 
---------------------------------------------------------------------------
-
-Partner-assisted deployment is the recommended way to deploy Microsoft 365 Business preview. Contact your Microsoft Partner and ask them if they are participating in the Microsoft 365 Business Preview Trial. Your Partner is well-equipped to help customers understand their options and make the best recommendations for deploying Microsoft 365 Business preview in your organization.
-
-If you do not have a Microsoft partner, you can find one [here](https://partnercenter.microsoft.com/en-us/pcv/search).
-
-## Deployment 
-
-What should customers consider when planning a Microsoft 365 Business deployment? 
-----------------------------------------------------------------------------------
-
-The most direct path to a successful Microsoft 365 Business deployment is to engage with a Microsoft Partner. They have extensive training and experience with a wide variety of customer scenarios and are best equipped to understand your environment and needs. Customers that have experienced IT on staff can use the [Microsoft 365 Business Getting Started](https://support.office.com/article/496e690b-b75d-4ff5-bf34-cc32905d0364) to assist them in their Microsoft 365 Business deployment.
-
-Does Microsoft 365 Business include the full capabilities of Microsoft Intune? 
--------------------------------------------------------------------------------
-
-Microsoft 365 Business includes a robust set of mobile app management capabilities powered by Microsoft Intune. These are a subset of Intune features, specifically chosen to meet the needs of SMBs and organized to be easily managed via a simplified administration experience. If a company requires the full capabilities of Intune, they can purchase a Microsoft 365 Enterprise plan.
-
-Does Microsoft 365 Business allow customers to manage Macs? 
-------------------------------------------------------------
-
-The security and management capabilities of Microsoft 365 Business pertain to iOS, Android mobile devices, and Windows PCs.
-
-What is Windows AutoPilot? 
----------------------------
-
-Windows AutoPilot is a service that streamlines the deployment of new Windows 10 PCs. This process can be done when the end-user logs on to Microsoft 365 Business for the first time— without IT ever touching the device—by leveraging centralized management controls of Microsoft 365 Business. You can also use Windows AutoPilot for existing PCs that are running Windows 10 Professional Creators Update and have been factory reset. Details about Windows AutoPilot can be found in [this June blog post](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-AutoPilot/).
-
-## Compatibility 
-
-Can I add Office 365 E5 add-ons to Microsoft 365 Business? 
------------------------------------------------------------
-
-All the add-ons that can be added to Office 365 Business Premium can be added to Microsoft 365 Business. This means that you can purchase Advanced Threat Protection, Advanced Security Management, Customer Lockbox, Advanced eDiscovery, MyAnalytics, PowerBI Pro, and PSTN Conferencing.
-
-Can I add Cloud PBX and PSTN Calling plans to Microsoft 365 Business? 
-----------------------------------------------------------------------
-
-At this time, these capabilities are reserved for customers who have more advanced needs. Customers who require Cloud PBX or PSTN Calling plans should look at Microsoft 365 Enterprise offerings.
-
-Can I use add on Archiving or additional storage to Microsoft 365 Business? 
-----------------------------------------------------------------------------
-
-Yes, you can add on additional archiving or storage to Microsoft 365 Business.
-
-Can Microsoft 365 Business customers use Windows Defender Advanced Threat Protection? 
---------------------------------------------------------------------------------------
-
-No, customers that require Windows Defender Advanced Threat Protection need either Windows 10 Enterprise E5 or Microsoft 365 Enterprise E5.
-
-Can I use Windows Information Protection with Microsoft 365 Business? 
-----------------------------------------------------------------------
-
-Yes, Windows Information Protection (WIP) is a feature of Windows 10 Pro and helps businesses prevent accidental leaks by restricting user and app access to business files based on policies you define. Your business data is protected no matter where it lives on your devices—without affecting your user experience. Microsoft 365 Business includes controls to ensure Windows Information Protection is properly configured and automatically deployed to end-user devices.
-
-Can customers use Microsoft 365 Business with on-premises Active Directory? 
-----------------------------------------------------------------------------
-
-To realize the full value of Windows 10, Windows 10 PCs need to be joined to Azure Active Directory. You may use Microsoft 365 Business with Windows 10 devices
-joined to on-premises Active Directory but it is not recommended because you won’t be able to enforce policies from the Microsoft 365 Business Admin console.
-
-Can customers create hosted Windows 10 VMs with a Microsoft 365 Business subscription? 
----------------------------------------------------------------------------------------
+### Can I add Office 365 add-ons to Microsoft 365 Business? 
+All the add-ons that can be added to Office 365 Business Premium can be added to Microsoft 365 Business. This means that you can purchase Advanced Threat Protection, Office 365 Cloud App Security, Advanced Compliance, Threat Intelligence, MyAnalytics, PowerBI Pro, and Audio Conferencing. 
+ 
+### Can I add Phone System and Calling Plans to Microsoft 365 Business? 
+No, Phone System and Calling Plan are reserved for customers who have more advanced needs. Customers who require these capabilities should look at Microsoft 365 Enterprise offerings. 
+ 
+### Can Microsoft 365 Business customers use Windows Defender Advanced Threat Protection? 
+No, customers that require Windows Defender Advanced Threat Protection need either Windows 10 Enterprise E5 or Microsoft 365 Enterprise E5. 
+ 
+### Can I use Windows Information Protection with Microsoft 365 Business? 
+Yes, Windows Information Protection (WIP) is a feature of Windows 10 Pro and helps businesses prevent accidental leaks by restricting user and app access to business files based on policies you define. Your business data is protected no matter where it lives on your devices—without affecting your user experience. Microsoft 365 Business includes controls to ensure Windows Information Protection is properly configured and automatically deployed to end-user devices. 
+ 
+### Can customers use Microsoft 365 Business with on-premises Active Directory? 
+To realize the full value of Windows 10, Windows 10 PCs need to be joined to Azure Active Directory. You may use Microsoft 365 Business with Windows 10 devices joined to on-premises Active Directory but it is not recommended because you won’t be able to enforce policies from the Microsoft 365 Business Admin console. 
 
+### Can customers create hosted Windows 10 VMs with a Microsoft 365 Business subscription? 
 No, customers that require virtualization should purchase Windows 10 Enterprise or a Microsoft 365 Enterprise subscription.
 
-## Partner Opportunity 
-
-Where can I learn more about the opportunities and benefits in becoming a Microsoft Partner? 
----------------------------------------------------------------------------------------------
+## Partner opportunity
 
+### Where can I learn more about the opportunities and benefits in becoming a Microsoft Partner? 
 IT service providers that are not already Microsoft partners can learn more about the Microsoft Cloud Solution Provider program at
-[https://partner.microsoft.com/cloud-solution-provider](https://partner.microsoft.com/cloud-solution-provider).
+[https://partners.office.com/microsoft365business](https://partners.office.com/microsoft365business).
 
-Where can I learn how to sell Microsoft 365 Business? 
-------------------------------------------------------
+### Where can I learn how to sell Microsoft 365 Business? 
+Partners now selling Office 365 can use the same consultative selling methods to sell Microsoft 365 Business. In addition, we are introducing more resources and training for your sales team to understand the customers’ existing desktop environment, Active Directory reliance, mobility and security needs to effectively communicate the full value of Microsoft 365 Business in a way that is relevant to the customer. Find these resources on the Office Partner portal at [http://partners.office.com/microsoft365business](http://partners.office.com/microsoft365business). 
 
-Partners now selling Office 365 can use the same consultative selling methods to sell Microsoft 365 Business. In addition, we are introducing resources and training for your sales team to understand the customers’ existing desktop environment, Active Directory reliance, mobility and security needs to effectively communicate the full value of Microsoft 365 Business in a way that is relevant to the customer. Find these resources on the Office Partner portal at
-[http://partners.office.com](http://partners.office.com/).
+### How can Microsoft 365 Business help partners increase the profitability? 
+Microsoft 365 Business will help partners reduce costs through greater operational efficiencies and enhance revenue through the sale of additional services. The Forrester Research, Microsoft 365 Business Total Economic Impact (TEI) Study, June 2017 (https://partners.office.com/TEIBusiness), demonstrates that Microsoft 365 Business will have positive impact on partner profitability. 
 
-How can Microsoft 365 Business help partners increase the profitability? 
--------------------------------------------------------------------------
+In the TEI study partners reported that with Microsoft 365 Business they expect: 
 
-Microsoft 365 Business will help partners reduce costs through greater operational efficiencies and enhance revenue through the sale of additional services. The Forrester Research, Microsoft 365 Business Total Economic Impact (TEI) Study, June 2017 [(available on the partner portal)](http://partners.office.com/), demonstrates that Microsoft 365 Business will have positive impact on partner profitability.
-
-In the TEI study partners reported that with Microsoft 365 Business they
-expect:
-
--   20%-point increase in \[one-time\] deployment and advisory services revenue
--   10%-point increase in attach rate of managed services
--   8%-point increase in consulting and \[ongoing\] managed services profit margins (from lower costs)
-
-What resources are available to partners to sell, deploy and support Microsoft 365 Business?
+- 20%-point increase in \[one-time\] deployment and advisory services revenue
+- 10%-point increase in attach rate of managed services
+- 8%-point increase in consulting and \[ongoing\] managed services profit margins (from lower costs)
 
+### What resources are available to partners to sell, deploy and support Microsoft 365 Business?
 Microsoft provides a wide selection of resources for CSP partners to market, sell, and support Microsoft 365 Business. They can be found at
-[http://partners.office.com](http://partners.office.com/).
+[https://partners.office.com/microsoft365business](https://partners.office.com/microsoft365business).
 
-What up-sell opportunities does Microsoft 365 Business give partners? 
-----------------------------------------------------------------------
+### What up-sell opportunities does Microsoft 365 Business give partners? 
+Microsoft 365 Business allows partners to maintain their trusted advisor position with customers, by creating a solid and secure platform upon which to sell additional services and to upgrade existing products and services. Microsoft 365 Business provides an opportunity to have an upgrade discussion with customers now using Exchange Server, Exchange Online or Office 365 Business Essentials. Partners may also gain additional revenue from increased managed services and/or peruser support fees. 
+ 
+With the new Windows AutoPilot feature included in Microsoft 365 Business, partners who have been reluctant to sell new Windows devices due to deployment logistics and costs will find this opportunity much more attractive. Customers who are confident in the security of their on-premise and mobile devices are also more likely to invest in additional services, such as Dynamics 365. 
+ 
+### Should partners sell Microsoft 365 Business over other plans from Microsoft? 
+A Microsoft Cloud Solution Provider should always sell the plan that best suits its customer business needs and budget. For example, if a customer must comply with privacy and security regulations, a CSP may sell Microsoft 365 Business plus any add-ons that help the customer meet its requirements or may suggest the advanced security and management provided by Microsoft 365 Business E SKUs. 
+ 
+### Some of my customers have devices that are not genuine; will Microsoft 365 Business make these devices genuine? 
+Microsoft 365 Business does not make an otherwise non-genuine version of Windows, genuine. Microsoft 365 Business does provide an upgrade benefit allowing those customers running genuine Windows 7, 8 or 8.1 Pro to upgrade to the most recent, genuine version of Windows 10 Pro. 
+ 
+### What support is available to CSP partners for the Microsoft 365 Business Preview? 
+The same support channels available to CSP partners today (premier support and advanced support program) have been trained on Microsoft 365 Business and are ready to provide partners with support. 
 
-Microsoft 365 Business allows partners to maintain their trusted advisor position with customers, by creating a solid and secure platform upon which to sell additional services, or upgrade existing products and services. Microsoft 365 Business provides an opportunity to have an upgrade discussion with customers now using Exchange Server, Exchange Online or Office 365 Business Essentials. Partners may also gain additional revenue from increased managed services and/or per-user
-support fees.
+### What is the GDPR and how does Microsoft 365 Business help customers with their compliance obligations?
+The General Data Protection Regulation (GDPR) is a comprehensive new privacy law that gives residents of the European Union (EU) greater control over their “personal data” and requires organizations to maintain the integrity of that personal data. The GDPR requires organizations that control, or process personal data tied to EU residents to only use third-party data processors that meet the GDPR’s requirements for personal data processing. In March 2017, Microsoft made available contractual guarantees that provide these assurances. Customers that have questions about how Microsoft can help them meet their additional GDPR obligations should learn about the advanced compliance and security capabilities available as add-ons (e.g. Azure Information Protection) and in other Suites (e.g. Microsoft 365 Enterprise E5). To learn more, visit [www.microsoft.com/gdpr](https://www.microsoft.com/gdpr).
 
-With the new Windows AutoPilot feature included in Microsoft 365 Business, partners who have been reluctant to sell new Windows devices due to deployment logistics and costs may now find this opportunity much more attractive. Customers who are confident in the security of their onpremise and mobile devices are also more likely to invest in additional services, such as Dynamics 365.
 
-Should partners sell Microsoft 365 Business over other plans from Microsoft? 
------------------------------------------------------------------------------
 
-A Microsoft Cloud Solution Provider should always sell the plan that best suits its customer business needs and budget. For example, if a customer must comply with privacy and security regulations, a CSP may sell Microsoft 365 Business plus any add-ons that help the customer meet its requirements or may suggest the advanced security and management provided by Microsoft 365 Business E SKUs.
 
-I have devices that are not genuine; will Microsoft 365 Business make my devices genuine? 
-------------------------------------------------------------------------------------------
+## Footnotes
+<sup><a name="footnote1">**1**</a></sup> <small>Available in US, UK, and Canada.</small> </br>
+<sup><a name="footnote2">**2**</a></sup> <small>Devices running Windows 7 or 8.1 Pro are eligible for an upgrade to Windows 10 Pro within the Microsoft 365 Business preview.</small>
+ 
 
-No, Microsoft 365 Business does not make an otherwise non-genuine version of Windows, genuine. Microsoft 365 Business does provide an upgrade benefit allowing those customers running genuine Windows 7, 8 or 8.1 Pro to upgrade to the most recent, genuine version of Windows 10 Pro.
 
-How do partners make any money offering the Microsoft 365 Business preview to their customers? 
------------------------------------------------------------------------------------------------
 
-Partners can realize revenue opportunities by deploying Microsoft 365 Business preview and providing other managed services that support the solution.
-
-What is the exact name of the Microsoft 365 Business preview SKU and when will it be available? 
-------------------------------------------------------------------------------------------------
-
-The Microsoft 365 Business preview is called the Microsoft 365 Business Preview Trial and will be on August 2 CSP Price List.
-
-How can I convert a preview customer subscription to Microsoft 365 Business when it is generally available? 
-------------------------------------------------------------------------------------------------------------
-
-We will provide more information on converting Microsoft 365 Business preview customers to subscribers later.
-
-What support is available to CSP partners for the Microsoft 365 Business Preview? 
-----------------------------------------------------------------------------------
-
-The same support channels available to CSP partners today (premier support and advanced support program) have been trained on Microsoft 365
-Business and are ready to provide partners with support.
-
-What is the GDPR and how does Microsoft 365 Business help customers with their compliance obligations? 
--------------------------------------------------------------------------------------------------------
-
-The General Data Protection Regulation (GDPR) is a comprehensive new privacy law that gives residents of the European Union (EU) greater control over their “personal data” and requires organizations to maintain the integrity of that personal data. The GDPR requires organizations that control, or process personal data tied to EU residents to only use third-party data processors that meet the GDPR’s requirements for personal data processing. In March 2017, Microsoft made
-available contractual guarantees that provide these assurances. Customers who have questions about how Microsoft can help them meet their additional GDPR obligations should learn about the advanced compliance and security capabilities available as add-ons (e.g. Azure Information Protection) and in other Suites (e.g. Microsoft 365 Enterprise E5). To learn more, visit [www.microsoft.com/gdpr](https://www.microsoft.com/gdpr).
diff --git a/bcs/support/transition-csp-subscription.md b/bcs/support/transition-csp-subscription.md
new file mode 100644
index 0000000000..7c15aa33b6
--- /dev/null
+++ b/bcs/support/transition-csp-subscription.md
@@ -0,0 +1,103 @@
+---
+title: Transition a Microsoft 365 Business CSP subscription 
+description: Find out how you can transition a Microsoft 365 Business CSP subscription from preview to GA. 
+author: CelesteDG 
+ms.author: celested 
+ms.topic: article 
+ms.prod: microsoft-365-business
+ms.localizationpriority: high
+audience: microsoft-business 
+keywords: Microsoft 365 Business, Microsoft 365, SMB, transition CSP subscription
+ms.date: 11/01/2017
+---
+
+# Transition a Microsoft 365 Business CSP subscription
+
+If you have a Microsoft 365 Business Preview CSP subscription, follow this guide to find out how you can transition your existing preview subscription to Microsoft 365 Business GA (general availability).
+
+**How to transition a preview subscription to GA**
+
+1. Log in to <a href="https://partnercenter.microsoft.com" target="_blank">Partner Center</a>.
+2. From the dashboard, select **Customers**, and then find and select the company name.
+
+    The subscriptions for the company will be listed.
+
+    ![Customer's subscriptions in Partner Center](images/pc_customer_subscriptions_1.png)
+    
+3. In the company's **Subscriptions** page, select **Add subscription**.
+4. In the **New subscription** page, select **Small business** and then select **Microsoft 365 Business** from the list.
+5. Add the number of licenses and then select **Next: Review** to review the subscription and then select **Submit**.
+
+    ![Review the new subscription to Microsoft 365 Business](images/pc_customer_reviewnewsubscription.png)
+
+    The **License-based subscriptions** will show **Microsoft 365 Business Preview** and **Microsoft 365 Business**. You'll need to suspend the Preview subscription next.
+
+6. Select **Microsoft 365 Business Preview**.
+7. In the **Microsoft 365 Business Preview** page, select **Suspended** to suspend the Preview subscription.
+
+    ![Suspend the Microsoft 365 Business Preview subscription](images/pc_customer_m365bpreview_suspend.png)
+
+8. Select **Submit** to confirm.
+
+    In the **Subscriptions** page, confirm that the **Microsoft 365 Business Preview** status shows **Suspended**.
+
+    ![Confirm the Preview subscription status is suspended](images/pc_customer_m365bpreview_suspend_confirm.png)
+
+9. Optionally, you can also validate the license agreement. To do this, follow these steps:
+    1. Select **Users and licenses** from the company's **Subscriptions** page.
+    2. From the **Users and licenses** page, select a user.
+    3. In the user's page, check the **Assign licenses** section and confirm that it shows **Microsoft 365 Business**.
+
+        ![Confirm the Microsoft 365 Business license is assigned to the user](images/pc_customer_userslicenses_m365b_validate.png)
+
+## Impact to customers and users during and after transition
+
+There is no impact to customers and users during transition and post transition.
+
+## Impact to customers who don't transition
+
+The following table summarizes the impact to customers who don't transition from a Microsoft 365 Business Preview subscription to a Microsoft 365 Business subscription.
+
+|       | T-0 to T+30     | T+30 to T+60 | T+60 to T+120 | Beyond T+120  |
+|-------|-----------------|--------------|---------------|---------------|
+| **State** | In grace period | Expired      | Disabled      | Deprovisioned |
+| **Service impacts**                                                        |
+| **Microsoft 365 Business admin portal** | No impact to functionality | No impact to functionality | Can add/delete users, purchase subscriptions.</br> Cannot assign/revoke licenses. | Customer's subscription and all data is deleted. Admin can manage other paid subscriptions. |
+| **Office apps**                         | No end user impact | No end user impact | Office enters reduced functionality mode.</br> Users can view files only. | Office enters reduced functionality mode.</br> Users can view files only. |
+| **Cloud services (SharePoint Online, Exchange Online, Skype, Teams, and more)** | No end user impact | No end user impact | End users and admins have no access to data in the cloud. | Customer's subscription and all data are deleted. |
+| **EM+S components** | No admin impact</br> No end user impact | No admin impact</br> No end user impact | Capability will cease to be enforced.</br> See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. | Capability will cease to be enforced.</br> See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. |
+| **Windows 10 Business** | No admin impact</br> No end user impact | No admin impact</br> No end user impact | Capability will cease to be enforced.</br> See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. | Capability will cease to be enforced.</br> See [Mobile device impacts upon subscription expiration](#mobile-device-impacts-upon-subscription-expiration) and [Windows 10 PC impacts upon subscription expiration](#windows-10-pc-impacts-upon-subscription-expiration) for more info. |
+| **Azure AD login to a Windows 10 PC** | No admin impact</br> No end user impact | No admin impact</br> No end user impact | No admin impact</br> No end user impact | Once the tenant is deleted, a user can log in with local credentials only. Re-image the device if there are no local credentials. |
+
+## Mobile device impacts upon subscription expiration
+
+The followint table summarizes the impact to the app management policies on mobile devices.
+
+|                            | Fully licensed experience                      | T+60 days post expiration          |
+|----------------------------|------------------------------------------------|------------------------------------|
+| **Delete work files from an inactive device** | Work files are removed after selected days | Work files remain on the user's personal devices |
+| **Force users to save all work files to OneDrive for Business** | Work files can only be saved to OneDrive for Business | Work files can be saved anywhere |
+| **Encrypt work files** | Work files are encrypted | Work files are no longer encrypted.</br> Security policies are removed and Office data on apps is removed. |
+| **Require PIN or fingerprint to access Office apps** | Restricted access to apps | No app-level access restriction |
+| **Reset PIN when login fails** | Restricted access to apps | No app-level access restriction |
+| **Require users to sign in again after Office apps have been idle** | Sign-in required | No sign-in required to access apps |
+| **Deny access to work files on jailbroken or rooted devices** | Work files cannot be accessed on jailbroken/rooted devices | Work files can be accessed on jailbroken/rooted devices |
+| **Allow users to copy content from Office apps to Personal apps** | Copy/paste restricted to apps available as part of Microsoft 365 Business subscription | Copy/paste available to all apps |
+
+## Windows 10 PC impacts upon subscription expiration
+
+The following table summarizes the impact to the Windows 10 device configuration policies.
+
+|                            | Fully licensed experience                      | T+60 days post expiration          |
+|----------------------------|------------------------------------------------|------------------------------------|
+| **Help protect PCs from threats using Windows Defender** | Turn on/off is outside of user control | User may turn on/off Windows Defender on the Windows 10 PC |
+| **Help protect PCs from web-based threats in Microsoft Edge** | PC protection in Microsoft Edge | User may turn on/off PC protection in Microsoft Edge |
+| **Turn off device screen when idle** | Admin defines screen timeout interval policy | Screen timeout can be configured by end user |
+| **Allow users to download apps from Microsoft Store** | Admin defines if a user can download apps from Microsoft Store | User can download apps from Microsoft Store anytime |
+| **Allow users to access Cortana** | Admin defines policy on user access to Cortana | User devices to turn on/off Cortana |
+| **Allow users to receive tips and advertisements from Microsoft** | Admin defines policy on user receive tips and advertisements from Microsoft | User may turn on/off tips and advertisements from Microsoft |
+| **Allow users to copy content from Office apps into personal apps** | Admin defines policy to keep Windows 10 devices up-to-date | Users can decide when to update Windows |
+
+
+
+
diff --git a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
index 8a85487527..d1a52c56b3 100644
--- a/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
+++ b/devices/surface-hub/differences-between-surface-hub-and-windows-10-enterprise.md
@@ -32,7 +32,7 @@ Surface Hub doesn't have a lock screen or a screen saver, but it has a similar f
 
 ### User sign-in
 
-Surface Hub is designed to be used in communal spaces, such as meeting rooms. Unlike Windows PCs, anyone can walk up and use a Surface Hub without requiring a user to sign in. To enable this communal functionality, Surface Hub does not support Windows sign-in the same way that Windows 10 Enterprise does (e.g., signing in a user to the OS and using those crednetials throughout the OS). Instead, there is always a local, auto signed-in, low-privilege user signed in to the Surface Hub. It doesn't support signing in any additional users, including admin users (e.g., when an admin signs in, they are not signed in to the OS).
+Surface Hub is designed to be used in communal spaces, such as meeting rooms. Unlike Windows PCs, anyone can walk up and use a Surface Hub without requiring a user to sign in. To enable this communal functionality, Surface Hub does not support Windows sign-in the same way that Windows 10 Enterprise does (e.g., signing in a user to the OS and using those credentials throughout the OS). Instead, there is always a local, auto signed-in, low-privilege user signed in to the Surface Hub. It doesn't support signing in any additional users, including admin users (e.g., when an admin signs in, they are not signed in to the OS).
 
 Users can sign in to a Surface Hub, but they will not be signed in to the OS. For example, when a user signs in to Apps or My Meetings and Files, the users is signed in only to the apps or services, not to the OS. As a result, the signed-in user is able to retrieve their cloud files and personal meetings stored in the cloud, and these credentials are discarded when **End session** is activated.
 
@@ -168,4 +168,4 @@ Users can sign in to Microsoft Edge to access intranet sites and online resource
 
 The Surface Hub OS uses the Windows 10 Connected User Experience and Telemetry component to gather and transmit telemetry data. For more information, see [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization).
 
-*Organization policies that this may affect:* <br> Configure telemetry levels for Surface Hub in the same way as you do for Windows 10 Enterprise.
\ No newline at end of file
+*Organization policies that this may affect:* <br> Configure telemetry levels for Surface Hub in the same way as you do for Windows 10 Enterprise.
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index ece11a95f1..ada7726198 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -58,7 +58,7 @@ Surface Hubs, like all Windows 10 devices, include **Windows Update for Business
 2. [Configure when Surface Hub receives updates](#configure-when-surface-hub-receives-updates).
 
 > [!NOTE]
-> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://technet.microsoft.com/itpro/windows/manage/waas-wufb-intune)
+> You can use Microsoft Intune, System Center Configuration Manager, or a supported third-party MDM provider to set up WUfB. [Walkthrough: use Microsoft Intune to configure Windows Update for Business.](https://docs.microsoft.com/windows/deployment/update/waas-wufb-intune)
 
 
 ### Group Surface Hub into deployment rings
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index c2281921b1..d5fdb07a74 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -68,7 +68,7 @@ Surface Hub interacts with a few different products and services. Depending on t
 
 A device account is an Exchange resource account that Surface Hub uses to display its meeting calendar, join Skype for Business calls, send email, and (optionally) to authenticate to Exchange. See [Create and test a device account](create-and-test-a-device-account-surface-hub.md) for details.
 
-After you've created your device account, to verify that it's setup correctly, run Surface Hub device account validation PowerShell scripts. For more information, see [Surface Hub device account scripts](https://gallery.technet.microsoft.com/scriptcenter/Surface-Hub-device-account-6db77696) in Script Center, or [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide. 
+After you've created your device account, to verify that it's setup correctly, run Surface Hub device account validation PowerShell scripts. For more information, see [PowerShell scripts for Surface Hub](appendix-a-powershell-scripts-for-surface-hub.md) later in this guide. 
 
  
 
@@ -118,6 +118,7 @@ When you go through the first-run program for your Surface Hub, there's some inf
 ## More information
 
 - [Surface Hub and the Skype for Business Trusted Domain List](https://blogs.technet.microsoft.com/y0av/2017/10/25/95/)
+- [Surface Hub in a Multi-Domain Environment](https://blogs.technet.microsoft.com/y0av/2017/11/08/11/)
 
  
 
diff --git a/devices/surface/change-history-for-surface.md b/devices/surface/change-history-for-surface.md
index bfa5fcd9bb..c64127383f 100644
--- a/devices/surface/change-history-for-surface.md
+++ b/devices/surface/change-history-for-surface.md
@@ -11,6 +11,12 @@ author: jdeckerms
 
 This topic lists new and updated topics in the Surface documentation library.
 
+## November 2017
+
+|New or changed topic | Description |
+| --- | --- |
+|[Surface Dock Updater](surface-dock-updater.md) | Added version 2.7.136.0 information  |
+
 ## October 2017
 
 New or changed topics | Description 
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index 42ea115bd7..d2b9c01167 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -8,8 +8,9 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
 ms.sitesec: library
-author: jobotto
-ms.date: 06/29/2017
+author: brecords
+ms.date: 11/03/2017
+ms.author: jdecker
 ---
 
 # Microsoft Surface Dock Updater
@@ -22,7 +23,10 @@ The [Microsoft Surface Dock Updater](https://www.microsoft.com/download/details.
 When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA).
 
 >[!NOTE]
->Updating Surface Dock firmware requires connectivity to the Surface Dock, available only on Surface Pro 3, Surface Pro 4, and Surface Book devices. A Surface Pro 3, Surface Pro 4, or Surface Book is required to successfully install Microsoft Surface Dock Updater.
+>Updating Surface Dock firmware requires connectivity to the Surface Dock via the Surface Connect™ port. Installation of the Microsoft Surface Dock Updater is only supported on devices that feature the Surface Connect™ port.
+
+>[!NOTE]
+>The Surface Dock Updater tool is unable to run on Windows 10 S. Surface Dock devices used with Surface Laptop with Windows 10 S will receive updates natively through Windows Update. To manually update a Surface Dock for use with Surface Laptop and Windows 10 S, connect the Surface Dock to another Surface device with a Windows 10 Pro or Windows 10 Enterprise environment.
 
 ## Update a Surface Dock with Microsoft Surface Dock Updater
 
@@ -112,6 +116,15 @@ Microsoft periodically updates Surface Dock Updater. To learn more about the app
 >[!Note]
 >Each update to Surface Dock firmware is included in a new version of Surface Dock Updater. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Updater.
 
+### Version 2.7.136.0
+*Release date: November 3, 2017*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock DisplayPort Firmware
+* Improved support for passive DisplayPort to DVI or HDMI adapters
+* Improved support for audio over DisplayPort
+
 ### Version 2.1.15.0
 *Release date: June 19, 2017*
 
@@ -120,25 +133,6 @@ This version of Surface Dock Updater adds support for the following:
 * Surface Laptop
 * Surface Pro
 
->[!NOTE]
->The Surface Dock Updater tool is unable to run on Windows 10 S. Surface Dock devices used with Surface Laptop with Windows 10 S will receive updates natively through Windows Update. To manually update a Surface Dock for use with Surface Laptop and Windows 10 S, connect the Surface Dock to another Surface device with a Windows 10 Pro or Windows 10 Enterprise environment.
-
-### Version 1.0.8.0
-*Release date: April 26, 2016*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Update for Surface Dock Main Chipset firmware
-* Update for Surface Dock DisplayPort firmware
-
-### Version 2.0.22.0
-*Release date: October 21, 2016*
-
-This version of Surface Dock Updater adds support for the following:
-
-* Update for Surface Dock USB firmware
-* Improved reliability of Ethernet, audio, and USB ports
-
 ### Version 2.1.6.0
 *Release date: April 7, 2017*
 
@@ -147,6 +141,22 @@ This version of Surface Dock Updater adds support for the following:
 * Update for Surface Dock DisplayPort firmware
 * Requires Windows 10
 
+### Version 2.0.22.0
+*Release date: October 21, 2016*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock USB firmware
+* Improved reliability of Ethernet, audio, and USB ports
+
+### Version 1.0.8.0
+*Release date: April 26, 2016*
+
+This version of Surface Dock Updater adds support for the following:
+
+* Update for Surface Dock Main Chipset firmware
+* Update for Surface Dock DisplayPort firmware
+
 
 ## Related topics
 
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 6df8addf70..12ad05add1 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -15,6 +15,14 @@ ms.date: 08/01/2017
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
+## November 2017
+
+| New or changed topic | Description |
+| --- | ---- |
+| [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md) | Updated the the list of device manufacturers. |
+| [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
+| [Set up Take a Test on a single PC](take-a-test-single-pc.md) | Updated instances of the parameter enablePrint, or enablePrinting, to requirePrinting. |
+
 ## RELEASE: Windows 10, version 1709 (Fall Creators Update)
 
 | New or changed topic | Description |
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index f401bc62e1..ffe98a656e 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -10,51 +10,53 @@ searchScope:
   - Store
 author: trudyha
 ms.author: trudyha
+ms.date: 10/27/2017
 ---
 
 # Working with Microsoft Store for Education
 
-Learn about education scenarios for Microsoft Store for Education. IT admins and teachers can use Microsoft Store to find, acquire, distribute, and manage apps. 
+Learn about education scenarios for Microsoft Store for Education. IT admins and teachers can use Microsoft Store to find, acquire, distribute, and manage apps.
 
-## Manage Microsoft Store for Education settings
+Many of the [settings in Microsoft Store for Business](https://docs.microsoft.com/microsoft-store/settings-reference-microsoft-store-for-business) also apply in Microsoft Store for Education. Several of the items in this topic are unique to Microsoft Store for Education.  
 
-### Access to Microsoft Store for Education
+## Basic Purchaser role
 Applies to: IT admins
 
-By default, when a teacher with a work or school account acquires Minecraft: Education Edition,they are automatically signed up for Window Store for Business, and the **Basic Purchaser** role is assigned to them. **Basic Purchaser** role allows teachers to acquire Minecraft: Education Edition and to distribute it to students. 
-
-However, tenant admins can control whether or not teachers automatically sign up for Microsoft Store for Business, and get the **Basic Purchaser** role. You can configure this with **Allow educators in my organization to sign up for the Microsoft Store for Business.** You'll find this on the **Permissions** page. 
-
-**To manage educator access to Microsoft Store for Education**
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com)
-2. Click **Manage**, and then click **Permissions**. 
-3. Select, or clear **Allow teachers in my organization to sign up for the Microsoft Store for Education**.
-
-### Microsoft Store for Education permissions
-Applies to: IT admins
-
-**Minecraft: Education Edition** adds a new role for teachers: **Basic Purchaser**. As an Admin, you can assign this role to teachers in your organization. When a teacher has been granted this role, they can:
+By default, when a teacher with a work or school account signs up for Microsoft Store for Education, the **Basic Purchaser** role is assigned to them. **Basic Purchaser** role allows teachers to: 
 - View the Minecraft: Education Edition product description page 
-- Acquire and manage Minecraft: Education Edition, and other apps from Store for Business
-- Use info on Support page (including links to documentation and access to support through customer service)
+- Acquire and manage Minecraft: Education Edition, and other apps from Store for Education
+- Use info on **Support** (including links to documentation and access to support through customer service)
 
-    ![assign roles to manage Minecraft permissions](images/sfe-roles.png)
+> [!NOTE]
+> People with the **Basic Purchaser** role can only manage (assign and reclaim licenses) for apps that they purchased. They can't manage apps purchased by people with **Purchaser** or **Admin** roles. 
+
+Admins can control whether or not teachers are automatically assigned the **Basic Purchaser** role. You can configure this with **Make everyone a Basic Purchaser**. You'll find this on **Settings**, with **Shop** settings. 
+
+**To manage Make everyone a Basic Purchaser**
+1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com)
+2. Click **Manage**, and then click **Settings**. 
+3. On **Shop**, select or clear **Make everyone a Basic Purchaser**.
+
+![manage settings to control Basic Purchaser role assignment](images/sfe-make-everyone-bp.png)
+
+> [!NOTE]
+> **Make everyone a Basic Purchaser** is on by default. 
+
+When **Make everyone a Basic Purchaser** is turned off, admins can manually assign the role to teachers. 
 
 **To assign Basic Purchaser role**
 
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com) </br>
-
-    > [!NOTE]
-    > You need to be a Global Administrator, or have the Store for Business Admin role to access the **Permissions** page.
-    
-2. Click **Settings**, and then choose **Permissions**.
-3. Click **Add people**, type a name, select the correct person, choose the role you want to assign, and click **Save**.
+1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com)
+2. Click **Manage**, and then choose **Permissions**.
+3. On **Roles**, click **Assign roles**, type and select a name, choose the role you want to assign, and then click **Save**.
 
     ![Permission page for Microsoft Store for Business](images/sfe-roles.png)
-    
- Micrososft Store updates the list of people and permissions. 
 
-### Private store
+**Blocked Basic Purchasers**
+
+When **Make everyone a Basic Purchaser** is on, admins can still manage which users have the **Basic Purchaser** role. An admin can unassign the **Basic Purchaser** role from a user, and the user is added to a list of **Blocked Basic Purchasers**. Admins can review who are **Basic Purchasers** and **Blocked Basic Purchasers** on **Permissions**. 
+
+## Private store
 
 Applies to: IT admins
 
@@ -104,11 +106,10 @@ Teachers and IT administrators can now get trials or subscriptions to Minecraft:
 - [For IT admins – Minecraft: Education Edition](https://docs.microsoft.com/education/windows/school-get-minecraft)
 - [For teachers – Minecraft: Education Edition](https://docs.microsoft.com/education/windows/teacher-get-minecraft)
 
-
 ## Manage apps and software
 Applies to: IT admins and teachers
 
-### Manage purchases
+## Manage purchases
 IT admins and teachers in educational settings can purchase apps from Microsoft Store for Education. Teachers need to have the Basic purchaser role, but if they've acquired Minecraft: Education Edition, they have the role by default. 
 
 While both groups can purchase apps, they can't manage purchases made by the other group. 
@@ -125,7 +126,7 @@ Teachers can:
 > [!NOTE]
 > Teachers with the Basic purchaser role can't manage or view apps purchased by other teachers, or purchased by admins. Teachers can only work with the apps they purchased.
  
-### Distribute apps
+## Distribute apps
 
 Manage and distribute apps to students and others in your organization. Different options are avaialble for admins and teachers. 
 
diff --git a/education/windows/images/sfe-allow-shop-setting.png b/education/windows/images/sfe-allow-shop-setting.png
new file mode 100644
index 0000000000..52320751ac
Binary files /dev/null and b/education/windows/images/sfe-allow-shop-setting.png differ
diff --git a/education/windows/images/sfe-make-everyone-bp.png b/education/windows/images/sfe-make-everyone-bp.png
new file mode 100644
index 0000000000..fd2e263417
Binary files /dev/null and b/education/windows/images/sfe-make-everyone-bp.png differ
diff --git a/education/windows/images/sfe-roles.png b/education/windows/images/sfe-roles.png
index 72a4ae3cef..d208fb29b7 100644
Binary files a/education/windows/images/sfe-roles.png and b/education/windows/images/sfe-roles.png differ
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index beddf8d589..4514676415 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -233,9 +233,9 @@ One of the ways you can present content in a locked down manner is by embedding
 2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
 
   - `&enableTextSuggestions` - Enables text suggestions
-  - `&enablePrint` - Enables printing
+  - `&requirePrinting` - Enables printing
   - `&enableScreenCapture` - Enables screen capture
-  - `&enablePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&enablePrint`, and `&enableScreenCapture` if you want to enable more than one capability. 
+  - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. 
 
   If you exclude these parameters, the default behavior is disabled.
 
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 6b07a96b6c..b64859a2d9 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -97,9 +97,9 @@ One of the ways you can present content in a locked down manner is by embedding
 2. To enable printing, screen capture, or both, use the above link and append one of these parameters:
 
   - `&enableTextSuggestions` - Enables text suggestions
-  - `&enablePrint` - Enables printing
+  - `&requirePrinting` - Enables printing
   - `&enableScreenCapture` - Enables screen capture
-  - `&enablePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&enablePrint`, and `&enableScreenCapture` if you want to enable more than one capability. 
+  - `&requirePrinting&enableScreenCapture` - Enables printing and screen capture; you can use a combination of `&enableTextSuggestions`, `&requirePrinting`, and `&enableScreenCapture` if you want to enable more than one capability. 
 
   If you exclude these parameters, the default behavior is disabled.
 
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index 08f821dbec..17e228afb1 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 author: CelesteDG
 ms.author: celested
-ms.date: 10/17/2017
+ms.date: 11/03/2017
 ---
 
 # Test Windows 10 S on existing Windows 10 education devices
@@ -85,15 +85,15 @@ Check with your device manufacturer before trying Windows 10 S on your device to
 | <a href="http://www.lucoms.com/v2/cs/cs_windows10.asp" target="_blank">Daewoo</a> | <a href="http://www.daten.com.br/suportes/windows10s/" target="_blank">Daten</a> | <a href="http://www.dell.com/support/article/us/en/19/sln307174/dell-computers-tested-for-windows-10-s?lang=en" target="_blank">Dell</a> | 
 | <a href="http://www.epson.jp/support/misc/windows10s.htm" target="_blank">Epson</a> | <a href="http://exo.com.ar/actualizaciones-de-windows-10" target="_blank">EXO</a> | <a href="http://www.fujitsu.com/au/products/computing/pc/microsoft/s-compatible/" target="_blank">Fujitsu</a> |
 | <a href="http://apac.getac.com/support/windows10s.html" target="_blank">Getac</a> | <a href="http://compaq.com.br/sistemas-compativeis-com-windows-10-s.html" target="_blank">Global K</a> | <a href="http://www.onda.cn/SearchDetails.aspx?id=1654" target="_blank">Guangzhou</a> |
-| <a href="https://support.hp.com/us-en/document/c05588871" target="_blank">HP</a> | <a href="http://consumer.huawei.com/cn/support/notice/detail/index.htm?id=1541" target="_blank">Huawei</a> | <a href="http://www.inet-tek.com/en/product-qadetail-86.html" target="_blank">iNET</a> |
-| <a href="https://www.intel.com/content/www/us/en/support/boards-and-kits/000025096.html" target="_blank">Intel</a> | <a href="http://irbis-digital.ru/support/podderzhka-windows-10-s/" target="_blank">LANIT Trading</a> | <a href="https://support.lenovo.com/us/en/solutions/ht504589" target="_blank">Lenovo</a> | 
-| <a href="http://www.lg.com/us/content/html/hq/windows10update/Win10S_UpdateInfo.html" target="_blank">LG</a> | <a href="https://www2.mouse-jp.co.jp/ssl/user_support2/info.asp?N_ID=361" target="_blank">MCJ</a> | <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | 
-| <a href="https://www.microsoft.com/surface/en-us/support/windows-and-office/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | <a href="https://panasonic.net/cns/pc/Windows10S/" target="_blank">Panasonic</a> | 
-| <a href="http://www.bangho.com.ar/windows10s" target="_blank">PC Arts</a> | <a href="http://www.positivoinformatica.com.br/atualizacao-windows-10" target="_blank">Positivo SA</a> | <a href="http://www.br.vaio.com/atualizacao-windows-10/" target="_blank">Positivo da Bahia</a> | 
-| <a href="http://www.samsung.com/us/support/windows10s/" target="_blank">Samsung</a> | <a href="http://www.teclast.com/zt/aboutwin10s/" target="_blank">Teclast</a> | <a href="http://www.dospara.co.jp/support/share.php?contents=about_windows10s" target="_blank">Thirdwave</a> | 
-| <a href="http://www.tongfangpc.com/service/win10.aspx" target="_blank">Tongfang</a> | <a href="http://win10upgrade.toshiba.com/win10s/information?region=TAIS&country=US&lang=en" target="_blank">Toshiba</a> | <a href="http://www.trekstor.de/windows-10-s-en.html" target="_blank">Trekstor</a> | 
-| <a href="http://www.trigem.co.kr/windows/win10S.html" target="_blank">Trigem</a> | <a href="http://us.vaio.com/support/knowledge-base/windows-10-s-compatibility-information/" target="_blank">Vaio</a> | <a href="https://www.wortmann.de/en-gb/content/+windows-10-s-supportinformation/windows-10-s-supportinformation.aspx" target="_blank">Wortmann</a> | 
-| <a href="http://www.yifangdigital.com/Customerservice/win10s.aspx" target="_blank">Yifang</a> |  |  | 
+| <a href="https://support.hp.com/us-en/document/c05588871" target="_blank">HP</a> | <a href="http://consumer.huawei.com/cn/support/notice/detail/index.htm?id=1541" target="_blank">Huawei</a> | <a href="https://www.i-life.us/not-available/" target="_blank">I Life</a> |
+| <a href="http://www.inet-tek.com/en/product-qadetail-86.html" target="_blank">iNET</a> | <a href="https://www.intel.com/content/www/us/en/support/boards-and-kits/000025096.html" target="_blank">Intel</a> | <a href="http://irbis-digital.ru/support/podderzhka-windows-10-s/" target="_blank">LANIT Trading</a> |
+| <a href="https://support.lenovo.com/us/en/solutions/ht504589" target="_blank">Lenovo</a> | <a href="http://www.lg.com/us/content/html/hq/windows10update/Win10S_UpdateInfo.html" target="_blank">LG</a> | <a href="https://www2.mouse-jp.co.jp/ssl/user_support2/info.asp?N_ID=361" target="_blank">MCJ</a> | 
+| <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://www.microsoft.com/surface/en-us/support/windows-and-office/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
+| <a href="https://panasonic.net/cns/pc/Windows10S/" target="_blank">Panasonic</a> | <a href="http://www.bangho.com.ar/windows10s" target="_blank">PC Arts</a> | <a href="http://www.positivoinformatica.com.br/atualizacao-windows-10" target="_blank">Positivo SA</a> | 
+| <a href="http://www.br.vaio.com/atualizacao-windows-10/" target="_blank">Positivo da Bahia</a> | <a href="http://www.samsung.com/us/support/windows10s/" target="_blank">Samsung</a> | <a href="http://www.teclast.com/zt/aboutwin10s/" target="_blank">Teclast</a> | 
+| <a href="http://www.dospara.co.jp/support/share.php?contents=about_windows10s" target="_blank">Thirdwave</a> | <a href="http://www.tongfangpc.com/service/win10.aspx" target="_blank">Tongfang</a> | <a href="http://win10upgrade.toshiba.com/win10s/information?region=TAIS&country=US&lang=en" target="_blank">Toshiba</a> | 
+| <a href="http://www.trekstor.de/windows-10-s-en.html" target="_blank">Trekstor</a> | <a href="http://www.trigem.co.kr/windows/win10S.html" target="_blank">Trigem</a> | <a href="http://us.vaio.com/support/knowledge-base/windows-10-s-compatibility-information/" target="_blank">Vaio</a> | 
+| <a href="https://www.wortmann.de/en-gb/content/+windows-10-s-supportinformation/windows-10-s-supportinformation.aspx" target="_blank">Wortmann</a> | <a href="http://www.yifangdigital.com/Customerservice/win10s.aspx" target="_blank">Yifang</a> |  | 
 
 
 > [!NOTE]
diff --git a/store-for-business/acquire-apps-microsoft-store-for-business.md b/store-for-business/acquire-apps-microsoft-store-for-business.md
index b750ec2e50..b0f2d72736 100644
--- a/store-for-business/acquire-apps-microsoft-store-for-business.md
+++ b/store-for-business/acquire-apps-microsoft-store-for-business.md
@@ -11,7 +11,7 @@ ms.localizationpriority: high
 ---
 
 # Acquire apps in Microsoft Store for Business and Education
-As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md).
+As an admin, you can acquire apps from the Microsoft Store for Business and Education for your employees. Some apps are free, and some have a price. For info on app types that are supported, see [Apps in the Microsoft Store for Business](apps-in-microsoft-store-for-business.md). The following sections explain some of the settings for shopping. 
 
 ## App licensing model
 The Microsoft Store supports two options to license apps: online and offline. **Online** licensing is the default licensing model. Online licensed apps require users and devices to connect to the Microsoft Store services to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Admins control whether or not offline apps are available in Microsoft Store with an offline app visibility setting. For more information, see [offline license visibility](https://docs.microsoft.com/microsoft-store/update-microsoft-store-for-business-account-settings#offline-licensing). 
@@ -31,6 +31,21 @@ There are a couple of things we need to know when you pay for apps. You can add
 - Legal business address
 - Payment option (credit card)
 
+## Allow users to shop
+
+**Allow users to shop** controls the shopping experience in Microsoft Store for Education. When this setting is on, **Purchasers** and **Basic Purchasers** can purchase products and services from Microsoft Store for Education. If your school chooses to closely control how purchases are made, admins can turn off **Allow users to shop**. When the setting is off:
+- The shopping experience is not availalbe 
+- **Purchasers** and **Basic Purchasers** can't purchase products and services from Microsoft Store for Education
+- Admins can't assign shopping roles to users
+- Products and services previously purchased by **Basic Purchasers** can be managed by admins. 
+
+**To manage Allow users to shop setting**
+1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com) 
+2. Click **Manage**, and then click **Settings**. 
+3. On **Shop**, turn on or turn off **Allow users to shop**.
+
+![manage settings to control Basic Purchaser role assignment](images/sfb-allow-shop-setting.png)
+
 ## Acquire apps
 **To acquire an app**  
 1.	Sign in to http://businessstore.microsoft.com
diff --git a/store-for-business/images/sfb-allow-shop-setting.png b/store-for-business/images/sfb-allow-shop-setting.png
new file mode 100644
index 0000000000..52320751ac
Binary files /dev/null and b/store-for-business/images/sfb-allow-shop-setting.png differ
diff --git a/store-for-business/settings-reference-microsoft-store-for-business.md b/store-for-business/settings-reference-microsoft-store-for-business.md
index a0c708802f..b949eced52 100644
--- a/store-for-business/settings-reference-microsoft-store-for-business.md
+++ b/store-for-business/settings-reference-microsoft-store-for-business.md
@@ -26,22 +26,10 @@ The Microsoft Store for Business and Education has a group of settings that admi
 | Payment options  | Manage payment options. For more information, see [Manage settings for the Microsoft Store for Business and Education](update-microsoft-store-for-business-account-settings.md#payment-options).| **Billing - Payment methods** |
 | Private store | Update the name for your private store. The new name will be displayed on a tab in the Store. For more information, see [Manage private store settings](manage-private-store-settings.md). | **Settings - Distribute** |
 | Offline licensing  | Configure whether or not to make offline-licensed apps available in the Microsoft Store for Business and Education. For more information, see [Distribute offline apps](distribute-offline-apps.md). | **Settings - Shop** |
+| Allow users to shop  | Configure whether or not people in your organization or school can see and use the shop function in Store for Business or Store for Education. For more information, see [Allow users to shop](acquire-apps-microsoft-store-for-business.md#allow-users-to-shop). | **Settings - Shop** |
+| Make everyone a Basic Purchaser  | Allow everyone in your organization to automatically become a Basic Purchaser. This allows them to purchase apps and manage them. For more information, see [Make everyone a Basic Purchaser](https://docs.microsoft.com/en-us/education/windows/education-scenarios-store-for-business#basic-purchaser-role). </br> **Make everyone a Basic Purchaser** is only available in Microsoft Store for Education.  | **Settings - Shop** |
 | App request | Configure whether or not people in your organization can request apps for admins to purchase. For more information, see [Distribute offline apps](acquire-apps-microsoft-store-for-business.md). | **Settings - Distribute** |
 | Management tools | Management tools that are synced with Azure AD are listed on this page. You can choose one to use for managing app updates and distribution. For more information, see [Configure MDM provider](configure-mdm-provider-microsoft-store-for-business.md). | **Settings - Distribute** |
 | Device Guard signing | Use the Device Guard signing portal to add unsigned apps to a code integrity policy, or to sign code integrity policies. For more information, see [Device Guard signing portal](device-guard-signing-portal.md). | **Settings - Devices**  |
 | Permissions   | Manage permissions for your employees. For more information, see [Roles and permissions in the Microsoft Store for Business and Education](roles-and-permissions-microsoft-store-for-business.md). | **Permissions - Roles** and **Permissions - Blocked basic purchasers** |
 | Line-of-business (LOB) publishers  | Invite devs to become LOB publishers for your organization. Existing LOB publishers are listed on the page, and you can deactivate or invite them again. For more information, see [Work with line-of-business apps](working-with-line-of-business-apps.md). | **Permissions - Line-of-business apps** |
-
-
-
-
- 
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/access-protection/hello-for-business/hello-deployment-guide.md b/windows/access-protection/hello-for-business/hello-deployment-guide.md
index c202596cd4..35ca37be84 100644
--- a/windows/access-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/access-protection/hello-for-business/hello-deployment-guide.md
@@ -28,7 +28,7 @@ This deployment guide is to guide you through deploying Windows Hello for Busine
 This guide assumes a baseline infrastructure exists that meets the requirements for your deployment.  For either hybrid or on-premises deployments, it is expected that you have: 
 * A well-connected, working network
 * Internet access
-   * Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
+* Multifactor Authentication Server to support MFA during Windows Hello for Business provisioning
 * Proper name resolution, both internal and external names
 * Active Directory and an adequate number of domain controllers per site to support authentication
 * Active Directory Certificate Services 2012 or later
diff --git a/windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index 7c56e7ded8..0aafbf488a 100644
--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -23,7 +23,7 @@ Hybrid environments are distributed systems that enable organizations to use on-
 
 The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure.  High-level pieces of the infrastructure include:
 * [Directories](#directories)
-* [Public Key Infrastucture](#public-key-infastructure)
+* [Public Key Infrastucture](#public-key-infrastructure)
 * [Directory Synchronization](#directory-synchronization)
 * [Federation](#federation)
 * [MultiFactor Authetication](#multifactor-authentication)
diff --git a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index d7f825257f..6c59f37b66 100644
--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -133,7 +133,7 @@ Sign-in a certificate authority or management workstations with _Domain Admin eq
 9. On the **Subject** tab, select the **Build from this Active Directory information** button if it is not already selected. Select **Fully distinguished name** from the **Subject name format** list if **Fully distinguished name** is not already selected. Select the **User Principal Name (UPN)** check box under **Include this information in alternative subject name**.
 10.	On the **Request Handling** tab, select the **Renew with same key** check box.
 11.	On the **Security** tab, click **Add**. Type **Window Hello for Business Users** in the **Enter the object names to select** text box and click **OK**.
-12.	Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Enroll** permission. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. 
+12.	Click the **Windows Hello for Business Users** from the **Group or users names** list. In the **Permissions for Windows Hello for Business Users** section, select the **Allow** check box for the **Read**, **Enroll**, and **AutoEnroll** permissions. Excluding the **Windows Hello for Business Users** group, clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**. 
 13.	If you previously issued Windows Hello for Business sign-in certificates using Configuration Manger and are switching to an AD FS registration authority, then on the **Superseded Templates** tab, add the previously used **Windows Hello for Business Authentication** template(s), so they will be superseded by this template for the users that have Enroll permission for this template.
 14.	Click on the **Apply** to save changes and close the console.
 
diff --git a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index 342e42b0d0..5b1f2a3188 100644
--- a/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/access-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -108,7 +108,7 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 3. Right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
 4. In the navigation pane, expand **Policies** under **User Configuration**.
 5. Expand **Windows Settings > Security Settings**, and click **Public Key Policies**.
-6. In the details pane, right-click **Certificate Services Client � Auto-Enrollment** and select **Properties**.
+6. In the details pane, right-click **Certificate Services Client - Auto-Enrollment** and select **Properties**.
 7. Select **Enabled** from the **Configuration Model** list.
 8. Select the **Renew expired certificates**, **update pending certificates**, and **remove revoked certificates** check box.
 9. Select the **Update certificates that use certificate templates** check box.
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index cc3105a21f..d69d0aca40 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -65,22 +65,22 @@ In the following example, the **Id** can be any generated GUID and the **Name**
                     <Type xmlns="syncml:metinf">text/plain</Type>
                 </Meta>
                 <Data>  
- &lt;RuleCollection Type="Appx" EnforcementMode="Enabled"&gt;
-    &lt;FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
-      &lt;Conditions&gt;
-        &lt;FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"&gt;
-          &lt;BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /&gt;
-        &lt;/FilePublisherCondition&gt;
-      &lt;/Conditions&gt;
-    &lt;/FilePublisherRule&gt;
-    &lt;FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
-      &lt;Conditions&gt;
-        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"&gt;
-          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
-        &lt;/FilePublisherCondition&gt;
-      &lt;/Conditions&gt;
-    &lt;/FilePublisherRule&gt;
-  &lt;/RuleCollection&gt;&gt;
+                  &lt;RuleCollection Type="Appx" EnforcementMode="Enabled"&gt;
+                   &lt;FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
+                    &lt;Conditions&gt;
+                      &lt;FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"&gt;
+                        &lt;BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /&gt;
+                      &lt;/FilePublisherCondition&gt;
+                    &lt;/Conditions&gt;
+                  &lt;/FilePublisherRule&gt;
+                  &lt;FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
+                   &lt;Conditions&gt;
+                     &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"&gt;
+                      &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
+                      &lt;/FilePublisherCondition&gt;
+                    &lt;/Conditions&gt;
+                  &lt;/FilePublisherRule&gt;
+                 &lt;/RuleCollection&gt;&gt;
                 </Data>
             </Item>
         </Add>
diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index b23dc6e57b..46ae254e64 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -142,6 +142,8 @@
 ### [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
 #### [EnterpriseModernAppManagement DDF](enterprisemodernappmanagement-ddf.md)
 #### [EnterpriseModernAppManagement XSD](enterprisemodernappmanagement-xsd.md)
+### [eUICCs CSP](euiccs-csp.md)
+#### [eUICCs DDF file](euiccs-ddf-file.md)
 ### [FileSystem CSP](filesystem-csp.md)
 ### [Firewall CSP](firewall-csp.md)
 #### [Firewall DDF file](firewall-ddf-file.md)
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 5ab0e0ff0b..c9a7ca2be4 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -876,29 +876,28 @@ The following example disables the Mixed Reality Portal. In the example, the **I
                     <Type xmlns="syncml:metinf">text/plain</Type>
                 </Meta>
                 <Data>  
- &lt;RuleCollection Type="Appx" EnforcementMode="Enabled"&gt;
-    &lt;FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
-      &lt;Conditions&gt;
-        &lt;FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"&gt;
-          &lt;BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /&gt;
-        &lt;/FilePublisherCondition&gt;
-      &lt;/Conditions&gt;
-    &lt;/FilePublisherRule&gt;
-    &lt;FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
-      &lt;Conditions&gt;
-        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"&gt;
-          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
-        &lt;/FilePublisherCondition&gt;
-      &lt;/Conditions&gt;
-    &lt;/FilePublisherRule&gt;
-  &lt;/RuleCollection&gt;&gt;
+                  &lt;RuleCollection Type="Appx" EnforcementMode="Enabled"&gt;
+                   &lt;FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
+                    &lt;Conditions&gt;
+                      &lt;FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*"&gt;
+                        &lt;BinaryVersionRange LowSection="0.0.0.0" HighSection="*" /&gt;
+                      &lt;/FilePublisherCondition&gt;
+                    &lt;/Conditions&gt;
+                  &lt;/FilePublisherRule&gt;
+                  &lt;FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
+                   &lt;Conditions&gt;
+                     &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*"&gt;
+                      &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
+                      &lt;/FilePublisherCondition&gt;
+                    &lt;/Conditions&gt;
+                  &lt;/FilePublisherRule&gt;
+                 &lt;/RuleCollection&gt;&gt;
                 </Data>
             </Item>
         </Add>
         <Final/>
     </SyncBody>
 </SyncML>
-
 ``` 
 
 The following example for Windows 10 Mobile denies all apps and allows the following apps:
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index bd4a538872..be06a10c27 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,17 +7,17 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/03/2017
+ms.date: 11/01/2017
 ---
 
 # AssignedAccess CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode. Once the CSP has been executed, then the next user login that is associated with the kiosk mode puts the device in the kiosk mode running the application specified in the CSP configuration.
 
-For step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
+For a step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
+
+ In Windows 10, version 1709, the AssignedAccess configuration service provider (CSP) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For a step-by-step guide, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).
 
 > [!Note]
 > The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro and Windows 10 S.
@@ -32,6 +32,9 @@ Root node for the CSP.
 <a href="" id="assignedaccess-kioskmodeapp"></a>**./Device/Vendor/MSFT/AssignedAccess/KioskModeApp**  
 A JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app. For more information about how to get the AUMID, follow the information in [this Microsoft website](http://go.microsoft.com/fwlink/p/?LinkId=404220).
 
+> [!Note]  
+> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.
+
 In Windows 10, version 1607, you can use a provisioned app to configure the kiosk mode. For more information about how to remotely provision an app, see [Enterprise app management](enterprise-app-management.md).
 
 Here's an example:
@@ -40,10 +43,15 @@ Here's an example:
 {"Account":"contoso\\kioskuser","AUMID":"Microsoft.Windows.Contoso_cw5n1h2txyewy!Microsoft.ContosoApp.ContosoApp"}
 ```
 
+> [!Tip]  
+> In this example the double \\\ is only required because it's in json and json escapes \ into \\\\. If MDM server uses json parser\composer, they should only ask customer to type one \\, which will be \\\ in the json. If user types \\\\, it'll be \\\\\\\ in json, which is wrong. For the same reason, domain\account used in Configuration xml does not need \\\ but only one \\, because xml does not (require) escape \\.
+>
+> This comment applies to both domain\account, AzureAD\someone@contoso.onmicrosoft.com, i.e. as long as a \ used in json string. 
+
 When configuring the kiosk mode app, the account name will be used to find the target user. The account name includes domain name and user name.
 
-> **Note**  The domain name can be optional if the user name is unique across the system.
-
+> [!Note]  
+> The domain name can be optional if the user name is unique across the system.
 
 For a local account, the domain name should be the device name. When Get is executed on this node, the domain name is always returned in the output.
 
@@ -51,7 +59,10 @@ For a local account, the domain name should be the device name. When Get is exec
 The supported operations are Add, Delete, Get and Replace. When there's no configuration, the Get and Delete methods fail. When there's already a configuration for kiosk mode app, the Add method fails. The data pattern for Add and Replace is the same.
 
 <a href="" id="assignedaccess-configuration"></a>**./Device/Vendor/MSFT/AssignedAccess/Configuration**  
-Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Overview of the AssignedAccessConfiguration XML](#overview-of-the-assignedaccessconfiguration-xml). Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
+Added in Windows 10, version 1709. Specifies the settings that you can configure in the kiosk or device. This node accepts an AssignedAccessConfiguration xml as input to configure the device experience. For details about the configuration settings in the XML, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/en-us/windows/configuration/lock-down-windows-10-to-specific-apps).Here is the schema for the [AssignedAccessConfiguration](#assignedaccessconfiguration-xsd). 
+
+> [!Note]  
+> You cannot set both KioskModeApp and Configuration at the same time in the device in Windows 10, version 1709.
 
 Enterprises can use this to easily configure and manage the curated lockdown experience. 
 
@@ -59,7 +70,7 @@ Supported operations are Add, Get, Delete, and Replace.
 
 Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies back (e.g. Start Layout).
 
-## Examples
+## KioskModeApp examples
 
 KioskModeApp Add
 
@@ -242,170 +253,7 @@ KioskModeApp Replace
 </xs:schema>
 ```
 
-## Overview of the AssignedAccessConfiguration XML  
-
-Let's start by looking at the basic structure of the XML file.  
-
--  A configuration xml can define multiple profiles, each profile has a unique Id and defines a curated set of applications that are allowed to run.  
--  A configuration xml can have multiple configs, each config associates a non-admin user account to a default profile Id. 
--  A profile has no effect if it’s not associated to a user account.  
- 
-A profile node has below information:  
-
--  Id: a GUID attribute to uniquely identify the Profile. 
--  AllowedApps: a node with a list of allowed to run applications, could be UWP apps or desktop apps.  
--  StartLayout: a node for startlayout policy xml.  
--  Taskbar: a node with a Boolean attribute ShowTaskbar to indicate whether to show taskbar.  
-
-You can start your file by pasting the following XML (or any other examples in this doc) into a XML editor, and saving the file as filename.xml. 
-
-``` syntax
-<?xml version="1.0" encoding="utf-8" ?> 
-<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"> 
-    <Profiles> 
-        <Profile Id=""> 
-            <AllAppsList> 
-                <AllowedApps/> 
-            </AllAppsList>          
-            <StartLayout/> 
-            <Taskbar/> 
-        </Profile> 
-    </Profiles> 
-    <Configs> 
-        <Config> 
-            <Account/> 
-            <DefaultProfile Id=""/> 
-        </Config> 
-    </Configs> 
-</AssignedAccessConfiguration> 
-```
- 
-### Allowed apps
-
-Based on the purpose of the kiosk device, define the list of applications that are allowed to run. This list can contain both UWP apps and desktop apps, which is used to generate the assigned access AppLocker rules.  
-
--  For Windows apps, you need to provide the App User Model ID (AUMID).  
-   -  [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or  
-   -  Get the AUMID via the [Start Layout XML](#start-layout).  
--  For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%). 
-
-Here are the predefined assigned access AppLocker rules:  
-
-**For UWP apps**
-    
-1. Default rule is to allow all users to launch the signed package apps.  
-2. The package app deny list is generated at run time when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the deny list. This list will exclude the default allowed inbox package apps which are critical for the system to function, and then exclude the allowed package apps enterprises defined in the assigned access configuration. This deny list will be used to prevent the user from accessing the apps which are available for the user but not in the allowed list.  
- 
-> [!Note]   
-> Assigned access multi-app mode doesn’t block the enterprises or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in back next time, it will be included in the deny list. If this is an enterprise deployed LoB app and you want to allow it running, make sure update the assigned access configuration to include it in the allowed app list.  
- 
-**For Win32 apps**
-
-1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. Also the rule allows admin user group to launch all desktop programs.  
-2. There is a predefined inbox desktop app deny list for the assigned access user account, and this deny list is adjusted based on the desktop app allow list you defined in the multi-app configuration.  
-3. Enterprise defined allowed desktop apps are added in the AppLocker allow list.  
-
-The following example makes Groove Music, Movies & TV, Photos, Weather, Calculator, Paint and Notepad apps allowed to run on the device.  
-
-``` syntax
-      <AllAppsList> 
-        <AllowedApps> 
-          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
-          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
-          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> 
-          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> 
-          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> 
-          <App DesktopAppPath="%windir%\system32\mspaint.exe" /> 
-          <App DesktopAppPath="C:\Windows\System32\notepad.exe" /> 
-        </AllowedApps> 
-      </AllAppsList> 
-```
-
-### Start layout
-
-Once you have defined the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset depending on whether you want the end user to directly access them on the Start.  
- 
-The easiest way for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test device and then export the layout.  
-
-A few things to note here: 
-
--  The test device on which you customize the Start layout should have the same OS version that is installed on the device you plan to deploy the multi-app assigned access configuration.  
--  Since the multi-app assigned access experience is intended for fixed purpose devices, to ensure the device experiences are consistent and predictable, use the full Start layout option instead of the partial Start layout.  
--  There are no apps pinned on the taskbar in the multi-app mode, and it is not supported to configure Taskbar layout using the CustomTaskbarLayoutCollection tag in a layout modification XML as part of the assigned access configuration.  
-
-The following example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint and Notepad apps on Start.  
-
-```syntax
-      <StartLayout> 
-        <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> 
-                      <LayoutOptions StartTileGroupCellWidth="6" /> 
-                      <DefaultLayoutOverride> 
-                        <StartLayoutCollection> 
-                          <defaultlayout:StartLayout GroupCellWidth="6"> 
-                            <start:Group Name="Group1"> 
-                              <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
-                              <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
-                              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> 
-                              <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> 
-                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> 
-                            </start:Group> 
-                            <start:Group Name="Group2"> 
-                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" /> 
-                              <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" /> 
-                            </start:Group> 
-                          </defaultlayout:StartLayout> 
-                        </StartLayoutCollection> 
-                      </DefaultLayoutOverride> 
-                    </LayoutModificationTemplate> 
-                ]]> 
-      </StartLayout> 
-```
-
-For additional information, see [Customize and export Start layout](https://docs.microsoft.com/en-us/windows/configuration/customize-and-export-start-layout)
-
-### Taskbar  
-
-Define whether you want to have the taskbar present in the kiosk device. For tablet based or touch enabled All-In-One kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.  
-The following example exposes the taskbar to the end user: 
-
-``` syntax
-      <Taskbar ShowTaskbar="true"/> 
-```
-The following example hides the taskbar: 
-
-``` syntax
-      <Taskbar ShowTaskbar="false"/> 
-```
-
-> [!Note] 
-> This is different with the “Automatically hide the taskbar” option in tablet mode which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting “ShowTaskbar” as “false” will always hide the taskbar.  
-
-### Profiles and configs
-
-In the XML file, you define each profile with a GUID. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.  
-
-``` syntax
-  <Profiles> 
-    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile> 
-  </Profiles>
-```
-
-Under Configs, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, start layout, taskbar configuration as well as other local group policies/MDM policies set as part of the multi-app experience.  
-
-``` syntax
-  <Configs> 
-    <Config> 
-      <Account>MultiAppKioskUser</Account> 
-      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/> 
-    </Config> 
-  </Configs>  
-```
-
-> [!Note]  
-> - The full multi-app assigned access experience can only work for non-admin users. It’s not supported to associate an admin user with the assigned access profile, doing this in the XML file will result unexpected/unsupported experiences when this admin user signs in.   
-> - Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail. 
-
-### Example AssignedAccessConfiguration XML
+## Example AssignedAccessConfiguration XML
 
 ``` syntax
 <?xml version="1.0" encoding="utf-8" ?> 
@@ -457,3 +305,258 @@ Under Configs, define which user account will be associated with the profile. Wh
   </Configs> 
 </AssignedAccessConfiguration> 
 ```
+
+## Configuration examples
+
+XML encoding (escaped) and CDATA of the XML in the Data node both ensure that DM client can properly interpret the SyncML and send the configuration xml as string (in original format, unescaped) to AssignedAccess CSP to handle. 
+
+Similarly, the StartLayout xml inside the configuration xml is using the same format, xml inside xml as string. In the sample Configuration xml provided above, CDATA is used to embed the StartLayout xml. If you use CDATA to embed configuration xml in SyncML as well, you’ll have nested CDATA so pay attention to how CDATA is used in the provided CDATA sample. With that being said, when the Configuration xml is being constructed, MDM server can either escape start layout xml or put startlayout xml inside CDATA, when MDM server puts configuration xml inside SyncML, MDM server can also either escape it or wrap with CDATA. 
+
+Escape and CDATA are mechanisms when handling xml in xml. Consider it’s a transportation channel to send the configuration xml as payload from server to client. It’s transparent to both end user who configures the CSP and transparent to our CSP. Both the customer on the server side and our CSP must only see the original configuration XML.
+
+This example shows escaped XML of the Data node.
+
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+    <SyncBody>
+        <Add>
+            <CmdID>2</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>./Device/Vendor/MSFT/AssignedAccess/Configuration</LocURI>
+                </Target>
+                <Meta>
+                    <Format xmlns="syncml:metinf">chr</Format>
+                </Meta>
+                <Data>
+                    &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot; ?&gt;
+&lt;AssignedAccessConfiguration xmlns=&quot;http://schemas.microsoft.com/AssignedAccess/2017/config&quot;&gt;
+    &lt;Profiles&gt;
+        &lt;Profile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;&gt;
+            &lt;AllAppsList&gt;
+                &lt;AllowedApps&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
+                    &lt;App DesktopAppPath=&quot;%windir%\system32\mspaint.exe&quot; /&gt;
+                    &lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; /&gt;
+                &lt;/AllowedApps&gt;
+            &lt;/AllAppsList&gt;
+            &lt;StartLayout&gt;
+                &lt;![CDATA[&lt;LayoutModificationTemplate xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot; Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt; 
+                      &lt;LayoutOptions StartTileGroupCellWidth=&quot;6&quot; /&gt; 
+                      &lt;DefaultLayoutOverride&gt; 
+                        &lt;StartLayoutCollection&gt; 
+                          &lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot;&gt; 
+                            &lt;start:Group Name=&quot;Group1&quot;&gt; 
+                              &lt;start:Tile Size=&quot;4x4&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;2&quot; AppUserModelID=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;4x2&quot; Column=&quot;0&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt; 
+                            &lt;/start:Group&gt; 
+                            &lt;start:Group Name=&quot;Group2&quot;&gt; 
+                              &lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; DesktopApplicationID=&quot;{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe&quot; /&gt; 
+                              &lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; DesktopApplicationID=&quot;{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe&quot; /&gt; 
+                            &lt;/start:Group&gt; 
+                          &lt;/defaultlayout:StartLayout&gt; 
+                        &lt;/StartLayoutCollection&gt; 
+                      &lt;/DefaultLayoutOverride&gt; 
+                    &lt;/LayoutModificationTemplate&gt; 
+                ]]&gt;
+            &lt;/StartLayout&gt;
+            &lt;Taskbar ShowTaskbar=&quot;true&quot;/&gt;
+        &lt;/Profile&gt;
+    &lt;/Profiles&gt;
+    &lt;Configs&gt;
+        &lt;Config&gt;
+            &lt;Account&gt;MultiAppKioskUser&lt;/Account&gt;
+            &lt;DefaultProfile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;/&gt;
+        &lt;/Config&gt;
+    &lt;/Configs&gt;
+&lt;/AssignedAccessConfiguration&gt;
+
+                </Data>
+            </Item>
+        </Add>
+        <Final />
+    </SyncBody>
+</SyncML>
+```
+This example shows escaped XML of the Data node.
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+    <SyncBody>
+        <Replace>
+            <CmdID>2</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>./Device/Vendor/MSFT/AssignedAccess/Configuration</LocURI>
+                </Target>
+                <Meta>
+                    <Format xmlns="syncml:metinf">chr</Format>
+                </Meta>
+                <Data>
+                    &lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot; ?&gt;
+&lt;AssignedAccessConfiguration xmlns=&quot;http://schemas.microsoft.com/AssignedAccess/2017/config&quot;&gt;
+    &lt;Profiles&gt;
+        &lt;Profile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;&gt;
+            &lt;AllAppsList&gt;
+                &lt;AllowedApps&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt;
+                    &lt;App AppUserModelId=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt;
+                    &lt;App DesktopAppPath=&quot;%windir%\system32\mspaint.exe&quot; /&gt;
+                    &lt;App DesktopAppPath=&quot;C:\Windows\System32\notepad.exe&quot; /&gt;
+                &lt;/AllowedApps&gt;
+            &lt;/AllAppsList&gt;
+            &lt;StartLayout&gt;
+                &lt;![CDATA[&lt;LayoutModificationTemplate xmlns:defaultlayout=&quot;http://schemas.microsoft.com/Start/2014/FullDefaultLayout&quot; xmlns:start=&quot;http://schemas.microsoft.com/Start/2014/StartLayout&quot; Version=&quot;1&quot; xmlns=&quot;http://schemas.microsoft.com/Start/2014/LayoutModification&quot;&gt; 
+                      &lt;LayoutOptions StartTileGroupCellWidth=&quot;6&quot; /&gt; 
+                      &lt;DefaultLayoutOverride&gt; 
+                        &lt;StartLayoutCollection&gt; 
+                          &lt;defaultlayout:StartLayout GroupCellWidth=&quot;6&quot;&gt; 
+                            &lt;start:Group Name=&quot;Group1&quot;&gt; 
+                              &lt;start:Tile Size=&quot;4x4&quot; Column=&quot;0&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;2&quot; AppUserModelID=&quot;Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;0&quot; AppUserModelID=&quot;Microsoft.Windows.Photos_8wekyb3d8bbwe!App&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;2x2&quot; Column=&quot;4&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.BingWeather_8wekyb3d8bbwe!App&quot; /&gt; 
+                              &lt;start:Tile Size=&quot;4x2&quot; Column=&quot;0&quot; Row=&quot;4&quot; AppUserModelID=&quot;Microsoft.WindowsCalculator_8wekyb3d8bbwe!App&quot; /&gt; 
+                            &lt;/start:Group&gt; 
+                            &lt;start:Group Name=&quot;Group2&quot;&gt; 
+                              &lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;2&quot; Row=&quot;0&quot; DesktopApplicationID=&quot;{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe&quot; /&gt; 
+                              &lt;start:DesktopApplicationTile Size=&quot;2x2&quot; Column=&quot;0&quot; Row=&quot;0&quot; DesktopApplicationID=&quot;{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe&quot; /&gt; 
+                            &lt;/start:Group&gt; 
+                          &lt;/defaultlayout:StartLayout&gt; 
+                        &lt;/StartLayoutCollection&gt; 
+                      &lt;/DefaultLayoutOverride&gt; 
+                    &lt;/LayoutModificationTemplate&gt; 
+                ]]&gt;
+            &lt;/StartLayout&gt;
+            &lt;Taskbar ShowTaskbar=&quot;true&quot;/&gt;
+        &lt;/Profile&gt;
+    &lt;/Profiles&gt;
+    &lt;Configs&gt;
+        &lt;Config&gt;
+            &lt;Account&gt;MultiAppKioskUser&lt;/Account&gt;
+            &lt;DefaultProfile Id=&quot;{9A2A490F-10F6-4764-974A-43B19E722C23}&quot;/&gt;
+        &lt;/Config&gt;
+    &lt;/Configs&gt;
+&lt;/AssignedAccessConfiguration&gt;
+
+                </Data>
+            </Item>
+        </Replace>
+        <Final />
+    </SyncBody>
+</SyncML>
+```
+
+This example uses CData for the XML.
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+    <SyncBody>
+        <Add>
+            <CmdID>2</CmdID>
+            <Item>
+                <Target>
+                    <LocURI>./Device/Vendor/MSFT/AssignedAccess/Configuration</LocURI>
+                </Target>
+                <Meta>
+                    <Format xmlns="syncml:metinf">chr</Format>
+                </Meta>
+                <Data>
+                    <![CDATA[<?xml version="1.0" encoding="utf-8" ?> 
+<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"> 
+  <Profiles> 
+    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"> 
+      <AllAppsList> 
+        <AllowedApps> 
+          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
+          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> 
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> 
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> 
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" /> 
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" /> 
+        </AllowedApps> 
+      </AllAppsList> 
+      <StartLayout> 
+        <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"> 
+                      <LayoutOptions StartTileGroupCellWidth="6" /> 
+                      <DefaultLayoutOverride> 
+                        <StartLayoutCollection> 
+                          <defaultlayout:StartLayout GroupCellWidth="6"> 
+                            <start:Group Name="Group1"> 
+                              <start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
+                              <start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
+                              <start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> 
+                              <start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> 
+                              <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> 
+                            </start:Group> 
+                            <start:Group Name="Group2"> 
+                              <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\mspaint.exe" /> 
+                              <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationID="{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe" /> 
+                            </start:Group> 
+                          </defaultlayout:StartLayout> 
+                        </StartLayoutCollection> 
+                      </DefaultLayoutOverride> 
+                    </LayoutModificationTemplate> 
+                  ]]]]><![CDATA[>
+      </StartLayout> 
+      <Taskbar ShowTaskbar="true"/> 
+    </Profile> 
+  </Profiles> 
+  <Configs> 
+    <Config> 
+      <Account>MultiAppKioskUser</Account> 
+      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/> 
+    </Config> 
+  </Configs> 
+</AssignedAccessConfiguration>
+]]>
+                </Data>
+            </Item>
+        </Add>
+        <Final />
+    </SyncBody>
+</SyncML>
+```
+
+Example of Get command that returns the configuration in the device.
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+   <SyncBody>
+       <Get>
+           <CmdID>2</CmdID>
+           <Item>
+               <Target>
+                   <LocURI>./Device/Vendor/MSFT/AssignedAccess/Configuration</LocURI>
+               </Target>
+           </Item>
+       </Get>
+       <Final />
+   </SyncBody>
+</SyncML>
+```
+
+Example of the Delete command.
+```
+<SyncML xmlns='SYNCML:SYNCML1.2'>
+   <SyncBody>
+       <Delete>
+           <CmdID>2</CmdID>
+           <Item>
+               <Target>
+                   <LocURI>./Device/Vendor/MSFT/AssignedAccess/Configuration</LocURI>
+               </Target>
+           </Item>
+       </Delete>
+       <Final />
+   </SyncBody>
+</SyncML>
+```
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index a5f029da79..564378ac63 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/27/2017
+ms.date: 11/01/2017
 ---
 
 # AssignedAccess DDF
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **AssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 587a1318fc..31a0842f21 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -43,7 +43,7 @@ The following image shows the ClientCertificateInstall configuration service pro
 
 <p style="margin-left: 20px">The data type format is node.
 
-<p style="margin-left: 20px">Supported operations are Get, Add, and Delete .
+<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
 
 <p style="margin-left: 20px">Calling Delete on this node should delete the certificates and the keys that were installed by the corresponding PFX blob.
 
@@ -67,7 +67,7 @@ The following image shows the ClientCertificateInstall configuration service pro
 
 <p style="margin-left: 20px">Date type is string.
 
-<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
+<p style="margin-left: 20px">Supported operations are Get, Add, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-pfxcertinstall-uniqueid-pfxcertblob"></a>**ClientCertificateInstall/PFXCertInstall/*UniqueID*/PFXCertBlob**  
 <p style="margin-left: 20px">CRYPT\_DATA\_BLOB structure that contains a PFX packet with the exported and encrypted certificates and keys. The Add operation triggers the addition to the PFX certificate. This requires that all the other nodes under UniqueID that are parameters for PFX installation (Container Name, KeyLocation, CertPassword, KeyExportable) are present before this is called. This also sets the Status node to the current Status of the operation.
@@ -142,7 +142,6 @@ The following image shows the ClientCertificateInstall configuration service pro
 <a href="" id="clientcertificateinstall-scep-uniqueid"></a>**ClientCertificateInstall/SCEP/****_UniqueID_**  
 <p style="margin-left: 20px">A unique ID to differentiate different certificate installation requests.
 
-<p style="margin-left: 20px">Supported operations are Get, Add, Replace, and Delete.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install**  
 <p style="margin-left: 20px">A node required for SCEP certificate enrollment. Parent node to group SCEP cert installation related requests.
@@ -157,14 +156,14 @@ The following image shows the ClientCertificateInstall configuration service pro
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Get, Add, and Replace.
+<p style="margin-left: 20px">Supported operations are Get, Add, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-challenge"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/Challenge**  
 <p style="margin-left: 20px">Required for SCEP certificate enrollment. B64 encoded SCEP enrollment challenge. Challenge is deleted shortly after the Exec command is accepted.
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-ekumapping"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/EKUMapping**  
 <p style="margin-left: 20px">Required. Specifies extended key usages. Subject to SCEP server configuration. The list of OIDs are separated by a plus **+**. For example, *OID1*+*OID2*+*OID3*.
@@ -174,7 +173,7 @@ Data type is string.
 
 <p style="margin-left: 20px">Data type is int.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-subjectname"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectName**  
 <p style="margin-left: 20px">Required. Specifies the subject name.
@@ -199,7 +198,12 @@ Data type is string.
 | 4     | Private key protected by Windows Hello for Business (formerly known as Microsoft Passport for Work). If this option is specified, the ContainerName must be specifed, otherwise enrollment will fail. |
 
  
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
+
+<a href="" id="clientcertificateinstall-scep-uniqueid-install-keyusage"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyUsage**  
+<p style="margin-left: 20px">Required for enrollment. Specify the key usage bits (0x80, 0x20, 0xA0, etc.) for the certificate in decimal format. The value should at least have second (0x20) or forth (0x80) or both bits set. If the value doesn’t have those bits set, configuration will fail.
+
+<p style="margin-left: 20px"> Supported operations are Add, Get, Delete, and Replace. Value type is integer.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-retrydelay"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryDelay**  
 <p style="margin-left: 20px">Optional. When the SCEP server sends a pending status, this value specifies the device retry waiting time in minutes.
@@ -210,7 +214,7 @@ Data type is string.
 
 <p style="margin-left: 20px">The minimum value is 1.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-retrycount"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/RetryCount**  
 <p style="margin-left: 20px">Optional. Unique to SCEP. Specifies the device retry times when the SCEP server sends a pending status.
@@ -223,7 +227,7 @@ Data type is string.
 
 <p style="margin-left: 20px">Minimum value is 0, which indicates no retry.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-templatename"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/TemplateName**  
 <p style="margin-left: 20px">Optional. OID of certificate template name.
@@ -233,7 +237,7 @@ Data type is string.
  
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-keylength"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/KeyLength**  
 <p style="margin-left: 20px">Required for enrollment. Specify private key length (RSA).
@@ -244,7 +248,7 @@ Data type is string.
 
 <p style="margin-left: 20px">For Windows Hello for Business (formerly known as Microsoft Passport for Work) , only 2048 is the supported key length.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-hashalgorithm"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/HashAlgorithm**  
 <p style="margin-left: 20px">Required. Hash algorithm family (SHA-1, SHA-2, SHA-3) specified by MDM server. If multiple hash algorithm families are specified, they must be separated with **+**.
@@ -253,14 +257,14 @@ Data type is string.
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-cathumbprint"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/CAThumbprint**  
 <p style="margin-left: 20px">Required. Specifies Root CA thumbprint. This is a 20-byte value of the SHA1 certificate hash specified as a hexadecimal string value. When client authenticates the SCEP server, it checks the CA certificate from the SCEP server to verify a match with this certificate. If it is not a match, the authentication will fail.
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-subjectalternativenames"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/SubjectAlternativeNames**  
 <p style="margin-left: 20px">Optional. Specifies subject alternative names (SAN). Multiple alternative names can be specified by this node. Each name is the combination of name format+actual name. Refer to the name type definitions in MSDN for more information.
@@ -269,7 +273,7 @@ Data type is string.
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-validperiod"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriod**  
 <p style="margin-left: 20px">Optional. Specifies the units for the valid certificate period.
@@ -285,7 +289,7 @@ Data type is string.
 > **Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
 
  
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-validperiodunits"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/ValidPeriodUnits**  
 <p style="margin-left: 20px">Optional. Specifies the desired number of units used in the validity period. This is subject to SCEP server configuration. Default value is 0. The unit type (days, months, or years) are defined in the ValidPeriod node. Note the valid period specified by MDM will overwrite the valid period specified in the certificate template. For example, if ValidPeriod is Days and ValidPeriodUnits is 30, it means the total valid duration is 30 days.
@@ -295,21 +299,21 @@ Data type is string.
 >**Note**  The device only sends the MDM server expected certificate validation period (ValidPeriodUnits + ValidPeriod) to the SCEP server as part of certificate enrollment request. Depending on the server configuration, the server defines how to use this valid period to create the certificate.
 
  
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-containername"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/ContainerName**  
 <p style="margin-left: 20px">Optional. Specifies the Windows Hello for Business container name (if Windows Hello for Business KSP is chosen for the node). If this node is not specified when Windows Hello for Business KSP is chosen, the enrollment will fail.
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-customtexttoshowinprompt"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/CustomTextToShowInPrompt**  
 <p style="margin-left: 20px">Optional. Specifies the custom text to show on the Windows Hello for Business PIN prompt during certificate enrollment. The admin can choose to provide more contextual information in this field for why the user needs to enter the PIN and what the certificate will be used for.
 
 <p style="margin-left: 20px">Data type is string.
 
-<p style="margin-left: 20px">Supported operations are Add, Get, and Replace.
+<p style="margin-left: 20px">Supported operations are Add, Get, Delete, and Replace.
 
 <a href="" id="clientcertificateinstall-scep-uniqueid-install-enroll"></a>**ClientCertificateInstall/SCEP/*UniqueID*/Install/Enroll**  
 <p style="margin-left: 20px">Required. Triggers the device to start the certificate enrollment. The device will not notify MDM server after certificate enrollment is done. The MDM server could later query the device to find out whether new certificate is added.
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index fd5460395b..5ebdcca10d 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/19/2017
+ms.date: 11/01/2017
 ---
 
 # Configuration service provider reference
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. Some configuration service providers support the WAP format, some support SyncML, and some support both. SyncML is only used over–the–air for Open Mobile Alliance Device Management (OMA DM), whereas WAP can be used over–the–air for OMA Client Provisioning, or it can be included in the phone image as a .provxml file that is installed during boot.
 
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 684988216b..3ddbb3dcaa 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -7,15 +7,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/10/2017
+ms.date: 11/01/2017
 ---
 
 # DeviceManageability CSP
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 The DeviceManageability configuration service provider (CSP) is used retrieve the general information about MDM configuration capabilities on the device. This CSP was added in Windows 10, version 1607.
 
 For performance reasons DeviceManageability CSP directly reads the CSP version from the registry. Specifically, the value csp\_version is used to determine each of the CSP versions. The csp\_version is a value under each of the CSP registration keys. To have consistency on the CSP version, the CSP GetProperty implementation for CFGMGR\_PROPERTY\_SEMANTICTYPE has to be updated to read from the registry as well, so that the both paths return the same information. 
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index a1f646623e..fa092bca10 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -7,15 +7,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/10/2017
+ms.date: 11/01/2017
 ---
 
 # DeviceManageability DDF
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
 
 You can download the DDF files from the links below:
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 2d8c6f0b32..df99bcf53d 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 11/01/2017
 ---
 
 # DeviceStatus CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The DeviceStatus configuration service provider is used by the enterprise to keep track of device inventory and query the state of compliance of these devices with their enterprise policies.
 
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index b9e8608716..d9d8d40156 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/24/2017
+ms.date: 11/01/2017
 ---
 
 # DeviceStatus DDF
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **DeviceStatus** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index e0b8f44952..ea3c312239 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 10/30/2017
 ---
 
 # DMClient CSP
@@ -252,6 +252,11 @@ Optional. Added in Windows 10, version 1703. Specify the Discovery server URL o
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
+<a href="" id="provider-providerid-numberofdaysafterlostcontacttounenroll"></a>**Provider/*ProviderID*/NumberOfDaysAfterLostContactToUnenroll**  
+Optional. Number of days after last sucessful sync to unenroll.
+
+Supported operations are Add, Delete, Get, and Replace. Value type is integer.
+
 <a href="" id="provider-providerid-poll"></a>**Provider/*ProviderID*/Poll**  
 Optional. Polling schedules must utilize the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
 
@@ -639,6 +644,90 @@ Optional. Added in Windows 10, version 1703. Specifies the display text for the
 
 Supported operations are Add, Delete, Get, and Replace. Value type is string.
 
+<a href="" id="provider-providerid-firstsyncstatus-"></a>**Provider/*ProviderID*/FirstSyncStatus**  
+Optional node. Added in Windows 10, version 1709.
+
+<a href="" id="provider-providerid-firstsyncstatus-expectedpolicies"></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedPolicies**  
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to policies the management service provider expects to provision, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
+
+Supported operations are Add, Delete, Get, and Replace. Value type is string.
+
+<a href="" id="provider-providerid-firstsyncstatus-expectednetworkprofiles "></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedNetworkProfiles**  
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the the management service provider expects to provision, delimited by the character L"\xF000".
+
+Supported operations are Add, Delete, Get, and Replace. Value type is string.
+
+<a href="" id="provider-providerid-firstsyncstatus-expectedmsiapppackages"></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedMSIAppPackages**  
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package.  We will not verify that number. For example, `./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2`  This represents App Package ProductID1 containing 4 apps, and ProductID2 containing 2 apps.
+
+Supported operations are Add, Delete, Get, and Replace. Value type is string.
+
+<a href="" id="provider-providerid-firstsyncstatus-expectedmodernapppackages"></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedModernAppPackages**  
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to App Packages the management service provider expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package.  We will not verify that number.  For example, 
+
+``` syntax
+./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" 
+./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2
+```
+
+This represents App Package PackageFullName containing 4 apps, and PackageFullName2 containing 2 apps.
+
+Supported operations are Add, Delete, Get, and Replace. Value type is string.
+
+<a href="" id="provider-providerid-firstsyncstatus-expectedpfxcerts"></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedPFXCerts**  
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to certs the management service provider expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
+
+Supported operations are Add, Delete, Get, and Replace. Value type is string.
+
+<a href="" id="provider-providerid-firstsyncstatus-expectedscepcerts"></a>**Provider/*ProviderID*/FirstSyncStatus/ExpectedSCEPCerts**  
+Required. Added in Windows 10, version 1709. This node contains a list of LocURIs that refer to SCEP certs the management service provider expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).
+
+Supported operations are Add, Delete, Get, and Replace. Value type is string.
+
+<a href="" id="provider-providerid-firstsyncstatus-timeoutuntilsyncfailure"></a>**Provider/*ProviderID*/FirstSyncStatus/TimeOutUntilSyncFailure**  
+Required. Added in Windows 10, version 1709. This node determines how long we will poll until we surface an error message to the user.  The unit of measurement is minutes.  Default value will be 60, while maximum value will be 1,440 (one day).  
+
+Supported operations are Get and Replace. Value type is integer.
+
+<a href="" id="provider-providerid-firstsyncstatus-serverhasfinishedprovisioning"></a>**Provider/*ProviderID*/FirstSyncStatus/ServerHasFinishedProvisioning**  
+Required. Added in Windows 10, version 1709. This node is set by the server to inform the UX that the server has finished provisioning the device. This was added so that the server can “change its mind" about what it needs to provision on the device. When this node is set, many other DM Client nodes will no longer be able to be changed. If this node is not True, the UX will consider the provisioning a failure. Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED.
+
+Supported operations are Get and Replace. Value type is boolean.
+
+<a href="" id="provider-providerid-firstsyncstatus-issyncdone"></a>**Provider/*ProviderID*/FirstSyncStatus/IsSyncDone**Required. Added in Windows 10, version 1709. This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned. When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned. It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times).
+
+Supported operations are Get and Replace. Value type is boolean.
+
+<a href="" id="provider-providerid-firstsyncstatus-wasdevicesuccessfullyprovisioned"></a>**Provider/*ProviderID*/FirstSyncStatus/WasDeviceSuccessfullyProvisioned**  
+Required. Added in Windows 10, version 1709. Integer node determining if a device was successfully provisioned.  0 is failure, 1 is success, 2 is in progress.  Once the value is changed to 0 or 1, the value cannot be changed again. The client will change the value of success or failure and update the node. The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true.
+
+Supported operations are Get and Replace. Value type is integer.
+
+<a href="" id="provider-providerid-enhancedapplayersecurity"></a>**Provider/*ProviderID*/EnhancedAppLayerSecurity**  
+Required node. Added in Windows 10, version 1709.
+
+Supported operation is Get.
+
+<a href="" id="provider-providerid-enhancedapplayersecurity-securitymode"></a>**Provider/*ProviderID*/EnhancedAppLayerSecurity/SecurityMode**  
+Required. Added in Windows 10, version 1709. This node specifies how the client will perform the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0.
+
+Supported operations are Add, Get, Replace, and Delete. Value type is integer.
+
+<a href="" id="provider-providerid-enhancedapplayersecurity-usecertifrevocationcheckoffline"></a>**Provider/*ProviderID*/EnhancedAppLayerSecurity/UseCertIfRevocationCheckOffline**  
+Required. Added in Windows 10, version 1709. This node, when it is set, tells the client to use the certificate even when the client cannot check the certificate's revocation status because the device is offline. The default value is set.
+
+Supported operations are Add, Get, Replace, and Delete. Value type is boolean.
+
+<a href="" id="provider-providerid-enhancedapplayersecurity-cert0"></a>**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert0**  
+Required. Added in Windows 10, version 1709. The node contains the primary certificate - the public key to use.
+
+Supported operations are Add, Get, Replace, and Delete. Value type is string.
+
+<a href="" id="provider-providerid-enhancedapplayersecurity-cert1"></a>**Provider/*ProviderID*/EnhancedAppLayerSecurity/Cert1**  
+Required. Added in Windows 10, version 1709. The node contains the secondary certificate - the public key to use.
+
+Supported operations are Add, Get, Replace, and Delete. Value type is string.
+
 <a href="" id="provider-providerid-unenroll"></a>**Provider/*ProviderID*/Unenroll**  
 Required. The node accepts unenrollment requests by way of the OMA DM Exec command and calls the enrollment client to unenroll the device from the management server whose provider ID is specified in the `<Data>` tag under the `<Item>` element. Scope is permanent.
 
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index f328b3861d..9e03082567 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 10/30/2017
 ---
 
 # DMClient DDF file
@@ -20,1071 +20,1450 @@ You can download the DDF files from the links below:
 - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1907.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC "-//OMA//DTD-DM-DDF 1.2//EN"
-    "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+  "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
   [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
-<MgmtTree>
-    <VerDTD>1.2</VerDTD>
-    <Node>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+  <VerDTD>1.2</VerDTD>
+      <Node>
         <NodeName>DMClient</NodeName>
         <Path>./Vendor/MSFT</Path>
         <DFProperties>
-            <AccessType>
-                <Get />
-            </AccessType>
-            <DFFormat>
-                <node />
-            </DFFormat>
-            <Occurrence>
-                <One />
-            </Occurrence>
-            <Scope>
-                <Permanent />
-            </Scope>
-            <DFType>
-                <DDFName>com.microsoft/1.3/MDM/DMClient</DDFName>
-            </DFType>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME>com.microsoft/1.4/MDM/DMClient</MIME>
+          </DFType>
         </DFProperties>
         <Node>
-            <NodeName>Provider</NodeName>
+          <NodeName>Provider</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName></NodeName>
             <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <node />
-                </DFFormat>
-                <Occurrence>
-                    <One />
-                </Occurrence>
-                <Scope>
-                    <Permanent />
-                </Scope>
-                <DFType>
-                    <DDFName></DDFName>
-                </DFType>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
             </DFProperties>
             <Node>
-                <NodeName></NodeName>
-                <DFProperties>
-                    <AccessType>
-                        <Add />
-                        <Delete />
-                        <Get />
-                    </AccessType>
-                    <DFFormat>
-                        <node />
-                    </DFFormat>
-                    <Occurrence>
-                        <ZeroOrOne />
-                    </Occurrence>
-                    <Scope>
-                        <Dynamic />
-                    </Scope>
-                    <DFType>
-                        <MIME>text/plain</MIME>
-                    </DFType>
-                </DFProperties>
-                <Node>
-                    <NodeName>EntDeviceName</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>ExchangeID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>EntDMID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>SignedEntDMID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>CertRenewTimeStamp</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <!-- DEPRECATED : FROM PHONE 8.1 -->
-                    <NodeName>PublisherDeviceID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                    <!-- DEPRECATED : FROM PHONE 8.1 -->
-                </Node>
-                <Node>
-                    <NodeName>ManagementServiceAddress</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>UPN</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>HelpPhoneNumber</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>HelpWebsite</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>HelpEmailAddress</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>RequireMessageSigning</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <bool />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>SyncApplicationVersion</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>MaxSyncApplicationVersion</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>Unenroll</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Exec />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <null />
-                        </DFFormat>
-                        <Occurrence>
-                            <One />
-                        </Occurrence>
-                        <Scope>
-                            <Permanent />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>AADResourceID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>AADDeviceID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>Device ID used for AAD device registration</Description>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>EnrollmentType</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <Description>Type of MDM enrollment</Description>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>EnableOmaDmKeepAliveMessage</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <bool />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>HWDevID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>ManagementServerAddressList</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>CommercialID</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>ManagementServerToUpgradeTo</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                            <Replace />
-                        </AccessType>
-                        <Description>Specify the Discovery server URL of the MDM server to upgrade to for a MAM enrolled device</Description>
-                        <DFFormat>
-                            <chr />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <MIME>text/plain</MIME>
-                        </DFType>
-                    </DFProperties>
-                </Node>
-                <Node>
-                    <NodeName>Push</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <node />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <DDFName></DDFName>
-                        </DFType>
-                    </DFProperties>
-                    <Node>
-                        <NodeName>PFN</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>ChannelURI</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Get />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>Status</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Get />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <One />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                </Node>
-                <Node>
-                    <NodeName>Poll</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <node />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <DDFName></DDFName>
-                        </DFType>
-                    </DFProperties>
-                    <Node>
-                        <NodeName>IntervalForFirstSetOfRetries</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>NumberOfFirstRetries</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>IntervalForSecondSetOfRetries</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>NumberOfSecondRetries</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>IntervalForRemainingScheduledRetries</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>NumberOfRemainingScheduledRetries</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <int />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>PollOnLogin</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <bool />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>AllUsersPollOnFirstLogin</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <bool />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                </Node>
-                <Node>
-                    <NodeName>CustomEnrollmentCompletePage</NodeName>
-                    <DFProperties>
-                        <AccessType>
-                            <Add />
-                            <Delete />
-                            <Get />
-                        </AccessType>
-                        <DFFormat>
-                            <node />
-                        </DFFormat>
-                        <Occurrence>
-                            <ZeroOrOne />
-                        </Occurrence>
-                        <Scope>
-                            <Dynamic />
-                        </Scope>
-                        <DFType>
-                            <DDFName></DDFName>
-                        </DFType>
-                    </DFProperties>
-                    <Node>
-                        <NodeName>Title</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>BodyText</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>HyperlinkHref</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                    <Node>
-                        <NodeName>HyperlinkText</NodeName>
-                        <DFProperties>
-                            <AccessType>
-                                <Add />
-                                <Delete />
-                                <Get />
-                                <Replace />
-                            </AccessType>
-                            <DFFormat>
-                                <chr />
-                            </DFFormat>
-                            <Occurrence>
-                                <ZeroOrOne />
-                            </Occurrence>
-                            <Scope>
-                                <Dynamic />
-                            </Scope>
-                            <DFType>
-                                <MIME>text/plain</MIME>
-                            </DFType>
-                        </DFProperties>
-                    </Node>
-                </Node>
-            </Node>
-        </Node>
-        <Node>
-            <NodeName>Unenroll</NodeName>
-            <DFProperties>
+              <NodeName>EntDeviceName</NodeName>
+              <DFProperties>
                 <AccessType>
-                    <Exec />
-                    <Get />
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
                 </AccessType>
                 <DFFormat>
-                    <null />
+                  <chr />
                 </DFFormat>
                 <Occurrence>
-                    <One />
+                  <ZeroOrOne />
                 </Occurrence>
                 <Scope>
-                    <Permanent />
+                  <Dynamic />
                 </Scope>
                 <DFType>
-                    <MIME>text/plain</MIME>
+                  <MIME>text/plain</MIME>
                 </DFType>
-            </DFProperties>
-        </Node>
-        <Node>
-            <NodeName>UpdateManagementServiceAddress</NodeName>
-            <DFProperties>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ExchangeID</NodeName>
+              <DFProperties>
                 <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>EntDMID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>SignedEntDMID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>CertRenewTimeStamp</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <!-- DEPRECATED : FROM PHONE 8.1 -->
+              <NodeName>PublisherDeviceID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+              <!-- DEPRECATED : FROM PHONE 8.1 -->
+            </Node>
+            <Node>
+              <NodeName>ManagementServiceAddress</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>UPN</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>HelpPhoneNumber</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>HelpWebsite</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>HelpEmailAddress</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>RequireMessageSigning</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>SyncApplicationVersion</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>MaxSyncApplicationVersion</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>Unenroll</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Exec />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <null />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>AADResourceID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>AADDeviceID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Device ID used for AAD device registration</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>EnrollmentType</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description>Type of MDM enrollment</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>EnableOmaDmKeepAliveMessage</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>HWDevID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ManagementServerAddressList</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>CommercialID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>ManagementServerToUpgradeTo</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <Description>Specify the Discovery server URL of the MDM server to upgrade to for a MAM enrolled device</Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>NumberOfDaysAfterLostContactToUnenroll</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <Description>Number of days after last sucessful sync to unenroll</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>Push</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>PFN</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
                     <Get />
                     <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ChannelURI</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>Status</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+            <Node>
+              <NodeName>Poll</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
                 </AccessType>
                 <DFFormat>
-                    <chr />
+                  <node />
                 </DFFormat>
                 <Occurrence>
-                    <ZeroOrOne />
+                  <ZeroOrOne />
                 </Occurrence>
                 <Scope>
-                    <Dynamic />
+                  <Dynamic />
                 </Scope>
                 <DFType>
-                    <MIME>text/plain</MIME>
+                  <DDFName></DDFName>
                 </DFType>
-            </DFProperties>
+              </DFProperties>
+              <Node>
+                <NodeName>IntervalForFirstSetOfRetries</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>NumberOfFirstRetries</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IntervalForSecondSetOfRetries</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>NumberOfSecondRetries</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IntervalForRemainingScheduledRetries</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>NumberOfRemainingScheduledRetries</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>PollOnLogin</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>AllUsersPollOnFirstLogin</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+            <Node>
+              <NodeName>CustomEnrollmentCompletePage</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>Title</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>BodyText</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>HyperlinkHref</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>HyperlinkText</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <ZeroOrOne />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+            <Node>
+              <NodeName>FirstSyncStatus</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Add />
+                  <Delete />
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <ZeroOrOne />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>ExpectedPolicies</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node contains a list of LocURIs that refer to Policies the ISV expects to provision, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ExpectedNetworkProfiles</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node contains a list of LocURIs that refer to Wi-Fi profiles and VPN profiles the ISV expects to provision, delimited by the character L"\xF000".</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ExpectedMSIAppPackages</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseDesktopAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package.  We will not verify that number.  E.G. ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID1/Status;4"\xF000" ./User/Vendor/MSFT/EnterpriseDesktopAppManagement/MSI/ProductID2/Status;2  Which  will represent that App Package ProductID1 contains 4 apps, whereas ProductID2 contains 2 apps.</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ExpectedModernAppPackages</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node contains a list of LocURIs that refer to App Packages the ISV expects to provision via EnterpriseModernAppManagement CSP, delimited by the character L"\xF000".  The LocURI will be followed by a semicolon and a number, representing the amount of apps included in the App Package.  We will not verify that number.  E.G. ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName/Name;4"\xF000" ./Vendor/MSFT/EnterpriseModernAppManagement/AppManagement/AppStore/PackageFamilyName/PackageFullName2/Name;2  Which  will represent that App Package PackageFullName contains 4 apps, whereas PackageFullName2 contains 2 apps.</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ExpectedPFXCerts</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node contains a list of LocURIs that refer to certs the ISV expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ExpectedSCEPCerts</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Add />
+                    <Delete />
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node contains a list of LocURIs that refer to SCEP certs the ISV expects to provision via ClientCertificateInstall CSP, delimited by the character L"\xF000" (the CSP_LIST_DELIMITER).</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>TimeOutUntilSyncFailure</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node determines how long we will poll until we surface an error message to the user.  The unit of measurement is minutes.  Default value will be 60, while maximum value will be 1,440 (one day).</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Permanent />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>ServerHasFinishedProvisioning</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node is set by the server to inform the UX that the server has finished provisioning the device.  This was added so that the server can “change its mind" about what it needs to provision on the device.  When this node is set, many other DM Client nodes will no longer be able to be changed.  If this node is not True, the UX will consider the provisioning a failure.  Once set to true, it would reject attempts to change it back to false with CFGMGR_E_COMMANDNOTALLOWED.</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Permanent />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>IsSyncDone</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node, when doing a get, tells the server if the “First Syncs" are done and the device is fully provisioned.  When doing a Set, this triggers the UX to override whatever state it is in and tell the user that the device is provisioned.  It cannot be set from True to False (it will not change its mind on whether or not the sync is done), and it cannot be set from True to True (to prevent notifications from firing multiple times).</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Permanent />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>WasDeviceSuccessfullyProvisioned</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Replace />
+                  </AccessType>
+                  <Description>Integer node determining if a Device was Successfully provisioned.  0 is failure, 1 is success, 2 is in progress.  Once the value is changed to 0 or 1, the value cannot be changed again.  The client will change the value of success or failure and update the node.  The server can, however, force a failure or success message to appear on the device by setting this value and then setting the IsSyncDone node to true.</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Permanent />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+            <Node>
+              <NodeName>EnhancedAppLayerSecurity</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <DFFormat>
+                  <node />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <DDFName></DDFName>
+                </DFType>
+              </DFProperties>
+              <Node>
+                <NodeName>SecurityMode</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node specifies how the client will perform the app layer signing and encryption. 0: no op; 1: sign only; 2: encrypt only; 3: sign and encrypt. The default value is 0.</Description>
+                  <DFFormat>
+                    <int />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>UseCertIfRevocationCheckOffline</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                  </AccessType>
+                  <Description>This node, when it is set, tells the client to use the certificate even when the client cannot check the certificate's revocation status because the device is offline. The default value is set.</Description>
+                  <DFFormat>
+                    <bool />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>Cert0</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                  </AccessType>
+                  <Description>The node contains the primary certificate - the public key to use.</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+              <Node>
+                <NodeName>Cert1</NodeName>
+                <DFProperties>
+                  <AccessType>
+                    <Get />
+                    <Add />
+                    <Delete />
+                    <Replace />
+                  </AccessType>
+                  <Description>The node contains the secondary certificate - the public key to use.</Description>
+                  <DFFormat>
+                    <chr />
+                  </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Dynamic />
+                  </Scope>
+                  <DFType>
+                    <MIME>text/plain</MIME>
+                  </DFType>
+                </DFProperties>
+              </Node>
+            </Node>
+          </Node>
         </Node>
         <Node>
-            <NodeName>HWDevID</NodeName>
-            <DFProperties>
-                <AccessType>
-                    <Get />
-                </AccessType>
-                <DFFormat>
-                    <chr />
-                </DFFormat>
-                <Occurrence>
-                    <ZeroOrOne />
-                </Occurrence>
-                <Scope>
-                    <Dynamic />
-                </Scope>
-                <DFType>
-                    <MIME>text/plain</MIME>
-                </DFType>
-            </DFProperties>
+          <NodeName>Unenroll</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Exec />
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <null />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
         </Node>
-    </Node>
+        <Node>
+          <NodeName>UpdateManagementServiceAddress</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+              <Replace />
+            </AccessType>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+        <Node>
+          <NodeName>HWDevID</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+          </DFProperties>
+        </Node>
+      </Node>
 </MgmtTree>
-```
-
-## Related topics
-
-
-[DMClient configuration service provider](dmclient-csp.md)
-
- 
-
- 
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index 045b3e71e8..6f2d084195 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -6,15 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 11/01/2017
 ---
 
 # DMSessionActions DDF file
 
 
-> [!WARNING]
-> Some information relates to prereleased product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic shows the OMA DM device description framework (DDF) for the **DMSessionActions** configuration service provider.  
 
 You can download the DDF files from the links below:
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index f7e605575a..e08fe3e40d 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/11/2017
+ms.date: 11/01/2017
 ---
 
 # Enable ADMX-backed policies in MDM
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This is a step-by-step guide to configuring ADMX-backed policies in MDM.
 
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
new file mode 100644
index 0000000000..127aa77257
--- /dev/null
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -0,0 +1,87 @@
+---
+title: eUICCs CSP
+description: eUICCs CSP
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 11/01/2017
+---
+
+# eUICCs CSP
+
+
+The eUICCs configuration service provider... This CSP was added in windows 10, version 1709.
+
+The following diagram shows the eUICCs configuration service provider in tree format.
+
+![euiccs csp](images/provisioning-csp-euiccs.png)
+
+<a href="" id="--vendor-msft-euiccs"></a>**./Vendor/MSFT/eUICCs**  
+Root node. 
+
+<a href="" id="euicc"></a>**_eUICC_**  
+Interior node. Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.
+
+Supported operation is Get.
+
+<a href="" id="euicc-identifier"></a>**_eUICC_/Identifier**  
+Required. Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID.
+
+Supported operation is Get. Value type is string.
+
+<a href="" id="euicc-isactive"></a>**_eUICC_/IsActive**  
+Required. Indicates whether this eUICC is physically present and active. Updated only by the LPA.
+
+Supported operation is Get. Value type is boolean.
+
+<a href="" id="euicc-profiles"></a>**_eUICC_/Profiles**  
+Interior node. Required. Represents all enterprise-owned profiles.
+
+Supported operation is Get.
+
+<a href="" id="euicc-profiles-iccid"></a>**_eUICC_/Profiles/_ICCID_**  
+Interior node. Optional. Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).
+
+Supported operations are Add, Get, and Delete.
+
+<a href="" id="euicc-profiles-iccid-servername"></a>**_eUICC_/Profiles/_ICCID_/ServerName**  
+Required. Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.
+
+Supported operations are Add and Get. Value type is string.
+
+<a href="" id="euicc-profiles-iccid-matchingid"></a>**_eUICC_/Profiles/_ICCID_/MatchingID**  
+Required. Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.
+
+Supported operations are Add and Get. Value type is string.
+
+<a href="" id="euicc-profiles-iccid-state"></a>**_eUICC_/Profiles/_ICCID_/State**  
+Required. Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.
+
+Supported operation is Get. Value type is integer. Default value is 1.
+
+<a href="" id="euicc-policies"></a>**_eUICC_/Policies**  
+Interior node. Required. Device policies associated with the eUICC as a whole (not per-profile).
+
+Supported operation is Get. 
+
+<a href="" id="euicc-policies-localuienabled"></a>**_eUICC_/Policies/LocalUIEnabled**  
+Required. Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.
+
+Supported operations are Get and Replace. Value type is boolean. Default value is true.
+
+<a href="" id="euicc-actions"></a>**_eUICC_/Actions**  
+Interior node. Required. Actions that can be performed on the eUICC as a whole (when it is active).
+
+Supported operation is Get.
+
+<a href="" id="euicc-actions-resettofactorystate"></a>**_eUICC_/Actions/ResetToFactoryState**  
+Required. An EXECUTE on this node triggers the  LPA to perform an eUICC Memory Reset.
+
+Supported operation is Execute. Value type is string.
+
+<a href="" id="euicc-actions-status"></a>**_eUICC_/Actions/Status**  
+Required. Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE indicates operation is in progress, other values represent specific errors.
+
+Supported value is Get. Value type is integer. Default is 0.
\ No newline at end of file
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
new file mode 100644
index 0000000000..d3d539c88e
--- /dev/null
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -0,0 +1,343 @@
+---
+title: eUICCs DDF file
+description: eUICCs DDF file
+ms.assetid: c4cd4816-ad8f-45b2-9b81-8abb18254096
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+ms.date: 06/19/2017
+---
+
+# eUICCs DDF file
+
+
+This topic shows the OMA DM device description framework (DDF) for the **eUICCs** configuration service provider. DDF files are used only with OMA DM provisioning XML.
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
+    "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
+    [<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
+    <VerDTD>1.2</VerDTD>
+    <Node>
+        <NodeName>eUICCs</NodeName>
+        <Path>./Vendor/MSFT</Path>
+        <DFProperties>
+            <AccessType>
+                <Get />
+            </AccessType>
+            <Description>Subtree for all embedded UICCs (eUICC)</Description>
+            <DFFormat>
+                <node />
+            </DFFormat>
+            <Occurrence>
+                <One />
+            </Occurrence>
+            <Scope>
+                <Permanent />
+            </Scope>
+            <CaseSense>
+                <CIS />
+            </CaseSense>
+            <DFType>
+                <MIME>com.microsoft/1.0/MDM/eUICCs</MIME>
+            </DFType>
+        </DFProperties>
+        <Node>
+            <NodeName></NodeName>
+            <DFProperties>
+                <AccessType>
+                    <Get />
+                </AccessType>
+                <Description>Represents information associated with an eUICC. There is one subtree for each known eUICC, created by the Local Profile Assistant (LPA) when the eUICC is first seen. The node name is meaningful only to the LPA (which associates it with an eUICC ID (EID) in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID). The node name "Default" represents the currently active eUICC.</Description>
+                <DFFormat>
+                    <node />
+                </DFFormat>
+                <Occurrence>
+                    <ZeroOrMore />
+                </Occurrence>
+                <Scope>
+                    <Dynamic />
+                </Scope>
+                <DFTitle>eUICC</DFTitle>
+                <DFType>
+                    <DDFName></DDFName>
+                </DFType>
+            </DFProperties>
+            <Node>
+                <NodeName>Identifier</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Identifies an eUICC in an implementation-specific manner, e.g., this could be a SHA-256 hash of the EID.</Description>
+                    <DFFormat>
+                        <chr />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <CaseSense>
+                        <CIS />
+                    </CaseSense>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
+            <Node>
+                <NodeName>IsActive</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Indicates whether this eUICC is physically present and active. Updated only by the LPA.</Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
+            <Node>
+                <NodeName>Profiles</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Represents all enterprise-owned profiles.</Description>
+                    <DFFormat>
+                        <node />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <DDFName></DDFName>
+                    </DFType>
+                </DFProperties>
+                <Node>
+                    <NodeName></NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Add />
+                            <Delete />
+                            <Get />
+                        </AccessType>
+                        <Description>Node representing an enterprise-owned eUICC profile. The node name is the ICCID of the profile (which is a unique identifier). Creation of this subtree triggers an AddProfile request by the LPA (which installs the profile on the eUICC). Removal of this subtree triggers the LPA to delete the profile (if resident on the eUICC).</Description>
+                        <DFFormat>
+                            <node />
+                        </DFFormat>
+                        <Occurrence>
+                            <ZeroOrMore />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFTitle>ICCID</DFTitle>
+                        <DFType>
+                            <DDFName></DDFName>
+                        </DFType>
+                    </DFProperties>
+                    <Node>
+                        <NodeName>ServerName</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Get />
+                            </AccessType>
+                            <Description>Fully qualified domain name of the SM-DP+ that can download this profile. Must be set by the MDM when the ICCID subtree is created.</Description>
+                            <DFFormat>
+                                <chr />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <CaseSense>
+                                <CIS />
+                            </CaseSense>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>MatchingID</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Add />
+                                <Get />
+                            </AccessType>
+                            <Description>Matching ID (activation code token) for profile download. Must be set by the MDM when the ICCID subtree is created.</Description>
+                            <DFFormat>
+                                <chr />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <CaseSense>
+                                <CIS />
+                            </CaseSense>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                    <Node>
+                        <NodeName>State</NodeName>
+                        <DFProperties>
+                            <AccessType>
+                                <Get />
+                            </AccessType>
+                            <DefaultValue>1</DefaultValue>
+                            <Description>Current state of the profile (Installing = 1, Installed = 2, Deleting = 3, Error = 4). Queried by the CSP and only updated by the LPA.</Description>
+                            <DFFormat>
+                                <int />
+                            </DFFormat>
+                            <Occurrence>
+                                <One />
+                            </Occurrence>
+                            <Scope>
+                                <Dynamic />
+                            </Scope>
+                            <DFType>
+                                <MIME>text/plain</MIME>
+                            </DFType>
+                        </DFProperties>
+                    </Node>
+                </Node>
+            </Node>
+            <Node>
+                <NodeName>Policies</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Device policies associated with the eUICC as a whole (not per-profile).</Description>
+                    <DFFormat>
+                        <node />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <DDFName></DDFName>
+                    </DFType>
+                </DFProperties>
+                <Node>
+                    <NodeName>LocalUIEnabled</NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Get />
+                            <Replace />
+                        </AccessType>
+                        <DefaultValue>true</DefaultValue>
+                        <Description>Determines whether the local user interface of the LUI is available (true if available, false otherwise). Initially populated by the LPA when the eUICC tree is created, can be queried and changed by the MDM server.</Description>
+                        <DFFormat>
+                            <bool />
+                        </DFFormat>
+                        <Occurrence>
+                            <One />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFType>
+                            <MIME>text/plain</MIME>
+                        </DFType>
+                    </DFProperties>
+                </Node>
+            </Node>
+            <Node>
+                <NodeName>Actions</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Get />
+                    </AccessType>
+                    <Description>Actions that can be performed on the eUICC as a whole (when it is active).</Description>
+                    <DFFormat>
+                        <node />
+                    </DFFormat>
+                    <Occurrence>
+                        <One />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <DDFName></DDFName>
+                    </DFType>
+                </DFProperties>
+                <Node>
+                    <NodeName>ResetToFactoryState</NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Exec />
+                        </AccessType>
+                        <Description>An EXECUTE on this node triggers the  LPA to perform an eUICC Memory Reset.</Description>
+                        <DFFormat>
+                            <chr />
+                        </DFFormat>
+                        <Occurrence>
+                            <One />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFType>
+                            <MIME>text/plain</MIME>
+                        </DFType>
+                    </DFProperties>
+                </Node>
+                <Node>
+                    <NodeName>Status</NodeName>
+                    <DFProperties>
+                        <AccessType>
+                            <Get />
+                        </AccessType>
+                        <DefaultValue>0</DefaultValue>
+                        <Description>Status of most recent operation, as an HRESULT. S_OK indicates success, S_FALSE indicates operation is in progress, other values represent specific errors.</Description>
+                        <DFFormat>
+                            <int />
+                        </DFFormat>
+                        <Occurrence>
+                            <One />
+                        </Occurrence>
+                        <Scope>
+                            <Dynamic />
+                        </Scope>
+                        <DFType>
+                            <MIME>text/plain</MIME>
+                        </DFType>
+                    </DFProperties>
+                </Node>
+            </Node>
+        </Node>
+    </Node>
+</MgmtTree>
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 99740e166c..94f9d6bbf9 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/18/2017
+ms.date: 11/01/2017
 ---
 
 # Firewall CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, as well as the desired set of custom rules to be enforced on the device.  Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.  This CSP is new in the next major update to Windows 10.
  
@@ -265,7 +263,7 @@ The following diagram shows the Firewall configuration service provider in tree
 <p style="margin-left: 20px">If not specified - a new rule is disabled by default.</p>
 <p style="margin-left: 20px">Boolean value. Supported operations are Get and Replace.</p>
 
-<a href="" id="profiles"></a>**FirewallRules_FirewallRuleName_/Profiles**
+<a href="" id="profiles"></a>**FirewallRules/_FirewallRuleName_/Profiles**
 <p style="margin-left: 20px">Specifies the profiles to which the rule belongs: Domain, Private, Public. .  See [FW_PROFILE_TYPE](https://msdn.microsoft.com/en-us/library/cc231559.aspx) for the bitmasks that are used to identify profile types.</p>
 <p style="margin-left: 20px">If not specified, the default is All.</p>
 <p style="margin-left: 20px">Value type is integer. Supported operations are Get and Replace.</p>
@@ -292,7 +290,7 @@ The following diagram shows the Firewall configuration service provider in tree
 </ul>
 <p style="margin-left: 20px">Value type is string. Supported operations are Get and Replace.</p>
 
-<a href="" id="interfacetypes"></a>**FirewallRules/FirewallRuleName/InterfaceTypes**
+<a href="" id="interfacetypes"></a>**FirewallRules/_FirewallRuleName_/InterfaceTypes**
 <p style="margin-left: 20px">Comma separated list of interface types. Valid values:</p>
 <ul>
 <li>RemoteAccess</li>
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index 72944197b3..ccfc5f3021 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/18/2017
+ms.date: 11/01/2017
 ---
 
 # Firewall CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **Firewall** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
diff --git a/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png b/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png
new file mode 100644
index 0000000000..a4c67a8b7e
Binary files /dev/null and b/windows/client-management/mdm/images/Provisioning_CSP_eUICCs.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png b/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png
index ae35570be6..88398bc1c5 100644
Binary files a/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png and b/windows/client-management/mdm/images/provisioning-csp-dmclient-th2.png differ
diff --git a/windows/client-management/mdm/images/provisioning-csp-euiccs.png b/windows/client-management/mdm/images/provisioning-csp-euiccs.png
new file mode 100644
index 0000000000..a4c67a8b7e
Binary files /dev/null and b/windows/client-management/mdm/images/provisioning-csp-euiccs.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 8afe97ecf0..6588fa7acf 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,15 +10,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/25/2017
+ms.date: 11/01/2017
 ---
 
 # What's new in MDM enrollment and management
 
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
 This topic provides information about what's new and breaking changes in Windows 10 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
 
 For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](http://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347).
@@ -942,6 +939,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
 <td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
 </td></tr>
+<tr class="even">
+<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
+</td></tr>
 <tr class="odd">
 <td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
 <td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
@@ -992,6 +993,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </ul>
 </td></tr>
 <tr class="odd">
+<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
+<td style="vertical-align:top"><p>Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.</p>
+</td></tr>
+<tr class="odd">
 <td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
 <td style="vertical-align:top"><p>Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.</p>
 </td></tr>
@@ -1393,6 +1398,18 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 <li>Defender/ControlledFolderAccessProtectedFolders - string separator is |.</li>
 </ul>
 </td></tr>
+<tr class="even">
+<td style="vertical-align:top">[eUICCs CSP](euiccs-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[AssignedAccess CSP](assignedaccess-csp.md)</td>
+<td style="vertical-align:top"><p>Added SyncML examples for the new Configuration node.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[DMClient CSP](dmclient-csp.md)</td>
+<td style="vertical-align:top"><p>Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.</p>
+</td></tr>
 </tbody>
 </table>
 
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index 96b82f9aa7..b3eec1da15 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/22/2017
+ms.date: 11/01/2017
 ---
 
 # Office CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219426.aspx). 
 This CSP was added in Windows 10, version 1703.
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index ebd7f2b843..b08297aef0 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/22/2017
+ms.date: 11/01/2017
 ---
 
 # Office DDF
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **Office** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 1d7f9a2f02..94698ad811 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The Policy configuration service provider enables the enterprise to configure policies on Windows 10. Use this configuration service provider to configure any company policies.
 
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index 64f921aac1..12a7923947 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - AboveLock
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index cbec351d99..f7c547db72 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Accounts
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index d01ca2a458..411a6aa435 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - ActiveXControls
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 4e71e25975..440bf514ac 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - ApplicationDefaults
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index a5815c7d3e..b3937a002a 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - ApplicationManagement
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 512cbecf60..e8d81c05b3 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - AppVirtualization
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 19b60c53f6..71012e8237 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - AttachmentManager
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 9db44013c0..156a32f2f5 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Authentication
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index f63666cdc6..0eeac9b230 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Autoplay
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index 3d4c5bac81..9eb085531d 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Bitlocker
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index d874f9ffa2..f2efa3d5f8 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Bluetooth
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index e31c570992..190229dc56 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/10/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Browser
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index ce33fa4faa..bade8a1989 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Camera
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 183748ec41..250e605bc9 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Cellular
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 415ebf1eac..8eeb5e4585 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Connectivity
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index 5274de917b..06c155dfec 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - CredentialProviders
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index 1b7955f4e5..6a2a7950a3 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - CredentialsUI
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 9c5f328c19..e65cf59e9f 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Cryptography
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 1261f2c311..b2d87567b0 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - DataProtection
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 540a7d26a6..b9d3a22ccc 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - DataUsage
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index d96b30c537..030df27006 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/27/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Defender
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index f001c4ea3e..1476d9a06b 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - DeliveryOptimization
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 8d89bebfb5..048304c12e 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Desktop
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index b45125a146..7570724110 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - DeviceGuard
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index c57bc0a0a1..7e7740810a 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - DeviceInstallation
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 4767db8c6f..457a2e4d0e 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - DeviceLock
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 43c616c9a7..b23977c0bc 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Display
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index dcb33c8647..fb7ee74e89 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Education
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index 6f3068b82d..3506a2c3f1 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - EnterpriseCloudPrint
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index c86f76ed58..67f7bd2d6a 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - ErrorReporting
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 60434439fa..ea5746021f 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - EventLogService
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index 8f2199edcd..646d49acd0 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Experience
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
@@ -176,14 +175,6 @@ ms.date: 09/29/2017
 
 <p style="margin-left: 20px">Most restricted value is 0.
 
-<p style="margin-left: 20px">Benefit to the customer:
-
-<p style="margin-left: 20px">Before this setting, enterprise customers could not set up Cortana during out-of-box experience (OOBE) at all, even though Cortana is the “voice” that walks you through OOBE. By sending AllowCortana in initial enrollment, enterprise customers can allow their employees to see the Cortana consent page. This enables them to choose to use Cortana and make their lives easier and more productive.
-
-<p style="margin-left: 20px">Sample scenario:
-
-<p style="margin-left: 20px">An enterprise employee customer is going through OOBE and enjoys Cortana’s help in this process. The customer is happy to learn during OOBE that Cortana can help them be more productive, and chooses to set up Cortana before OOBE finishes. When their setup is finished, they are immediately ready to engage with Cortana to help manage their schedule and more.
-
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index f408206e83..e165e843f7 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - ExploitGuard
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index 868f23aa8e..c5edf225b8 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Games
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index e00909e922..ed2e1ec38d 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Handwriting
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index f8d45a8179..88e6a352f7 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - InternetExplorer
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 0297e2a41a..43b40603af 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Kerberos
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 47c63e821c..42ba032275 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Licensing
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index bb7fdbd8d7..dcf0734b03 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/05/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - LocalPoliciesSecurityOptions
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md
index f1124ffad4..9c979b9d53 100644
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Location
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 038d477577..c15d05c78e 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - LockDown
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 5c1dab3c54..efff0efc3d 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Maps
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index eac7199c3e..4d41080dfa 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Messaging
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 95dcb7e362..2e86a44453 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - NetworkIsolation
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 4b0a9b5e62..4133b71c8d 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Notifications
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index e981b7483e..533e43da2d 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Power
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 2e7c8296f2..8718ad65f0 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Printers
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index f839be65ee..8293364a2d 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Privacy
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 71e7c1ee14..29f29a7267 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - RemoteAssistance
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 589ff8b724..dc0834d71a 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - RemoteDesktopServices
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 7ed74820ef..315cac1258 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - RemoteManagement
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 37e4a03a6a..1569a65e29 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - RemoteProcedureCall
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 9dd90c60be..a9538c867b 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - RemoteShell
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index d8d759bd86..40fd5ccca0 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Search
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index be8599f45e..b57251df17 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Security
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 987f2c639b..8ba5c167ce 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Settings
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index 2437d31e21..fbc0b3e56a 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - SmartScreen
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index de1665ee8d..d00aaf1542 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Speech
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 03c3fb2ea4..8ab24a2ad2 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Start
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index f7485274a3..8556b25018 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Storage
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index e05d775dd4..c688af26cd 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - System
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
@@ -765,7 +764,7 @@ ADMX Info:
 <li>Set Allow Telemetry to level 2 (Enhanced)</li>
 </ul>
  
-<p style="margin-left: 20px">When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1703 basic level Windows diagnostic events and fields](https://go.microsoft.com/fwlink/?linkid=847594).
+<p style="margin-left: 20px">When you configure these policy settings, a basic level of  diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: [Windows 10, version 1709 enhanced telemetry events and fields used by Windows Analytics](https://go.microsoft.com/fwlink/?linkid=847594).
  
 <p style="margin-left: 20px">Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level telemetry data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft.
    
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index fde893e7ec..3dae6dd1e7 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - TextInput
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index 5da538c24a..a2ad26f40c 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - TimeLanguageSettings
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 63d53d42c4..574859ea7b 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Update
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index e035750dfa..6b07a4af85 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - Wifi
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index d47b897f44..fadfbb83c4 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - WindowsDefenderSecurityCenter
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index 43176e2f15..f83331f02e 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - WindowsInkWorkspace
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 71a5e7e63a..325e63c9a4 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - WindowsLogon
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index e249ddea29..9371a1d8c2 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -6,13 +6,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/29/2017
+ms.date: 11/01/2017
 ---
 
 # Policy CSP - WirelessDisplay
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 <hr/>
 
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 1110db1b7d..0cdb6f8d7d 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,13 +7,12 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 10/26/2017
+ms.date: 11/01/2017
 ---
 
 # Policy DDF file
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 
 This topic shows the OMA DM device description framework (DDF) for the **Policy** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index fb24cc596d..a86a8fef94 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 11/01/2017
 ---
 
 # TPMPolicy CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (telemetry or otherwise, such as downloading background images, Windows Updates, etc.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval.
 
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index 7368eb0cd4..36b0f3b280 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 11/01/2017
 ---
 
 # TPMPolicy DDF file
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **TPMPolicy** configuration service provider. The TPMPolicy CSP was added in Windows 10, version 1703.
 
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index ede7194396..caa8e9ad15 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/18/2017
+ms.date: 11/01/2017
 ---
 
 # VPNv2 CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.
 
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 3208f1111a..aea3539526 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/18/2017
+ms.date: 11/01/2017
 ---
 
 # VPNv2 DDF file
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **VPNv2** configuration service provider.
 
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index 665ae99cae..5999ebee5e 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 11/01/2017
 ---
 
 # WindowsAdvancedThreatProtection CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
 
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 196883556d..429036de72 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -7,13 +7,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 11/01/2017
 ---
 
 # WindowsAdvancedThreatProtection DDF file
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 3df07a32ad..47b499d041 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/27/2017
+ms.date: 11/01/2017
 ---
 
 # WindowsDefenderApplicationGuard CSP
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in the Application Guard. This CSP was added in Windows 10, version 1709.
 
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index d70c704083..12a77ad6e0 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -6,13 +6,11 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/27/2017
+ms.date: 11/01/2017
 ---
 
 # WindowsDefenderApplicationGuard DDF file
 
-> [!WARNING]
-> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **WindowsDefenderApplicationGuard** configuration service provider. 
 
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 5c68eb15b8..2daf689b30 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -7,6 +7,7 @@ ms.sitesec: library
 ms.author: elizapo
 author: kaushika-msft
 ms.localizationpriority: high
+ms.date: 08/30/2017
 ---
 # Top support solutions for Windows 10
 
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index f2d6cf6527..95fedcd1de 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,13 +8,19 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 10/20/2017
+ms.date: 11/06/2017
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## November 2017
+
+New or changed topic | Description
+--- | ---
+[Create a provisioning package with multivariant settings](provisioning-packages/provisioning-multivariant.md) | Add support for desktop to [Conditions](provisioning-packages/provisioning-multivariant.md#conditions) table.
+
 ## October 2017
 
 New or changed topic | Description
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 6da2cc4314..e63300657b 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -6,6 +6,8 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: high
+ms.date: 11/06/2017
+ms.author: jdecker
 ---
 
 # Create a provisioning package with multivariant settings
@@ -44,12 +46,12 @@ The following table shows the conditions supported in Windows 10 provisioning fo
 
 | Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
 | --- | --- | --- | --- | --- | --- |
-| MNC | P0 | Supported | N/A | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
-| MCC | P0 | Supported | N/A | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
-| SPN | P0 | Supported | N/A | String | Use to target settings based on the Service Provider Name (SPN) value. |
-| PNN | P0 | Supported | N/A | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
-| GID1 | P0 | Supported | N/A | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
-| ICCID | P0 | Supported | N/A | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
+| MNC | P0 | Supported | Supported | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
+| MCC | P0 | Supported | Supported | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
+| SPN | P0 | Supported | Supported | String | Use to target settings based on the Service Provider Name (SPN) value. |
+| PNN | P0 | Supported | Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
+| GID1 | P0 | Supported | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
+| ICCID | P0 | Supported | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
 | Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
 | UICC | P0 | Supported | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
 | UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
diff --git a/windows/deployment/change-history-for-deploy-windows-10.md b/windows/deployment/change-history-for-deploy-windows-10.md
index fab7d7e9ce..af4b28f704 100644
--- a/windows/deployment/change-history-for-deploy-windows-10.md
+++ b/windows/deployment/change-history-for-deploy-windows-10.md
@@ -6,12 +6,18 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: greg-lindsay
-ms.date: 10/31/2017
+ms.date: 11/08/2017
 ---
 
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10).
 
+## November 2017
+
+New or changed topic | Description
+-- | ---
+ [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md)  | Added warning that you should not use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml.
+
 ## RELEASE: Windows 10, version 1709
 | New or changed topic | Description |
 |----------------------|-------------|
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 491211e7a9..b8bc4a5ce1 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -9,6 +9,7 @@ ms.localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
+ms.date: 11/08/2017
 ---
 
 # Create a Windows 10 reference image
@@ -19,8 +20,8 @@ author: mtniehaus
 Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you will learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You will create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you will have a Windows 10 reference image that can be used in your deployment solution.
 For the purposes of this topic, we will use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, PC0001 is a Windows 10 Enterprise x64 client, and MDT01 is a Windows Server 2012 R2 standard server. HV01 is a Hyper-V host server, but HV01 could be replaced by PC0001 as long as PC0001 has enough memory and is capable of running Hyper-V. MDT01, HV01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation.
 
-**Note**  
-For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
+>{!NOTE]}  
+>For important details about the setup for the steps outlined in this article, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
  
 ![figure 1](../images/mdt-08-fig01.png)
 
@@ -75,8 +76,8 @@ This section will show you how to populate the MDT deployment share with the Win
 
 MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you have created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
 
-**Note**  
-Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
+>[!OTE]  
+>Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
  
 ### Add Windows 10 Enterprise x64 (full source)
 
@@ -115,8 +116,8 @@ By storing configuration items as MDT applications, it is easy to move these obj
 
 In these examples, we assume that you downloaded the software in this list to the E:\\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell.
 
-**Note**  
-All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523).
+>[!NOTE]  
+>All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523).
  
 ### Create the install: Microsoft Office Professional Plus 2013 x86
 
@@ -371,8 +372,11 @@ Figure 9. The Windows 10 desktop with the Resume Task Sequence shortcut.
 
 When using MDT, you don't need to edit the Unattend.xml file very often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer 11 behavior, then you can edit the Unattend.xml for this. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you will want to use Internet Explorer Administration Kit (IEAK).
 
-**Note**  
-You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the Install Roles and Features action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you are adding packages via Unattend.xml, it is version specific, so Unattend.xml must match the exact version of the operating system you are servicing.
+>[!WARNING]
+>Do not use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
+
+>[!NOTE]  
+>You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you are adding packages via Unattend.xml, it is version specific, so Unattend.xml must match the exact version of the operating system you are servicing.
  
 Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
 
@@ -465,8 +469,8 @@ For that reason, add only a minimal set of rules to Bootstrap.ini, such as which
     2.  ISO file name: MDT Build Lab x64.iso
 8.  Click **OK**.
 
-**Note**  
-In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
+>[!NOTE]  
+>In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
  
 
 ### Update the deployment share
@@ -476,8 +480,8 @@ After the deployment share has been configured, it needs to be updated. This is
 1.  Using the Deployment Workbench, right-click the **MDT Build Lab deployment share** and select **Update Deployment Share**.
 2.  Use the default options for the Update Deployment Share Wizard.
 
-**Note**  
-The update process will take 5 to 10 minutes.
+>[!NOTE]  
+>The update process will take 5 to 10 minutes.
  
 ### The rules explained
 
@@ -487,8 +491,8 @@ The Bootstrap.ini and CustomSettings.ini files work together. The Bootstrap.ini
 
 The CustomSettings.ini file is normally stored on the server, in the Deployment share\\Control folder, but also can be stored on the media (when using offline media).
 
-**Note**  
-The settings, or properties, that are used in the rules (CustomSettings.ini and Bootstrap.ini) are listed in the MDT documentation, in the Microsoft Deployment Toolkit Reference / Properties / Property Definition section.
+>[!NOTE]  
+>The settings, or properties, that are used in the rules (CustomSettings.ini and Bootstrap.ini) are listed in the MDT documentation, in the Microsoft Deployment Toolkit Reference / Properties / Property Definition section.
  
 ### The Bootstrap.ini file
 
@@ -515,8 +519,8 @@ So, what are these settings?
      
 -   **SkipBDDWelcome.** Even if it is nice to be welcomed every time we start a deployment, we prefer to skip the initial welcome page of the Windows Deployment Wizard.
 
-**Note**  
-All properties beginning with "Skip" control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values.
+>[!NOTE]  
+>All properties beginning with "Skip" control only whether to display that pane in the Windows Deployment Wizard. Most of the panes also require you to actually set one or more values.
  
 ### The CustomSettings.ini file
 
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index ce1c6ec206..cc7833708b 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -6,7 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: high
-ms.date: 10/31/2017
+ms.date: 11/02/2017
 author: greg-lindsay
 ---
 
@@ -27,7 +27,7 @@ Windows 10 upgrade options are discussed and information is provided about plann
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
 |[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
-|### [How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
+|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
 
  
 
diff --git a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
index 2073022a88..40b6f4fcb0 100644
--- a/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
+++ b/windows/deployment/upgrade/upgrade-readiness-additional-insights.md
@@ -17,7 +17,7 @@ This topic provides information on additional features that are available in Upg
 The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
 
 > [!NOTE] 
-> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
+> Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, data will be collected on all sites visited by Microsoft Edge on computers running Windows 10 version 1803 (including Insider Preview builds) or newer.  The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
 
 ### Install prerequisite security update for Internet Explorer
 
diff --git a/windows/deployment/upgrade/upgrade-readiness-requirements.md b/windows/deployment/upgrade/upgrade-readiness-requirements.md
index 687130e800..18d561a304 100644
--- a/windows/deployment/upgrade/upgrade-readiness-requirements.md
+++ b/windows/deployment/upgrade/upgrade-readiness-requirements.md
@@ -57,6 +57,7 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields
 `https://v10.vortex-win.data.microsoft.com/collect/v1`<BR>
 `https://vortex-win.data.microsoft.com/health/keepalive`<BR>
 `https://settings.data.microsoft.com/qos`<BR>
+`https://settings-win.data.microsoft.com/qos`<BR>
 `https://go.microsoft.com/fwlink/?LinkID=544713`<BR>
 `https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`<BR>
 
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index 0ece1c70e2..1b9607c9b5 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -7,7 +7,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.sitesec: library
-author: mtniehaus
+ms.date: 11/7/2017
+author: greg-lindsay
 ---
 
 # Windows 10 deployment scenarios
@@ -17,7 +18,18 @@ author: mtniehaus
 
 To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task.
 
+## Windows AutoPilot 
+
+Windows AutoPilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows AutoPilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device after just a few clicks. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
+
+For more information about Windows AutoPilot, see [Overview of Windows AutoPilot](https://docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows AutoPilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
+
+## Windows 10 Subscription Activation
+
+Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](https://docs.microsoft.com/en-us/windows/deployment/windows-10-enterprise-subscription-activation).
+
 ## In-place upgrade
+
 For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
 
 Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like System Center Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
@@ -26,22 +38,23 @@ The in-place upgrade process is designed to be extremely reliable, with the abil
 
 Because existing applications are preserved through the process, the upgrade process uses the standard Windows installation media image (Install.wim); custom images are not needed and cannot be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. (For example, Contoso Timecard 1.0 in Windows 7 and Contoso Timecard 3.0 in the Windows 10 image.)
 
+Scenarios that support in-place upgrade with some additional procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
+
+- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 does not require UEFI, so it will work fine to upgrade a system using legacy BIOS emulation. After the upgrade, if you wish to enable Windows 10 features that require UEFI (such as Secure Boot), you can convert the system disk to a format that supports UEFI boot using the [MBR2GPT](https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt) tool. Note: [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk has been converted, you must also configure the firmware to boot in UEFI mode.
+
+-   **Non-Microsoft disk encryption software**: While devices encrypted with BitLocker can easily be upgraded, more work is necessary for non-Microsoft disk encryption tools. Some ISVs will provide instructions on how to integrate their software into the in-place upgrade process. Check with your ISV to see if they have instructions. The following articles provide details on how to provision encryption drivers for use during Windows Setup via the ReflectDrivers setting:
+    - [Windows Setup Automation Overview](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
+    - [Windows Setup Command-Line Options](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options)
+
 There are some situations where you cannot use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
 
 -   Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
-
--   Changing from legacy BIOS to UEFI booting. Some organizations deployed earlier versions of Windows on UEFI-enabled systems, leveraging the legacy BIOS capabilities of these systems. Because changing from legacy BIOS to UEFI requires changing the hardware configuration, disk configuration, and OS configuration, this is not possible using in-place upgrade.
-<p>**Note**<br>Windows 10 does not require UEFI, so it would work fine to upgrade a system using legacy BIOS emulation. Some Windows 10 features, such as Secure Boot, would not be available after doing this.
-
 -   Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
-
--   Devices that use third-party disk encryption software. While devices encrypted with BitLocker can easily be upgraded, more work is necessary for third-party disk encryption tools. Some ISVs will provide instructions on how to integrate their software into the in-place upgrade process (check with your ISV to see if they have instructions), but if not available a traditional deployment would be needed.
-
 -   Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported – preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
-
 -   Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
 
 ## Dynamic provisioning
+
 For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image, because this was often faster and easier than leveraging the preinstalled version. But this is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it is now possible to avoid this.
 
 The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
@@ -49,11 +62,8 @@ The goal of dynamic provisioning is to take a new PC out of the box, turn it on,
 -   Changing the Windows edition with a single reboot. For organizations that have Software Assurance for Windows, it is easy to change a device from Windows 10 Pro to Windows 10 Enterprise, just by specifying an appropriate product or setup key. When the device restarts, all of the Windows 10 Enterprise features will be enabled.
 
 -   Configuring the device with VPN and Wi-Fi connections that may be needed to gain access to organization resources.
-
 -   Installation of additional apps needed for organization functions.
-
 -   Configuration of common Windows settings to ensure compliance with organization policies.
-
 -   Enrollment of the device in a mobile device management (MDM) solution, such as Microsoft Intune.
 
 There are two primary dynamic provisioning scenarios:
@@ -66,7 +76,8 @@ Either way, these scenarios can be used to enable “choose your own device” (
 
 While the initial Windows 10 release includes a variety of provisioning settings and deployment mechanisms, these will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for additional features through the Windows Feedback app or through their Microsoft Support contacts.
 
-## Traditional deployment
+## Traditional deployment: 
+
 New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [System Center Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
 
 With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
diff --git a/windows/device-security/bitlocker/bitlocker-group-policy-settings.md b/windows/device-security/bitlocker/bitlocker-group-policy-settings.md
index 54478101d2..be88d6d8bf 100644
--- a/windows/device-security/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/device-security/bitlocker/bitlocker-group-policy-settings.md
@@ -343,7 +343,7 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 </tr>
 <tr class="even">
 <td align="left"><p><strong>When enabled</strong></p></td>
-<td align="left"><p>You can require that startup PINS set by users must have a minimum length you choose that is between 4 and 20 digits.</p></td>
+<td align="left"><p>You can require that startup PINs set by users must have a minimum length you choose that is between 4 and 20 digits.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>When disabled or not configured</strong></p></td>
diff --git a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
index 47d2848249..f5c907daf3 100644
--- a/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
+++ b/windows/device-security/device-guard/deploy-code-integrity-policies-steps.md
@@ -73,6 +73,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 |Matt Nelson | @enigma0x3| 
 |Oddvar Moe |@Oddvarmoe|
 |Alex Ionescu | @aionescu|
+|Lee Christensen|@tifkin_|
 
 <br />
 
@@ -134,6 +135,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
     <Deny  ID="ID_DENY_FSI_ANYCPU"    FriendlyName="fsiAnyCpu.exe"      FileName="fsiAnyCpu.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_MSHTA"         FriendlyName="mshta.exe"          FileName="mshta.exe" MinimumFileVersion = "65535.65535.65535.65535" />
     <Deny  ID="ID_DENY_VISUALUIAVERIFY"         FriendlyName="visualuiaverifynative.exe"          FileName="visualuiaverifynative.exe" MinimumFileVersion = "65535.65535.65535.65535" />
+    <Deny  ID="ID_DENY_RUNSCRIPTHELPER"         FriendlyName="runscripthelper.exe"                FileName="runscripthelper.exe" MinimumFileVersion="65535.65535.65535.65535" />
 
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
@@ -418,6 +420,7 @@ Microsoft recommends that you block the following Microsoft-signed applications
           <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU" />
           <FileRuleRef RuleID="ID_DENY_MSHTA" />
           <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY" />
+          <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER"/>
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index ce3a47ceb7..c312c4ddc9 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -30,7 +30,9 @@
 ###### [Configure endpoints using Microsoft Intune](windows-defender-atp\configure-endpoints-mdm-windows-defender-advanced-threat-protection.md#configure-endpoints-using-microsoft-intune)
 ##### [Configure endpoints using a local script](windows-defender-atp\configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 ##### [Configure non-persistent virtual desktop infrastructure (VDI) machines](windows-defender-atp\configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+#### [Configure non-Windows endpoints](windows-defender-atp\configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
 #### [Configure server endpoints](windows-defender-atp\configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+#### [Run a detection test on a newly onboarded endpoint](windows-defender-atp\run-detection-test-windows-defender-advanced-threat-protection.md)
 #### [Configure proxy and Internet connectivity settings](windows-defender-atp\configure-proxy-internet-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot onboarding issues](windows-defender-atp\troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
 ### [Portal overview](windows-defender-atp\portal-overview-windows-defender-advanced-threat-protection.md)
@@ -58,7 +60,7 @@
 #### [Manage alerts](windows-defender-atp\manage-alerts-windows-defender-advanced-threat-protection.md)
 #### [Take response actions](windows-defender-atp\response-actions-windows-defender-advanced-threat-protection.md)
 ##### [Take response actions on a machine](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md)
-###### [Collect investigation package](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package)
+###### [Collect investigation package](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#collect-investigation-package-from-machines)
 ###### [Run antivirus scan](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#run-windows-defender-antivirus-scan-on-machines)
 ###### [Restrict app execution](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#restrict-app-execution)
 ###### [Remove app restriction](windows-defender-atp\respond-machine-alerts-windows-defender-advanced-threat-protection.md#remove-app-restriction)
@@ -69,6 +71,7 @@
 ###### [Stop and quarantine files in your network](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#stop-and-quarantine-files-in-your-network)
 ###### [Remove file from quarantine](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-quarantine)
 ###### [Block files in your network](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#block-files-in-your-network)
+###### [Remove file from blocked list](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#remove-file-from-blocked-list)
 ###### [Check activity details in Action center](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#check-activity-details-in-action-center)
 ###### [Deep analysis](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#deep-analysis)
 ####### [Submit files for analysis](windows-defender-atp\respond-file-alerts-windows-defender-advanced-threat-protection.md#submit-files-for-analysis)
@@ -140,13 +143,13 @@
 #### [Configure email notifications](windows-defender-atp\configure-email-notifications-windows-defender-advanced-threat-protection.md)
 #### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
 #### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
-#### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
+#### [Enable and create Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
 #### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
 ### [Review events and errors on endpoints with Event Viewer](windows-defender-atp\event-error-codes-windows-defender-advanced-threat-protection.md)
-### [Windows Defender Antivirus compatibility](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
+### [Windows Defender Antivirus compatibility with Windows Defender ATP](windows-defender-atp\defender-compatibility-windows-defender-advanced-threat-protection.md)
 ##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
 ### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
 
@@ -163,7 +166,7 @@
 #### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
 ##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
 #### [Report on Windows Defender Antivirus protection](windows-defender-antivirus\report-monitor-windows-defender-antivirus.md)
-##### [Troublehsoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
+##### [Troubleshoot Windows Defender Antivirus reporting in Update Compliance](windows-defender-antivirus\troubleshoot-reporting.md)
 #### [Manage updates and apply baselines](windows-defender-antivirus\manage-updates-baselines-windows-defender-antivirus.md)
 ##### [Manage protection and definition updates](windows-defender-antivirus\manage-protection-updates-windows-defender-antivirus.md)
 ##### [Manage when protection updates should be downloaded and applied](windows-defender-antivirus\manage-protection-update-schedule-windows-defender-antivirus.md)
diff --git a/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md b/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
index 5142227854..658e3fcaf7 100644
--- a/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
+++ b/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection.md
@@ -606,9 +606,9 @@ Here are the minimum steps for WEF to operate:
   <Query Id="7" Path="Microsoft-Windows-DNS-Client/Operational">
     <!-- DNS Client events Query Completed (3008) -->
     <Select Path="Microsoft-Windows-DNS-Client/Operational">*[System[(EventID=3008)]]</Select>
-<!—suppresses local machine name resolution events-->
+<!-- suppresses local machine name resolution events -->
 <Suppress Path="Microsoft-Windows-DNS-Client/Operational">*[EventData[Data[@Name="QueryOptions"]="140737488355328"]]</Suppress>
-<!—suppresses empty name resolution events -->
+<!-- suppresses empty name resolution events -->
 <Suppress Path="Microsoft-Windows-DNS-Client/Operational">*[EventData[Data[@Name="QueryResults"]=""]]</Suppress>
   </Query>
   <Query Id="8" Path="Security">
@@ -636,7 +636,7 @@ Here are the minimum steps for WEF to operate:
     <Select Path="Microsoft-Windows-DriverFrameworks-UserMode/Operational">*[System[(EventID=2004)]]</Select>
   </Query>
 <Query Id="14" Path=" Windows PowerShell">
-    <!—Legacy PowerShell pipeline execution details (800) -->
+    <!-- Legacy PowerShell pipeline execution details (800) -->
     <Select Path=" Windows PowerShell">*[System[(EventID=800)]]</Select>
   </Query>
 </QueryList> 
@@ -650,4 +650,4 @@ You can get more info with the following links:
 -   [Event Query Schema](http://msdn.microsoft.com/library/aa385760.aspx)
 -   [Windows Event Collector](http://msdn.microsoft.com/library/windows/desktop/bb427443.aspx)
 
-Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=use-windows-event-forwarding-to-assist-in-instrusion-detection.md). 
\ No newline at end of file
+Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=use-windows-event-forwarding-to-assist-in-instrusion-detection.md). 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 3ab8d056a6..4648182715 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 06/13/2017
+ms.date: 10/30/2017
 ---
 
 # Configure and validate exclusions based on file extension and folder location
@@ -38,6 +38,11 @@ ms.date: 06/13/2017
 
 You can exclude certain files from being scanned by Windows Defender AV by modifying exclusion lists. 
 
+Generally, you shouldn't need to apply exclusions. Windows Defender AV includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
+
+>[!TIP]
+>The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default.
+
 This topic describes how to configure exclusion lists for the following:
 
 Exclusion | Examples | Exclusion list
@@ -48,20 +53,29 @@ A specific file in a specific folder | The file c:\sample\sample.test only | Fil
 A specific process | The executable file c:\test\process.exe | File and folder exclusions
 
 This means the exclusion lists have the following characteristics:
-- Folder exclusions will apply to all files and folders under that folder.
-- File extensions will apply to any file name with the defined extension, regardless of where the file is located.
+- Folder exclusions will apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately.
+- File extensions will apply to any file name with the defined extension if a path or folder is not defined.
+
+>[!IMPORTANT]
+>The use of wildcards such as the asterisk (\*) will alter how the exclusion rules are interpreted. See the [Use wildcards in the file name and folder path or extension exclusion lists](#use-wildcards-in-the-file-name-and-folder-path-or-extension-exclusion-lists) section for important information about how wildcards work.
+>
+>You cannot exclude mapped network drives. You must specify the actual network path.
+>
+>Folders that are reparse points that are created after the Windows Defender AV service starts and that have been added to the exclusion list will not be included. You must restart the service (by restarting Windows) for new reparse points to be recognized as a valid exclusion target.
+
+
 
 
 To exclude files opened by a specific process, see the [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md) topic.
 
 
-The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [always-on real-time protection and monitoring](configure-real-time-protection-windows-defender-antivirus.md).
+The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defender-antivirus.md), [on-demand scans](run-scan-windows-defender-antivirus.md), and [real-time protection](configure-real-time-protection-windows-defender-antivirus.md).
 
-Changes made via Group Policy to the exclusion lists **will show** in the lists in the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions). However, changes made in the Windows Defender Security Center app **will not show** in the Group Policy lists.
+>[!IMPORTANT]
+>Changes made via Group Policy to the exclusion lists **will show** in the lists in the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions). 
+>
+>Changes made in the Windows Defender Security Center app **will not show** in the Group Policy lists.
 
-You can add, remove, and review the lists for exclusions in [Group Policy](#gp), [System Center Configuration Manager, Microsoft Intune, and with the Windows Defender Security Center app](#man-tools), and you can [use wildcards](#wildcards) to further customize the lists.
-
-You can also [use PowerShell cmdlets and WMI to configure the exclusion lists](#ps), including [reviewing](#review) and [validating](#validate) your lists. 
 
 
 By default, local changes made to the lists (by users with administrator privileges; this includes changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in the case of conflicts. 
@@ -79,7 +93,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
 **Use Group Policy to configure folder or file extension exclusions:**
 
 >[!NOTE]
->If you include a fully qualified path to a file, then only that file will be excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder will be excluded.
+>If you specify a fully qualified path to a file, then only that file will be excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder will be excluded.
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
@@ -94,7 +108,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
 
     1. Set the option to **Enabled**. 
     2. Under the **Options** section, click **Show...**
-    3. Enter each folder on its own line under the **Value name** column. If you are entering a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column for all processes.
+    3. Enter each folder on its own line under the **Value name** column. If you are entering a file, ensure you enter a fully qualified path to the file, including the drive letter, folder path, filename, and extension. Enter **0** in the **Value** column.
 
 7. Click **OK**. 
 
@@ -104,7 +118,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
 
     1. Set the option to **Enabled**. 
     2. Under the **Options** section, click **Show...**
-    3. Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column for all processes.
+    3. Enter each file extension on its own line under the **Value name** column.  Enter **0** in the **Value** column.
 
 
 9. Click **OK**. 
@@ -187,23 +201,102 @@ See [Add exclusions in the Windows Defender Security Center app](windows-defende
 <a id="wildcards"></a>
 ## Use wildcards in the file name and folder path or extension exclusion lists
 
-You can use the asterisk \*, question mark ?, or environment variables (such as %ALLUSERSPROFILE%) as wildcards when defining items in the file name or folder path exclusion list.
+You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages, so you should read this section to understand their specific limitations.
 
 >[!IMPORTANT]
->Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
-
-You cannot use a wildcard in place of a drive letter.
+>There are key limitations and usage scenarios for these wildcards:
+>
+>- Environment variable usage is limited to machine variables and those applicable to processes running as an NT AUTHORITY\SYSTEM account.
+>- You cannot use a wildcard in place of a drive letter.
+>- The use of asterisk `*` in a folder exclusion will stand in place for a single folder. Use multiple instances of `\*\` to indicate multiple nested folders with unspecified names.
 
 
 The following table describes how the wildcards can be used and provides some examples.
+<table>
+    <tr>
+        <th>Wildcard</th>
+        <th>Use in file and file extension exclusions</th>
+        <th>Use in folder exclusions</th>
+        <th>Example use</th>
+        <th>Example matches></th>
+    </tr>
+    <tr>
+        <td><b>\*</b> (asterisk)</td>
+        <td>Replaces any number of characters. <br />Only applies to files in the last folder defined in the argument. </td>
+        <td>Replaces a single folder. <br />Use multiple <b>\*</b> with folder slashes <b>\\</b> to indicate multiple, nested folders. </br>After matching to the number of wilcarded and named folders, all subfolders will also be included.</td>
+        <td>
+            <ol>
+                <li>C:\MyData\\<b>\*</b>.txt</li>
+                <li>C:\somepath\\<b>\*</b>\Data</li>
+                <li>C:\Serv\\<b>\*</b>\\<b>\*</b>\Backup
+            </ol>
+        </td>
+        <td>
+            <ol>
+                <li><i>C:\MyData\\<b>notes</b>.txt</i></li>
+                <li>Any file in: 
+                    <ul>
+                        <li><i>C:\somepath\\<b>Archives</b>\Data</i> and its subfolders</li>
+                        <li><i>C:\somepath\\<b>Authorized</b>\Data</i> and its subfolders</li>
+                    </ul>
+                <li>Any file in:
+                <ul>
+                    <li><i>C:\Serv\\<b>Primary</b>\\<b>Denied</b>\Backup</i> and its subfolders</li>
+                    <li><i>C:\Serv\\<b>Secondary</b>\\<b>Allowed</b>\Backup</i> and its subfolders</li>
+                </ul>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <b>?</b> (question mark) 
+        </td>
+        <td>
+            Replaces a single character. <br />
+            Only applies to files in the last folder defined in the argument.
+        </td>
+        <td>
+            Replaces a single character in a folder name. </br>
+            After matching to the number of wilcarded and named folders, all subfolders will also be included.
+        </td>
+        <td>
+            <ol>
+                <li>C:\MyData\my<b>?</b>.zip</li>
+                <li>C:\somepath\\<b>?</b>\Data</li>
+                <li>C:\somepath\test0<b>?</b>\Data</li>
+            </ol>
+        </td>
+        <td>
+            <ol>
+                <li><i>C:\MyData\my<b>1</b>.zip</i></li>
+                <li>Any file in <i>C:\somepath\\<b>P</b>\Data</i> and its subfolders</li>
+                <li>Any file in <i>C:\somepath\test0<b>1</b>\Data</i> and its subfolders</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Environment variables</td>
+        <td>The defined variable will be populated as a path when the exclusion is evaluated.</td>
+        <td>Same as file and extension use. </td>
+        <td>
+            <ol>
+                <li><b>%ALLUSERSPROFILE%</b>\CustomLogFiles</li>
+            </ol> 
+        </td>
+        <td>
+            <ol>
+                <li><i><b>C:\ProgramData</b>\CustomLogFiles\Folder1\file1.txt</i></li>
+            </ol>
+        </td>
+    </tr>
+</table>
 
-Wildcard | Use | Example use | Example matches
----|---|---|---
-\* (asterisk) | Replaces any number of characters | <ul><li>C:\MyData\my\*.zip</li><li>C:\somepath\\\*\Data</li></ul> | <ul><li>C:\MyData\my-archived-files-43.zip</li><li>Any file in C:\somepath\folder1\folder2\Data</li></ul>
-? (question mark) | Replaces a single character | <ul><li>C:\MyData\my\?.zip</li><li>C:\somepath\\\?\Data</li></ul> | <ul><li>C:\MyData\my1.zip</li><li>Any file in C:\somepath\P\Data</li></ul>
-Environment variables | The defined variable will be populated as a path when the exclusion is evaluated |  <ul><li>%ALLUSERSPROFILE%\CustomLogFiles</li></ul> | <ul><li>C:\ProgramData\CustomLogFiles\Folder1\file1.txt</li></ul>
-
-
+>[!IMPORTANT]
+>If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders.
+>
+>For example, you can exclude all files that start with "date" in the folders *c:\data\final\marked* and *c:\data\review\marked* by using the rule argument <b>c:\data\\\*\marked\date*.\*</b>.
+>
+>This argument, however, will not match any files in **subfolders** under *c:\data\final\marked* or *c:\data\review\marked*.
 
 
 <a id="review"></a>
@@ -211,6 +304,11 @@ Environment variables | The defined variable will be populated as a path when th
 
 You can retrieve the items in the exclusion list with PowerShell, [System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), [Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune), or the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
 
+>[!IMPORTANT]
+>Changes made via Group Policy to the exclusion lists **will show** in the lists in the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions). 
+>
+>Changes made in the Windows Defender Security Center app **will not show** in the Group Policy lists.
+
 If you use PowerShell, you can retrieve the list in two ways:
 
 - Retrieve the status of all Windows Defender AV preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line.
@@ -273,6 +371,14 @@ $client = new-object System.Net.WebClient
 $client.DownloadFile("http://www.eicar.org/download/eicar.com.txt","c:\test.txt")
 ```
 
+If you do not have Internet access, you can create your own EICAR test file by writing the EICAR string to a new text file with the following PowerShell command:
+
+```PowerShell
+[io.file]::WriteAllText("test.txt",'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*')
+```
+
+You can also copy the string into a blank text file and attempt to save it with the file name or in the folder you are attempting to exclude.
+
 
 
 ## Related topics
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
index 43bd302fff..9035fb9082 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@@ -82,7 +82,7 @@ Hiding notifications can be useful in situations where you cannot hide the entir
 > [!NOTE]
 > Hiding notifications will only occur on endpoints to which the policy has been deployed. Notifications related to actions that must be taken (such as a reboot) will still appear on the [System Center Configuration Manager Endpoint Protection monitoring dashboard and reports](https://docs.microsoft.com/en-us/sccm/protect/deploy-use/monitor-endpoint-protection).
 
-See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus.md) topic for instructions to add cusomt contact information to the notifications that users see on their machines.
+See the [Customize the Windows Defender Security Center app for your organization](/windows/threat-protection/windows-defender-security-center/windows-defender-security-center-antivirus) topic for instructions to add custom contact information to the notifications that users see on their machines.
 
 **Use Group Policy to hide notifications:**
 
diff --git a/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
index c0f1e340b7..3700e8052a 100644
--- a/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: iaanw
 ms.author: iawilt
-ms.date: 08/25/2017
+ms.date: 11/01/2017
 ---
 
 # Detect and block Potentially Unwanted Applications
@@ -45,8 +45,10 @@ These applications can increase the risk of your network being infected with mal
 
 PUAs are blocked when a user attempts to download or install the detected file, and if the file meets one of the following conditions:
 - The file is being scanned from the browser
-- The file is in the %downloads% folder
-- The file is in the %temp% folder
+- The file is in a folder with "**downloads**" in the path
+- The file is in a folder with "**temp**" in the path
+- The file is on the user's Dekstop
+- The file does not meet one of these conditions and is not under *%programfiles%*, *%appdata%*, or *%windows%*
 
 The file is placed in the quarantine section so it won't run. 
 
@@ -59,6 +61,8 @@ They will also appear in the usual [quarantine list in the Windows Defender Secu
 
 PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune. 
 
+Hoever, PUA detections will be reported if you have set up email notifications for detections.
+
 See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for details on viewing Windows Defender Antivirus events. PUA events are recorded under event ID 1160.
 
 
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/svg/check-no.md b/windows/threat-protection/windows-defender-antivirus/images/svg/check-no.svg
similarity index 100%
rename from windows/threat-protection/windows-defender-exploit-guard/images/svg/check-no.md
rename to windows/threat-protection/windows-defender-antivirus/images/svg/check-no.svg
diff --git a/windows/threat-protection/windows-defender-exploit-guard/images/svg/check-yes.md b/windows/threat-protection/windows-defender-antivirus/images/svg/check-yes.svg
similarity index 100%
rename from windows/threat-protection/windows-defender-exploit-guard/images/svg/check-yes.md
rename to windows/threat-protection/windows-defender-antivirus/images/svg/check-yes.svg
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index b2d2890d2b..ac10f8950b 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -67,9 +67,9 @@ This table indicates the functionality and features that are available in each s
 
 State | Description | [Real-time protection](configure-real-time-protection-windows-defender-antivirus.md) and [cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md) | [Limited periodic scanning availability](limited-periodic-scanning-windows-defender-antivirus.md) | [File scanning and detection information](customize-run-review-remediate-scans-windows-defender-antivirus.md) | [Threat remediation](configure-remediation-windows-defender-antivirus.md) | [Threat definition updates](manage-updates-baselines-windows-defender-antivirus.md)
 :-|:-|:-:|:-:|:-:|:-:|:-:
-Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service.  | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
-Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark no](images/svg/check-no.md)] 
-Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)]
+Passive mode | Windows Defender AV will not be used as the antivirus app, and threats will not be remediated by Windows Defender AV. Files will be scanned and reports will be provided for threat detections which are shared with the Windows Defender ATP service.  | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
+Automatic disabled mode | Windows Defender AV will not be used as the antivirus app. Files will not be scanned and threats will not be remediated. | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark no](images/svg/check-no.svg)]] 
+Active mode | Windows Defender AV is used as the antivirus app on the machine. All configuration made with Configuration Manager, Group Policy, Intune, or other management products will apply. Files will be scanned and threats remediated, and detection information will be reported in your configuration tool (such as Configuration Manager or the Windows Defender AV app on the machine itself). | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)]
 
 Passive mode is enabled if you are enrolled in Windows Defender ATP because [the service requires common information sharing from the Windows Defender AV service](../windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md) in order to properly monitor your devices and network for intrusion attempts and attacks. 
 
diff --git a/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
index 634876b5b8..74e513ecbd 100644
--- a/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
+++ b/windows/threat-protection/windows-defender-application-guard/faq-wd-app-guard.md
@@ -19,6 +19,15 @@ Answering frequently asked questions about Windows Defender Application Guard (A
 
 ## Frequently Asked Questions
 
+| | |
+|---|----------------------------|
+|**Q:** |Can I enable Application Guard on machines equipped with 4GB RAM?|
+|**A:** |We recommend 8GB RAM for optimal performance but you may use the following registry values to enable Application Guard on machines that aren't meeting the recommended hardware configuration. |
+||HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount       - Default is 4 cores. |
+||HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB            - Default is 8GB.|
+||HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB - Default is 5GB.|
+<br>
+
 | | |
 |---|----------------------------|
 |**Q:** |Can employees download documents from the Application Guard Edge session onto host devices?|
diff --git a/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md b/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
index 00798f619b..b7f830ebd5 100644
--- a/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@@ -17,12 +17,15 @@ ms.date: 08/11/2017
 
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
+>[!NOTE]
+>Windows Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host.
+
 ## Hardware requirements
 Your environment needs the following hardware to run Windows Defender Application Guard.
 
 |Hardware|Description|
 |--------|-----------|
-|64-bit CPU|A 64-bit computer is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs).|
+|64-bit CPU|A 64-bit computer with minimum 4 cores is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/reference/tlfs).|
 |CPU virtualization extensions|Extended page tables, also called _Second Level Address Translation (SLAT)_<br><br>**-AND-**<br><br>One of the following virtualization extensions for VBS:<br><br>VT-x (Intel)<br><br>**-OR-**<br><br>AMD-V|
 |Hardware memory|Microsoft recommends 8GB RAM for optimal performance|
 |Hard disk|5 GB free space, solid state disk (SSD) recommended|
diff --git a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
index a4b8d93002..f262dc08a7 100644
--- a/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -47,20 +47,20 @@ To see a list of alerts, click any of the queues under the **Alerts queue** opti
 ##  Sort, filter, and group the alerts list
 You can sort and filter the alerts using the available filters or clicking on a column's header that will sort the view in ascending or descending order.
 
-**Time period**</br>
+### Time period
 - 1 day
 - 3 days
 - 7 days
 - 30 days
 - 6 months
 
-**OS Platform**<br>
+### OS Platform
   - Windows 10
   - Windows Server 2012 R2
   - Windows Server 2016
   - Other
 
-**Severity**</br>
+### Severity
 
 Alert severity | Description
 :---|:---
@@ -71,7 +71,21 @@ Informational </br>(Grey) | Informational alerts are those that might not be con
 
 Reviewing the various alerts and their severity can help you decide on the appropriate action to protect your organization's endpoints.
 
-**Detection source**</br>
+#### Understanding alert severity
+It is important to understand that the Windows Defender Antivirus (Windows Defender AV) and Windows Defender ATP alert severities are different because they represent different scopes.
+
+The Windows Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual machine, if infected.
+
+The Windows Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the machine but more importantly the potential risk to the organization. 
+
+So, for example:
+-	The severity of a Windows Defender ATP alert about a Windows Defender AV detected threat that was completely prevented and did not infect the machine is categorized as "Informational" because there was no actual damage incurred.
+-	An alert about a commercial malware was detected while executing, but blocked and remediated by Windows Defender AV, is categorized as  "Low" because it may have caused some damage to the individual machine but poses no organizational threat.
+-	An alert about malware detected while executing which can pose a threat not only to the individual machine but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
+-	Suspicious behavioral alerts which were not blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
+
+
+### Detection source
 - Windows Defender AV
 - Windows Defender ATP
 - Windows Defender SmartScreen
@@ -80,7 +94,7 @@ Reviewing the various alerts and their severity can help you decide on the appro
 >[!NOTE]
 >The Windows Defender Antivirus filter will only appear if your endpoints are using Windows Defender Antivirus as the default real-time protection antimalware product.
 
-**View**</br>
+### View
 - **Flat view** - Lists alerts individually with alerts having the latest activity displayed at the top.
 - **Grouped view** - Groups alerts by alert ID, file hash, malware family, or other attribute to enable more efficient alert triage and management. Alert grouping reduces the number of rows in the queue by aggregating similar alerts together.
 
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index 3df84f3009..daaf785304 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -56,6 +56,8 @@ ms.date: 10/17/2017
 
 9. Click **OK** and close any open GPMC windows.
 
+>[!TIP]
+> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Additional Windows Defender ATP configuration settings
 For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
@@ -159,4 +161,5 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 - [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index b9ebce1508..3aff67dc2f 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -113,6 +113,11 @@ Configuration for onboarded machines: telemetry reporting frequency | ./Device/V
 > - Configuration of telemetry reporting frequency is only available for machines on Windows 10, version 1703.
 > - Using the Expedite mode might have an impact on the machine's battery usage and actual bandwidth used for sensor data. You should consider this when these measures are critical.
 
+
+>[!TIP]
+> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
+
+
 ### Using the Azure Intune Portal to deploy Windows Defender Advanced Threat Protection policies on Windows 10 1607 and higher
 
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
@@ -215,4 +220,5 @@ Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/W
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 - [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..706db3ef71
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,72 @@
+---
+title: Configure non-Windows endpoints in Windows Defender ATP
+description: Configure non-Winodws endpoints so that they can send sensor data to the Windows Defender ATP service.
+keywords: configure endpoints non-Windows endpoints, macos, linux, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+ms.date: 11/08/2017
+---
+
+# Configure non-Windows endpoints
+
+**Applies to:**
+
+- Mac OS X
+- Linux
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
+
+[!include[Prerelease information](prerelease.md)]
+
+Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products’ sensor data. 
+
+You'll need to know the exact Linux distros and Mac OS X versions that are compatible with Windows Defender ATP for the integration to work. 
+
+## Onboard non-Windows endpoints
+You'll need to take the following steps to oboard non-Windows endpoints:
+1. Turn on third-party integration
+2. Run a detection test
+
+### Turn on third-party integration
+
+1. In Windows Defender Security Center portal, select **Endpoint management** > **Clients** > **Non-Windows**. Make sure the third-party solution is listed.
+
+2. 	Toggle the third-party provider switch button to turn on the third-party solution integration.
+
+3. 	Click **Generate access token** button and then **Copy**.
+
+4. 	Depending on the third-party implementation you're using, the implementation might vary. Refer to the third-party solution documentation for guidance on how to use the token.
+
+
+>[!WARNING] 
+>The access token has a limited validity period. If needed, regenerate the token close to the time you need to share it with the third-party solution.
+
+### Run detection test
+Create an EICAR test file by saving the string displayed on the portal in an empty text file. Then, introduce the test file to a machine running the third-party antivirus solution. 
+
+The file should trigger a detection and a corresponding alert on Windows Defender ATP.
+
+### Offboard non-Windows endpoints
+To effectively offboard the endpoints from the service, you'll need to disable the data push on the third-party portal first then switch the toggle to off in Windows Defender Security Center. The toggle in the portal only blocks the data inbound flow.
+
+
+1. Follow the third-party documentation to opt-out on the third-party service side.
+
+2. In Windows Defender Security Center portal, select **Endpoint management**> **Non-Windows**.
+
+3. Toggle the third-party provider switch button to turn stop telemetry from endpoints. 
+
+>[!WARNING]
+>If you decide to turn on the third-party integration again after disabling the integration, you'll need to regenerate the token and reapply it on endpoints. 
+
+## Related topics
+- [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index c28b6b77f8..8747d4b975 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -61,6 +61,8 @@ You can use existing System Center Configuration Manager functionality to create
 > [!NOTE]
 > Windows Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
 
+>[!TIP]
+> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ### Configure sample collection settings
 For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
@@ -175,4 +177,5 @@ For more information about System Center Configuration Manager Compliance see [C
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
 - [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index f6bd888c41..b81b7d062e 100644
--- a/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -54,7 +54,11 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
 5.  Press the **Enter** key or click **OK**.
 
-For for information on how you can manually validate that the endpoint is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+For information on how you can manually validate that the endpoint is compliant and correctly reports sensor data see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
+
+
+>[!TIP]
+> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ## Configure sample collection settings
 For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
@@ -127,4 +131,5 @@ Monitoring can also be done directly on the portal, or by using the different de
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
 - [Configure non-persistent virtual desktop infrastructure (VDI) machines](configure-endpoints-vdi-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
index 8e51bf936a..ca8d8fc72a 100644
--- a/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection.md
@@ -37,6 +37,8 @@ To onboard your servers to Windows Defender ATP, you’ll need to:
 - Turn on server monitoring from the Windows Defender Security Center portal.
 - If you're already leveraging System Center Operations Manager (SCOM) or Operations Management Suite (OMS), simply attach the Microsoft Monitoring Agent (MMA) to report to your Windows Defender ATP workspace through [Multi Homing support](https://blogs.technet.microsoft.com/msoms/2016/05/26/oms-log-analytics-agent-multi-homing-support/). Otherwise, install and configure MMA to report sensor data to Windows Defender ATP as instructed below.
 
+>[!TIP]
+> After onboarding the endpoint, you can choose to run a detection test to verify that an endpoint is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md).
 
 ### Turn on Server monitoring from the Windows Defender Security Center portal
 
@@ -85,5 +87,7 @@ For more information, see [To disable an agent](https://docs.microsoft.com/en-us
 
 ## Related topics
 - [Configure Windows Defender ATP client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
+- [Run a detection test on a newly onboarded Windows Defender ATP endpoint](run-detection-test-windows-defender-advanced-threat-protection.md)
 - [Troubleshooting Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index 38cb6ddf0f..d216067757 100644
--- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -1,5 +1,5 @@
 ---
-title: Windows Defender Antivirus compatibility
+title: Windows Defender Antivirus compatibility with Windows Defender ATP
 description: Learn about how Windows Defender works with Windows Defender ATP and how it functions when a third-party antimalware client is used.  
 keywords: windows defender compatibility, defender, windows defender atp
 search.product: eADQiWindows 10XVcnh
@@ -13,7 +13,7 @@ ms.localizationpriority: high
 ms.date: 10/17/2017
 ---
 
-# Windows Defender Antivirus compatibility
+# Windows Defender Antivirus compatibility with Windows Defender ATP
 
 **Applies to:**
 
@@ -30,6 +30,8 @@ ms.date: 10/17/2017
 
 The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning.
 
+You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+
 If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
 
 Windows Defender Antivirus will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
diff --git a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
index b196a3f4fa..8003743e5d 100644
--- a/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/experiment-custom-ti-windows-defender-advanced-threat-protection.md
@@ -148,7 +148,7 @@ This step will guide you in exploring the custom alert in the portal.
     ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png)
 
 > [!NOTE]
-> It can take up to 15 minutes for the alert to appear in the portal.
+> There is a latency time of approximately 20 minutes between the the time a custom TI is introduced and when it becomes effective.
 
 ## Related topics
 - [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
index 8c0ade88d7..283ce4a02b 100644
--- a/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -121,11 +121,13 @@ If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the
     ```
 
 ## Windows Defender Antivirus signature updates are configured
-The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. If Windows Defender Antivirus is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender Antivirus in Windows 10](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
+The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
+
+You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
 When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
 
-For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md).
+For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 
 ## Windows Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
 If you're running Windows Defender Antivirus as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
diff --git a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
index 68514478d8..e910416e93 100644
--- a/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -1,7 +1,7 @@
 ---
 title: Onboard endpoints and set up the Windows Defender ATP user access
 description: Set up user access in Azure Active Directory and use Group Policy, SCCM, or do manual registry changes to onboard endpoints to the service.
-keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy
+keywords: onboarding, windows defender advanced threat protection onboarding, windows atp onboarding, sccm, group policy, mdm, local script
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -40,10 +40,21 @@ Windows Defender Advanced Threat Protection requires one of the following Micros
 
 For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
 
+## Windows Defender Antivirus configuration requirement
+The Windows Defender ATP agent depends on the ability of Windows Defender Antivirus to scan files and provide information about them. 
+
+You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
+
+When Windows Defender Antivirus is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender Antivirus goes on passive mode. If your organization has disabled Windows Defender Antivirus through group policy or other methods, machines that are onboarded to Windows Defender ATP must be excluded from this group policy.
+
+For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
+
+
 ## In this section
 Topic | Description
 :---|:---
 [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) | You'll need to configure endpoints for it to report to the Windows Defender ATP service. Learn about the tools and methods you can use to configure endpoints in your enterprise.
+[Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md) | Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products� sensor data. 
 [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md) |  Onboard Windows Server 2012 R2 and Windows Server 2016 to Windows Defender ATP 
 [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)| Enable communication with the Windows Defender ATP cloud service by configuring the proxy and Internet connectivity settings.
 [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) | Learn about resolving issues that might arise during onboarding.
diff --git a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
index 8364b738c5..301fdd085f 100644
--- a/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-windows-defender-advanced-threat-protection.md
@@ -55,6 +55,9 @@ Windows Defender ATP supports the use of Power BI data connectors to enable you
 - [Use the Windows Defender ATP exposed APIs](exposed-apis-windows-defender-advanced-threat-protection.md)<br>
     Windows Defender ATP exposes much of the available data and actions using a set of programmatic APIs that are part of the Microsoft Intelligence Security Graph. Those APIs will enable you, to automate workflows and innovate based on Windows Defender ATP capabilities.
 
+- [Configure non-Windows endpoints](configure-endpoints-non-windows-windows-defender-advanced-threat-protection.md)<br>
+Windows Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in the Windows Defender ATP portal and better protect your organization's network. This experience leverages on a third-party security products' sensor data. 
+
 
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-preview-belowfoldlink)  
 
diff --git a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
index 10734a86ca..f5bdb18d2e 100644
--- a/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-file-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/17/2017
+ms.date: 11/10/2017
 ---
 
 # Take response actions on a file
@@ -29,17 +29,26 @@ ms.date: 10/17/2017
 
 Quickly respond to detected attacks by stopping and quarantining files or blocking a file. After taking action on files, you can check activity details on the Action center.
 
->[!NOTE]
-> These response actions are only available for machines on Windows 10, version  1703.
+>[!IMPORTANT]
+>These response actions are only available for machines on Windows 10, version 1703 or later.
 
 You can also submit files for deep analysis to run the file in a secure cloud sandbox. When the analysis is complete, you'll get a detailed report that provides information about the behavior of the file.
 
 ## Stop and quarantine files in your network
 You can contain an attack in your organization by stopping the malicious process and quarantine the file where it was observed.
 
+>[!IMPORTANT]
+>You can only take this action if:
+> - The machine you're taking the action on is running Windows 10, version 1703 or later
+> - The file does not belong to trusted third-party publishers or not signed by Microsoft
+> - Windows Defender Antivirus must at least be running on Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
+
 The **Stop and Quarantine File** action includes stopping running processes, quarantining the files, and deleting persistency such as registry keys.
 
-The action takes effect on machines with the latest Windows 10, version 1703 where the file was observed in the last 30 days.
+The action takes effect on machines with Windows 10, version 1703 or later, where the file was observed in the last 30 days.
+
+>[!NOTE]
+>You’ll be able to remove the file from quarantine at any time.
 
 ### Stop and quarantine files
 1.	Select the file you want to stop and quarantine. You can select a file from any of the following views or use the Search box:
@@ -70,7 +79,7 @@ When the file is being removed from an endpoint, the following notification is s
 
 In the machine timeline, a new event is added for each machine where a file was stopped and quarantined.
 
->[!NOTE]
+>[!IMPORTANT]
 >The **Action** button is turned off for files signed by Microsoft as well as trusted third–party publishers to prevent the removal of critical system files and files used by important applications.
 
 ![Image of action button turned off](images/atp-file-action.png)
@@ -97,11 +106,12 @@ You can roll back and remove a file from quarantine if you’ve determined that
 ## Block files in your network
 You can prevent further propagation of an attack in your organization by banning potentially malicious files or suspected malware. If you know a potentially malicious portable executable (PE) file, you can block it. This operation will prevent it from being read, written, or executed on machines in your organization.
 
->[!NOTE]
->This feature is only available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled.  For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
-This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. This response action is available for machines on Windows 10, version 1703 or later.
-
 >[!IMPORTANT]
+>- This feature is available if your organization uses Windows Defender Antivirus and Cloud–based protection is enabled. For more information, see [Manage cloud–based protection](../windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md). </br></br>
+>- This feature is designed to prevent suspected malware (or potentially malicious files) from being downloaded from the web. It currently supports portable executable (PE) files, including _.exe_ and _.dll_ files. The coverage will be extended over time. 
+>- This response action is available for machines on Windows 10, version 1703 or later.
+
+>[!NOTE]
 > The PE file needs to be in the machine timeline for you to be able to take this action.  
 
 
diff --git a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
index ffd0412eb8..87f97bcd64 100644
--- a/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/respond-machine-alerts-windows-defender-advanced-threat-protection.md
@@ -10,7 +10,7 @@ ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
-ms.date: 10/17/2017
+ms.date: 11/10/2017
 ---
 
 # Take response actions on a machine
@@ -24,20 +24,19 @@ ms.date: 10/17/2017
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
 
-
-
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-respondmachine-abovefoldlink) 
 
 Quickly respond to detected attacks by isolating machines or collecting an investigation package. After taking action on machines, you can check activity details on the Action center.
 
->[!NOTE]
-> These response actions are only available for machines on Windows 10, version  1703.
-
-
+>[!IMPORTANT]
+> These response actions are only available for machines on Windows 10, version  1703 or later. 
 
 ## Collect investigation package from machines
 As part of the investigation or response process, you can collect an investigation package from a machine. By collecting the investigation package, you can identify the current state of the machine and further understand the tools and techniques used by the attacker.
 
+>[!IMPORTANT]
+> This response action is available for machines on Windows 10, version  1703 or later.
+
 You can download the package (Zip file) and investigate the events that occurred on a machine.
 
 The package contains the following folders:
@@ -89,8 +88,10 @@ The package contains the following folders:
 ## Run Windows Defender Antivirus scan on machines
 As part of the investigation or response process, you can remotely initiate an antivirus scan to help identify and remediate malware that might be present on a compromised machine.
 
->[!NOTE]
-> A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not.
+>[!IMPORTANT]
+>- This action is available for machines on Windows 10, version  1709 or later.
+>- A Windows Defender Antivirus (Windows Defender AV) scan can run alongside other antivirus solutions, whether Windows Defender AV is the active antivirus solution or not. Windows Defender AV can be in Passive mode. For more information, see [Windows Defender Antivirus compatibility](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
+
 
 1.	Select the machine that you want to run the scan on. You can select or search for a machine from any of the following views:
 
@@ -121,6 +122,11 @@ The machine timeline will include a new event, reflecting that a scan action was
 ## Restrict app execution
 In addition to the ability of containing an attack by stopping malicious processes, you can also lock down a device and prevent subsequent attempts of potentially malicious programs from running.
 
+>[!IMPORTANT]
+> - This action is available for machines on Windows 10, version  1709 or later.
+> - This action needs to meet the Windows Defender Application Control code integrity policy formats and signing requirements. For more information, see [Code integrity policy formats and signing](https://docs.microsoft.com/en-us/windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard#code-integrity-policy-formats-and-signing).
+
+
 The action to restrict an application from running applies a code integrity policy that only allows running of files that are signed by a Microsoft issued certificate. This method of restriction can help prevent an attacker from controlling compromised machines and performing further malicious activities.
 
 >[!NOTE]
@@ -171,9 +177,14 @@ Depending on the severity of the attack and the state of the machine, you can ch
 ## Isolate machines from the network
 Depending on the severity of the attack and the sensitivity of the machine, you might want to isolate the machine from the network. This action can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement.
 
+>[!IMPORTANT]
+>- Full isolation is available for machines on Windows 10, version 1703.
+>- Selective isolation is available for machines on Windows 10, version 1709 or later.
+
+
 This machine isolation feature disconnects the compromised machine from the network while retaining connectivity to the Windows Defender ATP service, which continues to monitor the machine.
 
-On Windows 10, version 1710 and above, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity.
+On Windows 10, version 1709 or later, you'll have additional control over the network isolation level. You can also choose to enable Outlook and Skype for Business connectivity.
 
 >[!NOTE]
 >You’ll be able to reconnect the machine back to the network at any time.
diff --git a/windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..9be70be191
--- /dev/null
+++ b/windows/threat-protection/windows-defender-atp/run-detection-test-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,47 @@
+---
+title: Run a detection test on a newly onboarded Windows Defender ATP endpoint
+description: Run the detection script on a newly onboarded endpoint to verify that it is properly onboarded to the Windows Defender ATP service.
+keywords: detection test, detection, powershell, script, verify, onboarding, windows defender advanced threat protection onboarding, clients, servers, endpoint, test
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: high
+ms.date: 11/06/2017
+---
+
+#  Run a detection test on a newly onboarded Windows Defender ATP endpoint 
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+
+Run the following PowerShell script on a newly onboarded endpoint to verify that it is properly reporting to the Windows Defender ATP service.
+
+1. Open an elevated command-line prompt on the endpoint and run the script:
+
+    a.  Go to **Start** and type **cmd**.
+
+    b.  Right-click **Command Prompt** and select **Run as administrator**.
+
+    ![Window Start menu pointing to Run as administrator](images/run-as-admin.png)
+
+2. At the prompt, copy and run the following command:
+
+    ```
+    powershell.exe -NoExit -ExecutionPolicy Bypass -WindowStyle Hidden (New-Object System.Net.WebClient).DownloadFile('http://127.0.0.1/1.exe', 'C:\test-WDATP-test\invoice.exe');Start-Process 'C:\test-WDATP-test\invoice.exe'
+    ```
+
+The Command Prompt window will close automatically. If successful, the detection test will be marked as completed and a new alert will appear in the portal for the onboarded endpoint in approximately 10 minutes.
+
+## Related topics
+- [Configure client endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Configure server endpoints](configure-server-endpoints-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
diff --git a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
index a3bb50ab5b..79d18a0881 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@@ -21,7 +21,12 @@ ms.date: 08/25/2017
 
 **Applies to:**
 
-- Windows 10, version 1709 
+- Windows 10, version 1709 (and later)
+- Microsoft Office 365
+- Microsoft Office 2016
+- Microsoft Office 2013
+- Microsoft Office 2010
+
 
 
 
@@ -47,7 +52,7 @@ The feature is comprised of a number of rules, each of which target specific beh
 
 - Executable files and scripts used in Office apps or web mail that attempt to download or run files
 - Scripts that are obfuscated or otherwise suspicious
-- Behaviors that apps undertake that are not usually inititated during normal day-to-day work
+- Behaviors that apps undertake that are not usually initiated during normal day-to-day work
 
 See the [Attack surface reduction rules](#attack-surface-reduction-rules) section in this topic for more information on each rule.
 
@@ -59,7 +64,7 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
 
 The following sections describe what each rule does. Each rule is identified by a rule GUID, as in the following table:
 
-Rule name | GUIDs 
+Rule name | GUID
 -|-
 Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
 Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
@@ -69,6 +74,15 @@ Block JavaScript or VBScript from launching downloaded executable content | D3E0
 Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
 Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
 
+The rules apply to the following Office apps running on Windows 10, version 1709. See the **Applies to** section at the start of this topic for a list of supported Office version.
+
+Supported Office apps:
+- Microsoft Word
+- Microsoft Excel
+- Microsoft PowerPoint
+- Microsoft OneNote
+
+The rules do not apply to any other Office apps.
 
 ### Rule: Block executable content from email client and webmail
 
@@ -79,7 +93,8 @@ This rule blocks the following file types from being run or launched from an ema
 - Script files (such as a PowerShell .ps, VisualBasic .vbs, or JavaScript .js file)
 - Script archive files
 
-
+>[!IMPORTANT]
+>[Exclusions do not apply to this rule](customize-attack-surface-reduction.md#exclude-files-and-folders).
 
 ### Rule: Block Office applications from creating child processes
 
@@ -102,14 +117,18 @@ Office apps, such as Word, Excel, or PowerPoint, will not be able to inject code
 This is typically used by malware to run malicious code in an attempt to hide the activity from antivirus scanning engines.
 
 
+>[!IMPORTANT]
+>[Exclusions do not apply to this rule](customize-attack-surface-reduction.md#exclude-files-and-folders).
 
-### Rule: Block JavaScript ok VBScript From launching downloaded executable content
+### Rule: Block JavaScript or VBScript From launching downloaded executable content
 
 JavaScript and VBScript scripts can be used by malware to launch other malicious apps. 
 
 This rule prevents these scripts from being allowed to launch apps, thus preventing malicious use of the scripts to spread malware and infect machines.
 
 
+>[!IMPORTANT]
+>[Exclusions do not apply to this rule](customize-attack-surface-reduction.md#exclude-files-and-folders).
 
 ### Rule: Block execution of potentially obfuscated scripts
 
diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
index e68c054cde..421eef2058 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md
@@ -43,9 +43,35 @@ You can use Group Policy, PowerShell, and MDM CSPs to configure these settings.
 
 ## Exclude files and folders
 
-You can exclude files and folders from being evaluated by Attack surface reduction rules. 
+You can exclude files and folders from being evaluated by most Attack surface reduction rules. This means that even if the file or folder contains malicious behavior as determined by an Attack surface reduction rule, the file will not be blocked from running. 
+
+This could potentially allow unsafe files to run and infect your devices.
+
+>[!WARNING]
+>Excluding files or folders can severly reduce the protection provided by Attack surface reduction rules. Files that would have been blocked by a rule will be allowed to run, and there will be no report or event recorded.
+> 
+>If you are encountering problems with rules detecting files that you believe should not be detected, you should [use audit mode first to test the rule](enable-attack-surface-reduction.md#enable-and-audit-attack-surface-reduction-rules).
+
+You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode) and that allow exclusions.
+
+Exclusions will only be applied to certain rules. Some rules will not honor the exclusion list. This means that even if you have added a file to the exclusion list, some rules will still evaluate and potentially block that file if the rule determines the file to be unsafe.
+
+>[!IMPORTANT] 
+>Rules that do not honor the exclusion list will not exclude folders or files added in the exclusion list. All files will be evaluated and potentially blocked by rules that do not honor the exclusion list (indicated with a red X in the following table). 
+
+
+Rule description | Rule honors exclusions | GUID 
+-|:-:|-
+Block Office applications from creating child processes | [!include[Check mark yes](images/svg/check-yes.svg)] | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
+Block execution of potentially obfuscated scripts | [!include[Check mark yes](images/svg/check-yes.svg)] | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
+Block Win32 API calls from Office macro | [!include[Check mark yes](images/svg/check-yes.svg)] | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+Block Office applications from creating executable content | [!include[Check mark yes](images/svg/check-yes.svg)] | 3B576869-A4EC-4529-8536-B80A7769E899
+Block Office applications from injecting code into other processes | [!include[Check mark no](images/svg/check-no.svg)] | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
+Block JavaScript or VBScript from launching downloaded executable content | [!include[Check mark no](images/svg/check-no.svg)] | D3E037E1-3EB8-44C8-A917-57927947596D
+Block executable content from email client and webmail | [!include[Check mark no](images/svg/check-no.svg)] | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
+
+See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
-You can specify individual files or folders (using folder paths or fully qualified resource names) but you cannot specify if the exclusions should only be applied to individual rules: the exclusions will apply to all rules that are enabled (or placed in audit mode).
 
 ### Use Group Policy to exclude files and folders
 
diff --git a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
index 40aebba1d3..6b1389f6dd 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@@ -63,28 +63,28 @@ The **Use default** configuration for each of the mitigation settings indicates
 For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this topic.
 
 Mitigation | Description | Can be applied to | Audit mode available
-- | - | - | -
-Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level | [!include[Check mark no](images/svg/check-no.md)]
-Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](images/svg/check-no.md)]
-Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Block remote images | Prevents loading of images from remote devices. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Code integrity guard | Restricts loading of images signed by Microsoft, WQL, and higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](images/svg/check-no.md)]
-Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Do not allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](images/svg/check-no.md)]
-Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
-Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
+- | - | - | :-:
+Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level | [!include[Check mark no](images/svg/check-no.svg)]
+Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level  | [!include[Check mark no](images/svg/check-no.svg)]
+Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level  | [!include[Check mark no](images/svg/check-no.svg)]
+Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](images/svg/check-no.svg)]
+Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level  | [!include[Check mark no](images/svg/check-no.svg)]
+Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level  | [!include[Check mark no](images/svg/check-no.svg)]
+Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Block remote images | Prevents loading of images from remote devices. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Block untrusted fonts | Prevents loading any GDI-based fonts not installed in the system fonts directory, notably fonts from the web. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Code integrity guard | Restricts loading of images signed by Microsoft, WQL, and higher. Can optionally allow Microsoft Store signed images. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Disable extension points | Disables various extensibility mechanisms that allow DLL injection into all processes, such as AppInit DLLs, window hooks, and Winsock service providers. | App-level only | [!include[Check mark no](images/svg/check-no.svg)]
+Disable Win32k system calls | Prevents an app from using the Win32k system call table. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Do not allow child processes | Prevents an app from creating child processes. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Export address filtering (EAF) | Detects dangerous operations being resolved by malicious code. Can optionally validate access by modules commonly used by exploits. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Import address filtering (IAF) | Detects dangerous operations being resolved by malicious code. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Simulate execution (SimExec) | Ensures that calls to sensitive APIs return to legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate API invocation (CallerCheck) | Ensures that sensitive APIs are invoked by legitimate callers. Only configurable for 32-bit (x86) applications. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate handle usage | Causes an exception to be raised on any invalid handle references. | App-level only | [!include[Check mark no](images/svg/check-no.svg)]
+Validate image dependency integrity | Enforces code signing for Windows image dependency loading. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
+Validate stack integrity (StackPivot) | Ensures that the stack has not been redirected for sensitive APIs. | App-level only | [!include[Check mark yes](images/svg/check-yes.svg)]
 
 >[!IMPORTANT]
 >If you add an app to the **Program settings** section and configure individual mitigation settings there, they will be honored above the configuration for the same mitigations specified in the **System settings** section. The following matrix and examples help to illustrate how defaults work:
@@ -92,10 +92,10 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
 >
 >Enabled in **Program settings** | Enabled in **System settings** | Behavior
 >:-: | :-: | :-:
->[!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark no](images/svg/check-no.md)] | As defined in **Program settings**
->[!include[Check mark yes](images/svg/check-yes.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | As defined in **Program settings**
->[!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | As defined in **System settings**
->[!include[Check mark no](images/svg/check-no.md)] | [!include[Check mark yes](images/svg/check-yes.md)] | Default as defined in **Use default** option
+>[!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark no](images/svg/check-no.svg)] | As defined in **Program settings**
+>[!include[Check mark yes](images/svg/check-yes.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | As defined in **Program settings**
+>[!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | As defined in **System settings**
+>[!include[Check mark no](images/svg/check-no.svg)] | [!include[Check mark yes](images/svg/check-yes.svg)] | Default as defined in **Use default** option
 >
 >
 >  
diff --git a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
index e4853782de..c147b811c2 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@@ -50,19 +50,19 @@ Attack surface reduction rules are identified by their unique rule ID.
 
 You can manually add the rules by using the GUIDs in the following table:
 
-Rule description | GUIDs 
+Rule description | GUID
 -|-
 Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
 Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
 Block Office applications from creating executable content  | 3B576869-A4EC-4529-8536-B80A7769E899
-Block Office applications from injecting into other processes | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
-Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
+Block Office applications from injecting code into other processes | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
+Block JavaScript or VBScript from launching downloaded executable content | D3E037E1-3EB8-44C8-A917-57927947596D
 Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
-Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
+Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
 
 See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) topic for details on each rule.
 
-### Use Group Policy to enable Attack surface reduction rules
+### Use Group Policy to enable or audit Attack surface reduction rules
 
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@@ -84,7 +84,7 @@ See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) to
 
         
 
- ### Use PowerShell to enable Attack surface reduction rules
+ ### Use PowerShell to enable or audit Attack surface reduction rules
 
 1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
 2. Enter the following cmdlet:
diff --git a/windows/threat-protection/windows-defender-antivirus/images/svg/check-no.md b/windows/threat-protection/windows-defender-exploit-guard/images/svg/check-no.svg
similarity index 76%
rename from windows/threat-protection/windows-defender-antivirus/images/svg/check-no.md
rename to windows/threat-protection/windows-defender-exploit-guard/images/svg/check-no.svg
index afa7a3d27d..89a87afa8b 100644
--- a/windows/threat-protection/windows-defender-antivirus/images/svg/check-no.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/images/svg/check-no.svg
@@ -1,4 +1,4 @@
-<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
+<svg width="15px" height="15px" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
     <title>Check mark no</title>
     <polygon 
         fill='#d83b01' 
diff --git a/windows/threat-protection/windows-defender-antivirus/images/svg/check-yes.md b/windows/threat-protection/windows-defender-exploit-guard/images/svg/check-yes.svg
similarity index 68%
rename from windows/threat-protection/windows-defender-antivirus/images/svg/check-yes.md
rename to windows/threat-protection/windows-defender-exploit-guard/images/svg/check-yes.svg
index 4dd10553c4..483ff5fefc 100644
--- a/windows/threat-protection/windows-defender-antivirus/images/svg/check-yes.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/images/svg/check-yes.svg
@@ -1,4 +1,4 @@
-<svg width="1rem" height="1rem" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
+<svg width="15px" height="15px" xmlns='http://www.w3.org/2000/svg' viewBox='0 0 140 140'>
     <title>Check mark yes</title>
     <path
         fill='#0E8915' 
diff --git a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index 1fbdee219b..29fbde030a 100644
--- a/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -52,7 +52,7 @@ Windows Defender EG can be managed and reported on in the Windows Defender Secur
 - Windows Defender Device Guard
 - [Windows Defender Application Guard](../windows-defender-application-guard/wd-app-guard-overview.md)
 
-You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md).
+You can use the Windows Defender ATP console to obtain detailed reporting into events and blocks as part of the usual [alert investigation scenarios](../windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md). You can [sign up for a free trial of Windows Defender ATP](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=cx-docs-msa4053440) to see how it works.
 
 Each of the features in Windows Defender EG have slightly different requirements: