Merge pull request #829 from MicrosoftDocs/FromPrivateRepo

From private repo

.openpublishing.redirection.json

@@ -6,6 +6,11 @@
 "redirect_document_id": true
 },
 {
+"source_path": "windows/security/threat-protection/device-guard/device-guard-deployment-guide.md",
+"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
+"redirect_document_id": true
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-application-control.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control",
 "redirect_document_id": true
@@ -441,11 +446,6 @@
 "redirect_document_id": true
 },
 {
-"source_path": "windows/security/threat-protection/device-guard/deploy-windows-defender-application-control.md",
-"redirect_url": "/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide",
-"redirect_document_id": true
-},
-{
 "source_path": "windows/security/threat-protection/device-guard/optional-create-a-code-signing-certificate-for-windows-defender-application-control.md",
 "redirect_url": "/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control",
 "redirect_document_id": true

education/windows/TOC.md

@@ -17,7 +17,7 @@
 ### [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md)
 ### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md)
 ### [Get Minecraft: Education Edition with Windows 10 device promotion](get-minecraft-device-promotion.md)
-## [Test Windows 10 S on existing Windows 10 education devices](test-windows10s-for-edu.md)
+## [Test Windows 10 in S mode on existing Windows 10 education devices](test-windows10s-for-edu.md)
 ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
 ## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
 ## [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](s-mode-switch-to-edu.md)

education/windows/autopilot-reset.md

@@ -75,6 +75,9 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo
 
 2. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
 
+>[!IMPORTANT] 
+>To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
+
     Once Autopilot Reset is triggered, the reset process starts. 
     
     After reset, the device:

education/windows/s-mode-switch-to-edu.md

@@ -1,7 +1,7 @@
 ---
 title: Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
 description: Overview of Windows 10 Pro Education in S mode, switching options, and system requirements
-keywords: Windows 10 Pro Education S, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
+keywords: Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.prod: w10
@@ -11,7 +11,7 @@ ms.date: 04/30/2018
 author: Mikeblodge
 ---
 
-# Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
+# Windows 10 Pro in S mode for Education
 
 S mode is an enhanced security mode of Windows 10 – streamlined for security and superior performance. With Windows 10 in S mode, everyone can download and install Microsoft-verified apps from the Microsoft Store for Education – this keep devices running fast and secure day in and day out. 
 
@@ -39,7 +39,7 @@ S mode is an enhanced security mode of Windows 10 – streamlined for security a
 |Device Guard | | | | X |
 
 ###  Windows 10 in S mode is safe, secure, and fast.  
-However, in some limited scenarios, you might need to switch to Windows 10 Education. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store or by using Autopilot.
+However, in some limited scenarios, you might need to switch to Windows 10 Education. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store.
 
 > [!IMPORTANT]
 > While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a BMR factory reset. 
@@ -47,20 +47,16 @@ However, in some limited scenarios, you might need to switch to Windows 10 Educa
 ## How to switch
 
 ### Devices running Windows 10, version 1803
-The way that you switch a Windows 10, version 1803 device from S mode to EDU is different from Windows 10, version 1709. Instead of applying a MAK key (which only switches editions), you need to switch the device using Intune/MDM either at OOBE (Windows Autopilot) or while managing your devices Post OOBE.”
 
-1.	Select which devices to switch out of S mode.
-2.	Select the S mode switch option in Intune/MDM.
-
-> [!NOTE]
-> To rollback to Windows 10 Pro in S mode, a BMR factory reset must be performed.
-
-### Switch using the Microsoft Store for Education
+**Switch using the Microsoft Store for Education**<BR>
 There are two switch options available using the Microsoft Store for Education:
 
 Tenant-wide Windows 10 Pro in S mode > Pro EDU in S mode <BR>
 Tenant-wide Windows 10 Pro > Pro EDU
 
+> [!NOTE]
+> To rollback to Windows 10 Pro in S mode, a BMR factory reset must be performed.
+
 ### Devices running Windows 10, version 1709
 
 1. **Bulk switch through Microsoft Store for Education** - In this scenario, the global admin for the Azure AD education tenant can use Microsoft Store to switch all Windows 10 Pro in S mode devices on the tenant to Windows 10 Pro Education. (Devices running Windows 10, version 1803 will switch to Windows 10 Pro EDU in S mode.)

education/windows/test-windows10s-for-edu.md

@@ -1,52 +1,52 @@
 ---
-title: Test Windows 10 S on existing Windows 10 education devices
-description: Provides guidance on downloading and testing Windows 10 S for existing Windows 10 education devices.
-keywords: Windows 10 S, try, download, school, education, Windows 10 S installer, existing Windows 10 education devices
+title: Test Windows 10 in S mode on existing Windows 10 education devices
+description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices.
+keywords: Windows 10 in S mode, try, download, school, education, Windows 10 in S mode installer, existing Windows 10 education devices
 ms.mktglfcycl: deploy
 ms.prod: w10
 ms.pagetype: edu
 ms.sitesec: library
 ms.localizationpriority: high
-author: CelesteDG
-ms.author: celested
-ms.date: 11/03/2017
+author: MikeBlodge
+ms.author: MikeBlodge
+ms.date: 04/30/2018
 ---
 
-# Test Windows 10 S on existing Windows 10 education devices
+# Test Windows 10 in S mode on existing Windows 10 education devices
 
 **Applies to:**
-- Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, Windows 10 Enterprise
+- Devices running Windows 10, version 1709: Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, Windows 10 Enterprise
 
-The Windows 10 S self-installer will allow you to test Windows 10 S on a variety of individual Windows 10 devices (except Windows 10 Home) with a genuine, activated license<sup>[1](#footnote1)</sup>. Please test Windows 10 S on a variety of devices in your school and share your feedback with us.
+The Windows 10 in S mode self-installer will allow you to test Windows 10 in S mode on a variety of individual Windows 10 devices (except Windows 10 Home) with a genuine, activated license<sup>[1](#footnote1)</sup>. Please test Windows 10 in S mode on a variety of devices in your school and share your feedback with us.
 
-Windows 10 S is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education<sup>[2](#footnote2)</sup>.
+Windows 10 in S mode is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education<sup>[2](#footnote2)</sup>.
 
-Windows 10 S is different from other editions of Windows 10 as everything that runs on the device is verfied by Microsoft for security and performance. Therefore, Windows 10 S works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 S, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store.
+Windows 10 in S mode is different from other editions of Windows 10 as everything that runs on the device is verfied by Microsoft for security and performance. Therefore, Windows 10 in S mode works exclusively with apps from the Microsoft Store. Some accessories and apps compatible with Windows 10 may not work and performance may vary. Certain default settings, features, and apps cannot be changed. When you install Windows 10 in S mode, your existing applications and settings will be deleted and you will only be able to install apps from the Microsoft Store.
 
-**Configuring Windows 10 S for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). 
+**Configuring Windows 10 in S mode for school use is easy:** Education customers must configure **SetEduPolicies** for use in K-12 schools. For more information on how to do these, see [Use the Set up School PCs app](use-set-up-school-pcs-app.md) and [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md). 
 
-**Installing Office 365 for Windows 10 S (Education preview)**: To install the Office applications in a school environment, you must use the free Set up School PCs app, which is available on the Microsoft Store for Education and from the Microsoft Store. 
+**Installing Office 365 for Windows 10 in S mode (Education preview)**: To install the Office applications in a school environment, you must use the free Set up School PCs app, which is available on the Microsoft Store for Education and from the Microsoft Store. 
 
-As we finalize development of Office 365 for Windows 10 S (Education preview), the applications will be updated automatically. You must have an Office license to activate the applications once they are installed.To learn more about Office 365 for Education plans, see [FAQ: Office on Windows 10 S](https://support.office.com/article/717193b5-ff9f-4388-84c0-277ddf07fe3f).
+As we finalize development of Office 365 for Windows 10 in S mode (Education preview), the applications will be updated automatically. You must have an Office license to activate the applications once they are installed.To learn more about Office 365 for Education plans, see [FAQ: Office on Windows 10 in S mode](https://support.office.com/article/717193b5-ff9f-4388-84c0-277ddf07fe3f).
 
-## Before you install Windows 10 S
+## Before you install Windows 10 in S mode
 
 ### Important information
 
-Before you install Windows 10 S, be aware that non-Microsoft Store apps will not work, peripherals that require custom drivers may not work, and other errors may occur. In particular, this release of Windows 10 S:
+Before you install Windows 10 in S mode, be aware that non-Microsoft Store apps will not work, peripherals that require custom drivers may not work, and other errors may occur. In particular, this release of Windows 10 in S mode:
 * Is intended for education customers to test compatibility with existing hardware
-* May not work with some device drivers, which may not yet be ready for Windows 10 S and may cause some loss in functionality
+* May not work with some device drivers, which may not yet be ready for Windows 10 in S mode and may cause some loss in functionality
 * May not be compatible with all peripherals that require custom drivers and, even if compatible, may cause aspects of the peripheral to not function
-* Has software and feature limitations compared to other Windows 10 editions, primarily that Windows 10 S is limited to Store apps only
+* Has software and feature limitations compared to other Windows 10 editions, primarily that Windows 10 in S mode is limited to Store apps only
 
     > [!WARNING]
-    > You can install Windows 10 S on devices running other editions of Windows 10. For more information, see [Supported devices](#supported-devices). However, we don't recommend installing Windows 10 S on Windows 10 Home devices as you won't be able to activate it.
+    > You can install Windows 10 in S mode on devices running other editions of Windows 10. For more information, see [Supported devices](#supported-devices). However, we don't recommend installing Windows 10 in S mode on Windows 10 Home devices as you won't be able to activate it.
 
 * Will not run current Win32 software and might result in the loss of any data associated with that software, which might include software already purchased
 
 Due to these reasons, we recommend that you use the installation tool and avoid doing a clean install from an ISO media.
 
-Before you install Windows 10 S on your existing Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise device:
+Before you install Windows 10 in S mode on your existing Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise device:
 * Make sure that you updated your existing device to Windows 10, version 1703 (Creators Update).
 
     See [Download Windows 10](https://www.microsoft.com/en-us/software-download/windows10) and follow the instructions to update your device to Windows 10, version 1703. You can verify your current version in **Settings > System > About**.
@@ -55,27 +55,27 @@ Before you install Windows 10 S on your existing Windows 10 Pro, Windows 10 Pro
 
     To do this, go to **Settings > Update & security > Windows Update**.
 
-* Create a system backup in case you would like to return to your previously installed version of Windows 10 after trying Windows 10 S.
+* Create a system backup in case you would like to return to your previously installed version of Windows 10 after trying Windows 10 in S mode.
 
     See [Create a recovery drive](#create-a-recovery-drive) for information on how to do this.
 
 ## Supported devices
 
-The Windows 10 S install will install and activate on the following editions of Windows 10 in use by schools:
+The Windows 10 in S mode install will install and activate on the following editions of Windows 10 in use by schools:
 * Windows 10 Pro
 * Windows 10 Pro Education
 * Windows 10 Education
 * Windows 10 Enterprise
 
-Other Windows 10 editions cannot be activated and are not supported. If your device is not running one of these supported Windows 10 editions, do not proceed with using the Windows 10 S installer. Windows 10 N editions and running in virtual machines are not supported by the Windows 10 S installer. 
+Other Windows 10 editions cannot be activated and are not supported. If your device is not running one of these supported Windows 10 editions, do not proceed with using the Windows 10 in S mode installer. Windows 10 N editions and running in virtual machines are not supported by the Windows 10 in S mode installer. 
 
 ### Preparing your device to install drivers
 
-Make sure all drivers are installed and working properly on your device running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise before installing Windows 10 S.
+Make sure all drivers are installed and working properly on your device running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise before installing Windows 10 in S mode.
 
 ### Supported devices and drivers
 
-Check with your device manufacturer before trying Windows 10 S on your device to see if the drivers are available and supported by the device manufacturer. 
+Check with your device manufacturer before trying Windows 10 in S mode on your device to see if the drivers are available and supported by the device manufacturer. 
 
 |   |   |   |
 | - | - | - |
@@ -88,51 +88,48 @@ Check with your device manufacturer before trying Windows 10 S on your device to
 | <a href="https://support.hp.com/us-en/document/c05588871" target="_blank">HP</a> | <a href="http://consumer.huawei.com/cn/support/notice/detail/index.htm?id=1541" target="_blank">Huawei</a> | <a href="https://www.i-life.us/not-available/" target="_blank">I Life</a> |
 | <a href="http://www.inet-tek.com/en/product-qadetail-86.html" target="_blank">iNET</a> | <a href="https://www.intel.com/content/www/us/en/support/boards-and-kits/000025096.html" target="_blank">Intel</a> | <a href="http://irbis-digital.ru/support/podderzhka-windows-10-s/" target="_blank">LANIT Trading</a> |
 | <a href="https://support.lenovo.com/us/en/solutions/ht504589" target="_blank">Lenovo</a> | <a href="http://www.lg.com/us/content/html/hq/windows10update/Win10S_UpdateInfo.html" target="_blank">LG</a> | <a href="https://www2.mouse-jp.co.jp/ssl/user_support2/info.asp?N_ID=361" target="_blank">MCJ</a> | 
-| <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://support.microsoft.com/en-us/help/4094045/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
+| <a href="http://support.linxtablets.com/WindowsSupport/Articles/Windows_10_S_Supported_Devices.aspx" target="_blank">Micro P/Exertis</a> | <a href="https://www.microsoft.com/surface/en-us/support/windows-and-office/surface-devices-that-work-with-windows-10-s" target="_blank">Microsoft</a> | <a href="https://www.msi.com/Landing/Win10S" target="_blank">MSI</a> | 
 | <a href="https://panasonic.net/cns/pc/Windows10S/" target="_blank">Panasonic</a> | <a href="http://www.bangho.com.ar/windows10s" target="_blank">PC Arts</a> | <a href="http://www.positivoinformatica.com.br/atualizacao-windows-10" target="_blank">Positivo SA</a> | 
 | <a href="http://www.br.vaio.com/atualizacao-windows-10/" target="_blank">Positivo da Bahia</a> | <a href="http://www.samsung.com/us/support/windows10s/" target="_blank">Samsung</a> | <a href="http://www.teclast.com/zt/aboutwin10s/" target="_blank">Teclast</a> | 
 | <a href="http://www.dospara.co.jp/support/share.php?contents=about_windows10s" target="_blank">Thirdwave</a> | <a href="http://www.tongfangpc.com/service/win10.aspx" target="_blank">Tongfang</a> | <a href="http://win10upgrade.toshiba.com/win10s/information?region=TAIS&country=US&lang=en" target="_blank">Toshiba</a> | 
 | <a href="http://www.trekstor.de/windows-10-s-en.html" target="_blank">Trekstor</a> | <a href="http://www.trigem.co.kr/windows/win10S.html" target="_blank">Trigem</a> | <a href="http://us.vaio.com/support/knowledge-base/windows-10-s-compatibility-information/" target="_blank">Vaio</a> | 
 | <a href="https://www.wortmann.de/en-gb/content/+windows-10-s-supportinformation/windows-10-s-supportinformation.aspx" target="_blank">Wortmann</a> | <a href="http://www.yifangdigital.com/Customerservice/win10s.aspx" target="_blank">Yifang</a> |  | 
 
-
 > [!NOTE]
 > If you don't see any device listed on the manufacturer's web site, check back again later as more devices get added in the future.
 
-
 ## Kept files
 
-Back up all your data before installing Windows 10 S. Only personal files may be kept during installation. Your settings and apps will be deleted.
+Back up all your data before installing Windows 10 in S mode. Only personal files may be kept during installation. Your settings and apps will be deleted.
 
 > [!NOTE]
 > All existing Win32 applications and data will be deleted. Save any data or installation files in case you may need to access that data again or need to reinstall these applications later.
 
 ## Domain join
 
-Windows 10 S does not support non-Azure Active Directory domain accounts. Before installing Windows 10 S, you must have at least one of these administrator accounts:
+Windows 10 in S mode does not support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts:
 - Local administrator
 - Microsoft Account (MSA) administrator
 - Azure Active Directory administrator 
 
 > [!WARNING]
-> If you don't have one of these administrator accounts accessible before migration, you will not be able to log in to your device after migrating to Windows 10 S. 
+> If you don't have one of these administrator accounts accessible before migration, you will not be able to log in to your device after migrating to Windows 10 in S mode. 
 
-We recommend [creating a recovery drive](#create-a-recovery-drive) before migrating to Windows 10 S in case you run into this issue.
+We recommend [creating a recovery drive](#create-a-recovery-drive) before migrating to Windows 10 in S mode in case you run into this issue.
 
 ## Installing Office applications
 
-After installing Windows 10 S, use the free [Set up School PCs app](use-set-up-school-pcs-app.md) to install Office 365 for Windows 10 S (Education preview). You must have an Office license to activate the applications once they are installed.
-
+After installing Windows 10 in S mode, use the free [Set up School PCs app](use-set-up-school-pcs-app.md) to install Office 365 for Windows 10 in S mode (Education preview). You must have an Office license to activate the applications once they are installed.
 
 ## Switch to previously installed Windows 10 editions
 
-If Windows 10 S is not right for you, you can switch to the Windows 10 edition previously installed on your device(s).
-* Education customers can switch devices to Windows 10 Pro Education using the Microsoft Store for Education. For more information, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](switch-to-pro-education.md).
-* If you try Windows 10 S and decide to switch back to the previously installed edition within 10 days, you can go back to the previously installed edition using the Windows Recovery option in Settings. For more info, see [Go back to your previous edition of Windows 10](#go-back-to-your-previous-edition-of-windows-10).
+If Windows 10 in S mode is not right for you, you can switch to the Windows 10 edition previously installed on your device(s).
+* Education customers can switch devices to Windows 10 Pro Education using the Microsoft Store for Education. For more information, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 in S mode](switch-to-pro-education.md).
+* If you try Windows 10 in S mode and decide to switch back to the previously installed edition within 10 days, you can go back to the previously installed edition using the Windows Recovery option in Settings. For more info, see [Go back to your previous edition of Windows 10](#go-back-to-your-previous-edition-of-windows-10).
 
 ## Device recovery
 
-Before installing Windows 10 S, we recommend that you create a system backup in case you would like to return to Windows 10 Pro or Windows 10 Pro Education after trying Windows 10 S.
+Before installing Windows 10 in S mode, we recommend that you create a system backup in case you would like to return to Windows 10 Pro or Windows 10 Pro Education after trying Windows 10 in S mode.
 
 ### Create a recovery drive 
 To create a recovery drive, follow these steps.
@@ -147,7 +144,7 @@ To create a recovery drive, follow these steps.
 
 ### Go back to your previous edition of Windows 10
 
-Alternatively, for a period of 10 days after you install Windows 10 S, you have the option to go back to your previous edition of Windows 10 from **Settings > Update & security > Recovery**. This will keep your personal files, but it will remove installed apps as well as any changes you made to **Settings**.
+Alternatively, for a period of 10 days after you install Windows 10 in S mode, you have the option to go back to your previous edition of Windows 10 from **Settings > Update & security > Recovery**. This will keep your personal files, but it will remove installed apps as well as any changes you made to **Settings**.
 
 To go back, you need to:
 * Keep everything in the windows.old and $windows.~bt folders after the upgrade.
@@ -203,48 +200,49 @@ To use an installation media to reinstall Windows 10, follow these steps.
 13. When you're done formatting, select **Next**.
 14. Follow the rest of the setup instructions to finish installing Windows 10.
 
-## Download Windows 10 S
-Ready to test Windows 10 S on your existing Windows 10 Pro or Windows 10 Pro Education device? Make sure you read the [important pre-installation information](#important-information) and all the above information. 
+## Download Windows 10 in S mode
+Ready to test Windows 10 in S mode on your existing Windows 10 Pro or Windows 10 Pro Education device? Make sure you read the [important pre-installation information](#important-information) and all the above information. 
 
-When you're ready, you can download the Windows 10 S installer by clicking the **Download installer** button below:
+When you're ready, you can download the Windows 10 in S mode installer by clicking the **Download installer** button below:
 
 > [!div class="nextstepaction" style="center"]
 > [Download installer](https://go.microsoft.com/fwlink/?linkid=853240)
 
-After you install Windows 10 S, the OS defaults to the English version. To change the UI and show the localized UI, go to **Settings > Time & language > Region & language >** in **Languages** select **Add a language** to add a new language or select an existing language and set it as the default.
+After you install Windows 10 in S mode, the OS defaults to the English version. To change the UI and show the localized UI, go to **Settings > Time & language > Region & language >** in **Languages** select **Add a language** to add a new language or select an existing language and set it as the default.
 
 ## Terms and Conditions
-Because you’re installing Windows 10 S on a running version of Windows 10, you have already accepted the Windows 10 Terms and Conditions. You are not required to accept it again and the Windows 10 installer doesn’t show a Terms and Conditions page during installation.
+Because you’re installing Windows 10 in S mode on a running version of Windows 10, you have already accepted the Windows 10 Terms and Conditions. You are not required to accept it again and the Windows 10 installer doesn’t show a Terms and Conditions page during installation.
 
 ## Support 
-Thank you for testing Windows 10 S. Your best experience will be running on a supported device as mentioned above. However, we invite you to try Windows 10 S on existing devices with an eligible operating system. If you are having difficulty installing or running Windows 10 S, use the Windows **Feedback Hub** to report your experience to Microsoft. This is the best way to help improve Windows 10 S with your feedback. 
+Thank you for testing Windows 10 in S mode. Your best experience will be running on a supported device as mentioned above. However, we invite you to try Windows 10 in S mode on existing devices with an eligible operating system. If you are having difficulty installing or running Windows 10 in S mode, use the Windows **Feedback Hub** to report your experience to Microsoft. This is the best way to help improve Windows 10 in S mode with your feedback. 
 
-Common support questions for the Windows 10 S test program:
+Common support questions for the Windows 10 in S mode test program:
 
-* **How do I activate if I don't have a Windows 10 S product key?**
+* **How do I activate if I don't have a Windows 10 in S mode product key?**
 
-    As stated above, devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise can install and run Windows 10 S and it will automatically activate. Testing Windows 10 S on a device running Windows 10 Home is not recommended and supported at this time.
+    As stated above, devices running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, or Windows 10 Enterprise can install and run Windows 10 in S mode and it will automatically activate. Testing Windows 10 in S mode on a device running Windows 10 Home is not recommended and supported at this time.
 
-* **Will my OEM help me run Windows 10 S?**
+* **Will my OEM help me run Windows 10 in S mode?**
 
-    OEMs typically only support their devices with the operating system that was pre-installed. See [Supported devices](#supported-devices) for OEM devices that are best suited for testing Windows 10 S. When testing Windows 10 S, be ready to restore your own PC back to factory settings without assistance. Steps to return to your previous installation of Windows 10 are covered above.
+    OEMs typically only support their devices with the operating system that was pre-installed. See [Supported devices](#supported-devices) for OEM devices that are best suited for testing Windows 10 in S mode. When testing Windows 10 in S mode, be ready to restore your own PC back to factory settings without assistance. Steps to return to your previous installation of Windows 10 are covered above.
 
-* **What happens when I run Reset or Fresh Start on Windows 10 S?**
+* **What happens when I run Reset or Fresh Start on Windows 10 in S mode?**
 
-    **Reset** or **Fresh Start** will operate correctly and keep you on Windows 10 S. They also remove the 10-day go back ability. See [Switch to previously installed Windows 10 editions](#switch-to-previously-installed-windows-10-editions) to return to your previous installation of Windows 10 if you wish to discontinue using Windows 10 S.
+    **Reset** or **Fresh Start** will operate correctly and keep you on Windows 10 in S mode. They also remove the 10-day go back ability. See [Switch to previously installed Windows 10 editions](#switch-to-previously-installed-windows-10-editions) to return to your previous installation of Windows 10 if you wish to discontinue using Windows 10 in S mode.
 
-* **What if I want to move from Windows 10 S to Windows 10 Pro?**
+* **What if I want to move from Windows 10 in S mode to Windows 10 Pro?**
 
-    If you want to discontinue using Windows 10 S, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
+    If you want to discontinue using Windows 10 in S mode, follow the instructions to return to your previous installation of Windows 10. If you already had Windows 10 Pro or Windows 10 Pro Education on the device you are testing on, you should be able to move to Windows 10 Pro or Windows 10 Pro Education at no charge with the instructions in this document. Otherwise, there may be a cost to acquire a Windows 10 Pro license in the Store.
 
 For help with activation issues, click on the appropriate link below for support options.
 * For Volume Licensing Agreement or Shape the Future program customers, go to the [Microsoft Commercial Support](https://support.microsoft.com/gp/commercialsupport) website and select the country/region in which you are seeking commercial support to contact our commercial support team.
 * If you do not have a Volume Licensing Agreement, go to the [Microsoft Support](https://support.microsoft.com/en-us/contactus/) website and choose a support option.
 
-
 <p>
 <a name="footnote1"></a><sup>1</sup> <small>Internet access fees may apply.</small><br/>
 <a name="footnote2"></a><sup>2</sup> <small>Devices must be configured for educational use by applying **[SetEduPolicies](https://docs.microsoft.com/en-us/education/windows/configure-windows-for-education#setedupolicies)** using the Set up School PCs app.</small><br/>
 
 </p>
 
+
+

windows/client-management/manage-windows-10-in-your-organization-modern-management.md

@@ -129,8 +129,8 @@ There are a variety of steps you can take to begin the process of modernizing de
 -   [Switch Configuration Manager workloads to Intune](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-switch-workloads)
 -   [Co-management dashboard in System Center Configuration Manager](https://docs.microsoft.com/en-us/sccm/core/clients/manage/co-management-dashboard)
 
- ## Related topics
+## Related topics
 
 -   [What is Intune?](https://docs.microsoft.com/en-us/intune/introduction-intune)
 -   [Windows 10 Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-configuration-service-provider)
--   [Configuration service Providers](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference)
+-   [Windows 10 Configuration service Providers](https://docs.microsoft.com/en-us/windows/client-management/mdm/configuration-service-provider-reference)

windows/client-management/mdm/applocker-csp.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 04/24/2018
+ms.date: 04/30/2018
 ---
 
 # AppLocker CSP
@@ -159,17 +159,16 @@ Each of the previous nodes contains one or more of the following leaf nodes:
 <p>Here is a sample certutil invocation:</p>
 
 ```
-certutil -encode WinSiPolicy.p7b WinSiPolicy.txt
+certutil -encode WinSiPolicy.p7b WinSiPolicy.cer
 ```
 
-<p>Use only the data enclosed in the BEGIN CERTIFIFCATE and END CERTIFICATE section. Ensure that you have removed all line breaks before passing the data to the CSP node.</p>
 <p>An alternative to using certutil would be to use the following PowerShell invocation:</p>
 
 ``` 
 [Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
 ```
 
-<p>If you are using Hybrid MDM management with System Center Configuration Manager please ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.</p>
+<p>If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI functionality to apply the Code Integrity policy.</p>
 <p>Data type is string. Supported operations are Get, Add, Delete, and Replace.</p></td>
 </tr>
 <tr class="even">

windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

@@ -42,7 +42,7 @@ In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and
 
 Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices with a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/) on the Windows Analytics blog.
 >[!NOTE]
-> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," please go to **Settings > Connected sources > Windows telemetry** and unsubscribe, wait a minute and then re-subscribe to Upgrade Readiness. This is a known issue and we are working on a fix.
+> If you generate the status report and get an error message saying "Sorry! We’re not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** and unsubscribe, wait a minute and then re-subscribe to Upgrade Readiness.
  
 If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues:
 
@@ -163,7 +163,7 @@ Also, on Windows 10 devices remember that IE site discovery requires data diagno
 Finally, Upgrade Readiness only collects IE site discovery data on devices that are not yet upgraded to the target operating system version specified in the Upgrade Readiness Overview blade. This is because Upgrade Readiness targets upgrade planning (for devices not yet upgraded).
 
 ### Device Names don't show up on Windows 10 devices
-Starting with the build currently available in the Windows Insider Program, the device name is no longer collected by default and requires a separate opt-in. For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
+Starting with Windows 10, version 1803, the device name is no longer collected by default and requires a separate opt-in. For more information, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
 
 ### Disable Upgrade Readiness
 

windows/deployment/update/windows-analytics-get-started.md

@@ -44,7 +44,7 @@ To enable data sharing, configure your proxy sever to whitelist the following en
 
 | **Endpoint**  | **Function**  |
 |---------------------------------------------------------|-----------|
-| `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with the build of Windows 10 available in the Windows Insider Program|
+| `https://v10.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for use with Windows 10, version 1803|
 | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier |
 | `https://vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for operating systems older than Windows 10 |
 | `https://settings-win.data.microsoft.com` | Enables the compatibility update to send data to Microsoft. 
@@ -70,7 +70,7 @@ The compatibility update scans your devices and enables application usage tracki
 
 | **Operating System** | **Updates** |
 |----------------------|-----------------------------------------------------------------------------|
-| Windows 10        | Windows 10 includes the compatibility update, so you will automatically have the latest compatibility update so long as you continue to keep your Windows 10 devices up-to-date with cummulative updates. <P>Note: Windows 10 LTSB is not supported by Upgrade Readiness. See [Upgrade readiness requirements](../upgrade/upgrade-readiness-requirements.md) for more information. |
+| Windows 10        | Windows 10 includes the compatibility update, so you will automatically have the latest compatibility update so long as you continue to keep your Windows 10 devices up-to-date with cummulative updates.  |
 | Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2976978>|
 | Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2952664>|
 
@@ -137,7 +137,7 @@ These policies are under Microsoft\Windows\DataCollection:
 | CommercialId | In order for your devices to show up in Windows Analytics, they must be configured with your organization’s Commercial ID. |
 | AllowTelemetry (in Windows 10) |	1 (Basic), 2 (Enhanced) or 3 (Full) diagnostic data. Windows Analytics will work with basic diagnostic data, but more features are available when you use the Enhanced level (for example, Device Health requires Enhanced diagnostic data and Upgrade Readiness only collects app usage and site discovery data on Windows 10 devices with Enhanced diagnostic data). For more information, see [Configure Windows diagnostic data in your organization](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization). |
 | LimitEnhancedDiagnosticDataWindowsAnalytics (in Windows 10) |	Only applies when AllowTelemetry=2. Limits the Enhanced diagnostic data events sent to Microsoft to just those needed by Windows Analytics. For more information, see [Windows 10, version 1709 enhanced diagnostic data events and fields used by Windows Analytics](https://docs.microsoft.com/windows/configuration/enhanced-diagnostic-data-windows-analytics-events-and-fields).|
-| AllowDeviceNameInTelemetry (in Windows 10) |	In the build currently available in the Windows Insider Program for Windows 10, a separate opt-in is required to enable devices to continue to send the device name. |
+| AllowDeviceNameInTelemetry (in Windows 10) |	In Windows 10, version 1803, a separate opt-in is required to enable devices to continue to send the device name. |
 | CommercialDataOptIn (in Windows 7 and Windows 8) |	1 is required for Upgrade Readiness, which is the only solution that runs on Windows 7 or Windows 8. |
 
 

windows/deployment/upgrade/upgrade-readiness-additional-insights.md

@@ -2,17 +2,52 @@
 title: Upgrade Readiness - Additional insights
 description: Explains additional features of Upgrade Readiness.
 ms.prod: w10
-author: greg-lindsay
-ms.date: 10/26/2017
+author: jaimeo
+ms.date: 04/03/2018
 ---
 
 # Upgrade Readiness - Additional insights
 
 This topic provides information on additional features that are available in Upgrade Readiness to provide insights into your environment. These include:
 
+- [Spectre and Meltdown protections](#spectre-meltdown-protection-status): Status of devices with respect to their anti-virus, security update, and firmware updates related to protection from the "Spectre" and "Meltdown" vulnerabilities.
 - [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7, Windows 8.1, or Windows 10 using Internet Explorer.
 - [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
 
+## Spectre and Meltdown protection status
+Microsoft has published guidance for IT Pros that outlines the steps you can take to improve protection against the hardware vulnerabilities known as "Spectre" and "Meltdown." See [Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities](https://go.microsoft.com/fwlink/?linkid=867468) for details about the vulnerabilities and steps you can take.
+ 
+Microsoft recommends three steps to help protect against the Spectre and Meltdown vulnerabilities:
+- Verify that you are running a supported antivirus application.
+- Apply all available Windows operating system updates, including the January 2018 and later Windows security updates.
+- Apply any applicable processor firmware (microcode) updates provided by your device manufacturer(s).
+ 
+Upgrade Readiness reports on status of your devices in these three areas.
+
+![Spectre-Meltdown protection blades](../images/spectre-meltdown-prod-closeup.png)
+
+>[!IMPORTANT]
+>To provide these blades with data, ensure that your devices can reach the endpoint **http://adl.windows.com**. (See [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started) for more about necessary endpoints and how to whitelist them.)
+
+### Anti-virus status blade
+This blade helps you determine if your devices' anti-virus solution is compatible with the latest Windows operating system updates. It shows the number of devices that have an anti-virus solution with no known issues, issues reported, or an unknown status for a particular Windows security update. In the following example, an anti-virus solution that has no known issues with the January 3, 2018 Windows update is installed on about 2,800 devices.
+
+![Spectre-Meltdown antivirus blade](../images/AV-status-by-computer.png)
+
+### Security update status blade
+This blade indicates whether a Windows security update that includes Spectre- or Meltdown-related fixes (January 3, 2018 or later) has been installed, as well as whether specific fixes have been disabled. Though protections are enabled by default on devices running Windows (but not Windows Server) operating systems, some IT administrators might choose to disable specific protections. In the following example, about 4,300 devices have a Windows security update that includes Spectre or Meltdown protections installed, and those protections are enabled.
+
+![Spectre-Meltdown antivirus blade](../images/win-security-update-status-by-computer.png)
+
+>[!IMPORTANT]
+>If you are seeing computers with statuses of either “Unknown – action may be required” or “Installed, but mitigation status unknown,” it is likely that you need to whitelist the **http://adl.windows.com** endpoint.
+
+### Firmware update status blade
+This blade reports the number of devices that have installed a firmware update that includes Spectre or Meltdown protections. The blade might report a large number of blank, “unknown”, or “to be determined” statuses at first. As CPU information is provided by partners, the blade will automatically update with no further action required on your part.
+
+
+
+
 ## Site discovery
 
 The site discovery feature in Upgrade Readiness provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 7, Windows 8.1, and Windows 10. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
@@ -20,7 +55,7 @@ The site discovery feature in Upgrade Readiness provides an inventory of web sit
 > [!NOTE] 
 > Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser diagnostic data events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. The data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
 
-[In order to use site discovery, a separate opt-in is required; see Enrolling]
+In order to use site discovery, a separate opt-in is required; see [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).
 
 ### Review most active sites
 

windows/deployment/upgrade/upgrade-readiness-deployment-script.md

@@ -203,10 +203,6 @@ The deployment script displays the following exit codes to let you know if it wa
         <td>25 - The function **SetIEDataOptIn** failed with unexpected exception.</td>
         <td>Check the logs for the exception message and HResult.</td>
     </tr>
-    <tr>
-        <td>26 - The operating system is Server or LTSB SKU.</td>
-        <td> The script does not support Server or LTSB SKUs.</td>
-    </tr>
         <tr>
         <td>27 - The script is not running under **System** account.</td>
         <td>The Upgrade Readiness configuration script must be run as **System**. </td>

windows/deployment/windows-10-deployment-workflow.md

@@ -1,14 +0,0 @@
----
-title: Windows 10 deployment workflow
-description: Scenarios, methods, tools, and requirements for deploying Windows 10.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: high
-ms.pagetype: deploy
-ms.sitesec: library
-author: greg-lindsay
-ms.date: 12/4/2017
----
-
-# Windows 10 deployment workflow
-

windows/deployment/windows-10-pro-in-s-mode.md

@@ -1,7 +1,7 @@
 ---
 title: Windows 10 Pro in S mode
 description: Overview of Windows 10 Pro in S mode, switching options, and system requirements
-keywords: Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode
+keywords: Windows 10 S, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Pro in S mode
 ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.prod: w10
@@ -46,24 +46,15 @@ Worried about your LOB apps not working in S mode? Using Desktop Bridge will ena
 >The only way to revert to Windows 10 in S mode is to perform a BMR factory reset. This will allow you to reimage a device.
 
 ### Windows 10 in S mode is safe, secure, and fast.
-We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store or by using Autopilot.
+We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro. You can switch devices running Windows 10, version 1709 or later. Use the following information to switch to Windows 10 Pro through the Microsoft Store.
 
 ## How to switch
-If you’re running Windows 10, version 1709 or version 1803, you can switch to Windows 10 Pro through the Microsoft Store for Business. Devices running version 1803 will only be able to switch through the Store one device at a time.
+If you’re running Windows 10, version 1709 or version 1803, you can switch to Windows 10 Pro through the Microsoft Store. Devices running version 1803 will only be able to switch through the Store one device at a time.
 
 1. Sign into the Microsoft Store using your Microsoft account. 
 2. Search for "Switch to Windows 10 Pro."
 3. In the offer, click **Buy** or **Get**. 
-You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro. Your device will restart during this process. 
-
-You can use Autopilot to switch devices running Windows 10, version 1709. The only requirement is that the devices be enrolled in Intune.
-
-1.	In the Intune admin portal, select the quantity of devices you want to switch.
-2.	Click the Assign Device link.
-3.	In the Assign Switch field, select the device name you would like to switch
-4.	Click the continue button. 
-
-You will now see the devices you switched listed under Switched Devices.
+You'll be prompted to save your files before the switch starts. Follow the prompts to switch to Windows 10 Pro.
 
 > [!IMPORTANT]
 > While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a BMR factory reset.

windows/hub/index.md

@@ -18,13 +18,15 @@ Find the latest how to and support content that IT pros need to evaluate, plan,
 
  
 
-> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
+> [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false]
 
+
+## Check out [what's new in Windows 10, version 1803](/windows/whats-new/whats-new-windows-10-version-1803).
 <br>
 <table border="0" width="100%" align="center">
   <tr style="text-align:center;">
     <td align="center" style="width:25%; border:0;">
-      <a href="/windows/whats-new/whats-new-windows-10-version-1709"> 
+      <a href="/windows/whats-new/whats-new-windows-10-version-1803"> 
         <img src="images/whatsnew.png" alt="Read what's new in Windows 10" title="Whats new" />
       <br/>What's New? </a><br>
     </td>

windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md

@@ -27,6 +27,9 @@ To avoid the automatic encryption of data, developers can enlighten apps by addi
 
 We strongly suggest that the only unenlightened apps you add to your allowed apps list are Line-of-Business (LOB) apps.
 
+>[!IMPORTANT]
+>After revoking WIP, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
+
 >[!Note]
 >For more info about creating enlightened apps, see the [Windows Information Protection (WIP)](https://msdn.microsoft.com/en-us/windows/uwp/enterprise/wip-hub) topic in the Windows Dev Center.
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -509,6 +509,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
 
 Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. 
 
+>[!IMPORTANT]
+>Curly braces -- {} -- are required around the RMS Template ID.
+
 >[!NOTE]
 >For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md

@@ -420,6 +420,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
 
 Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. 
 
+>[!IMPORTANT]
+>Curly braces -- {} -- are required around the RMS Template ID.
+
 >[!NOTE]
 >For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md

@@ -555,6 +555,9 @@ To configure WIP to use Azure Rights Management, you must set the **AllowAzureRM
 
 Optionally, if you don’t want everyone in your organization to be able to share your enterprise data, you can set the **RMSTemplateIDForEDP** MDM setting to the **TemplateID** of the Azure Rights Management template used to encrypt the data. You must make sure to mark the template with the **EditRightsData** option. 
 
+>[!IMPORTANT]
+>Curly braces -- {} -- are required around the RMS Template ID.
+
 >[!NOTE]
 >For more info about setting the **AllowAzureRMSForEDP** and the **RMSTemplateIDForEDP** MDM settings, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterprisedataprotection-csp) topic. For more info about setting up and using a custom template, see [Configuring custom templates for the Azure Rights Management service](https://docs.microsoft.com/en-us/information-protection/deploy-use/configure-custom-templates) topic.
 

windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md

@@ -23,6 +23,9 @@ We've come up with a list of suggested testing scenarios that you can use to tes
 ## Testing scenarios
 You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
 
+>[!IMPORTANT]
+>If any of these scenarios does not work, first take note of whether WIP has been revoked. If it has, unenlightened apps will have to be uninstalled and re-installed since their settings files will remain encrypted.
+
 <table>
     <tr>
         <th>Scenario</th>
@@ -152,7 +155,7 @@ You can try any of the processes included in these scenarios, but you should foc
         <td>Unenroll client devices from WIP.</td>
         <td>
             <ul>
-                <li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<br><br><strong>Important</strong><br>On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
+                <li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<br><br><strong>Important</strong><br>On desktop devices, the data isn't removed and can be recovered, so you must make sure the content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
             </ul>
         </td>
     </tr>

windows/security/threat-protection/TOC.md

@@ -4,12 +4,14 @@
 ## [The Windows Defender Security Center app](windows-defender-security-center/windows-defender-security-center.md)
 ### [Customize the Windows Defender Security Center app for your organization](windows-defender-security-center/wdsc-customize-contact-information.md)
 ### [Hide Windows Defender Security Center app notifications](windows-defender-security-center/wdsc-hide-notifications.md)
+### [Manage Windows Defender Security Center in Windows 10 in S mode](windows-defender-security-center\wdsc-windows-10-in-s-mode.md)
 ### [Virus and threat protection](windows-defender-security-center/wdsc-virus-threat-protection.md)
-### [Device performance and health](windows-defender-security-center/wdsc-device-performance-health.md)
-### [Firewall and network protection](windows-defender-security-center/wdsc-firewall-network-protection.md)
-### [App and browser control](windows-defender-security-center/wdsc-app-browser-control.md)
-### [Family options](windows-defender-security-center/wdsc-family-options.md)
-
+### [Account protection](windows-defender-security-center\wdsc-account-protection.md)
+### [Firewall and network protection](windows-defender-security-center\wdsc-firewall-network-protection.md)
+### [App and browser control](windows-defender-security-center\wdsc-app-browser-control.md)
+### [Device security](windows-defender-security-center\wdsc-device-security.md)
+### [Device performance and health](windows-defender-security-center\wdsc-device-performance-health.md)
+### [Family options](windows-defender-security-center\wdsc-family-options.md)
 
 
 

windows/security/threat-protection/get-support-for-security-baselines.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.author: sagaudre
 author: brianlic-msft
-ms.date: 10/23/2017
+ms.date: 05/01/2018
 ---
 
 # Get Support

windows/security/threat-protection/security-compliance-toolkit-10.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.author: sagaudre
 author: brianlic-msft
-ms.date: 02/16/2018
+ms.date: 05/01/2018
 ---
 
 # Microsoft Security Compliance Toolkit 1.0
@@ -22,6 +22,7 @@ The SCT enables administrators to effectively manage their enterprise’s Group
 The Security Compliance Toolkit consists of:
 
 -   Windows 10 Security Baselines
+    -   Windows 10 Version 1803 (April 2018 Update)
     -   Windows 10 Version 1709 (Fall Creators Update)
     -   Windows 10 Version 1703 (Creators Update)
     -   Windows 10 Version 1607 (Anniversary Update)
@@ -40,7 +41,7 @@ The Security Compliance Toolkit consists of:
     -   Local Group Policy Object (LGPO) tool
 
 
-You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions.
+You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more details about security baseline recommendations, see the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/).
 
 ## What is the Policy Analyzer tool?
 
@@ -52,7 +53,7 @@ The Policy Analyzer is a utility for analyzing and comparing sets of Group Polic
 
 Policy Analyzer lets you treat a set of GPOs as a single unit. This makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. 
 
-More information on the Policy Analyzer tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/22/new-tool-policy-analyzer/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
+More information on the Policy Analyzer tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/22/new-tool-policy-analyzer/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the Local Group Policy Object (LGPO) tool?
 
@@ -62,4 +63,4 @@ LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files
 It can export local policy to a GPO backup. 
 It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file.
 
-Documentation for the LGPO tool can be found on the [Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
+Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://blogs.technet.microsoft.com/secguide/2016/01/21/lgpo-exe-local-group-policy-object-utility-v1-0/) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).

windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md

@@ -38,9 +38,7 @@ To configure the Group Policy settings described in the following table:
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
 

windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md

@@ -54,7 +54,9 @@ You can also [customize the message displayed on users' desktops](https://docs.m
 
 When a Windows Defender Antivirus client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean. 
 
-The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files (such as JS, VBS, or macros) that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
+In Windows 10, version 1803, the Block at First Sight feature can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
+
+The Block at First Sight feature only uses the cloud protection backend for executable files and non-portable executable files that are downloaded from the Internet, or originating from the Internet zone. A hash value of the .exe file is checked via the cloud backend to determine if this is a previously undetected file.
 
  
 
@@ -73,9 +75,7 @@ Block at First Sight requires a number of Group Policy settings to be configured
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > MAPS** and configure the following Group Policies:
     

windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md

@@ -53,9 +53,7 @@ You can use Group Policy to specify an extended timeout for cloud checks.
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-2.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-3.  Click **Administrative templates**.
+2.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 4.  Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**
     

windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md

@@ -97,9 +97,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**. 
 

windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/17/2018
+ms.date: 04/30/2018
 ---
 
 # Prevent or allow users to locally modify Windows Defender AV policy settings
@@ -45,9 +45,7 @@ To configure these settings:
 
 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3. In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4. Click **Administrative templates**.
+3. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5. Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
 
@@ -89,9 +87,7 @@ You can disable this setting to ensure that only globally defined lists (such as
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus**.
 

windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/04/2018
+ms.date: 04/30/2018
 ---
 
 # Configure and validate network connections for Windows Defender Antivirus
@@ -19,7 +19,7 @@ ms.date: 04/04/2018
 
 **Applies to:**
 
-- Windows 10 (some instructions are only applicable for Windows 10, version 1703)
+- Windows 10 (some instructions are only applicable for Windows 10, version 1703 or later)
 
 **Audience**
 

windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md

@@ -88,9 +88,7 @@ See the [Customize the Windows Defender Security Center app for your organizatio
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**. 
 

windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md

@@ -71,9 +71,7 @@ You can [configure how locally and globally defined exclusions lists are merged]
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**. 
 

windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md

@@ -50,9 +50,7 @@ To configure these settings:
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Policies** then **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
 
@@ -87,9 +85,7 @@ The main real-time protection capability is enabled by default, but you can disa
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Real-time protection**.
 

windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md

@@ -47,9 +47,7 @@ To configure these settings:
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus** and then the **Location** specified in the table below.
 

windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md

@@ -61,9 +61,7 @@ You can disable the auto-exclusions lists with Group Policy, PowerShell cmdlets,
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Exclusions**.
 

windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md

@@ -11,14 +11,14 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/17/2018
+ms.date: 04/30/2018
 ---
 
 # Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
 
 **Applies to:**
 
-- Windows 10, version 1703
+- Windows 10, version 1703 and later
 
 **Audience**
 
@@ -42,7 +42,7 @@ To understand how next-gen technologies shorten protection delivery time through
 <iframe 
 src="https://videoplayercdn.osi.office.net/embed/c2f20f59-ca56-4a7b-ba23-44c60bc62c59" width="768" height="432" allowFullScreen="true" frameBorder="0" scrolling="no"></iframe>
 
-Read the following blogposts for detailed protection stories involving cloud-protection and Microsoft AI: 
+Read the following blog posts for detailed protection stories involving cloud-protection and Microsoft AI: 
 
 - [Why Windows Defender Antivirus is the most deployed in the enterprise](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/) 
 - [Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign](https://cloudblogs.microsoft.com/microsoftsecure/2018/03/07/behavior-monitoring-combined-with-machine-learning-spoils-a-massive-dofoil-coin-mining-campaign/)
@@ -54,6 +54,8 @@ Read the following blogposts for detailed protection stories involving cloud-pro
 
 Cloud-delivered protection is enabled by default. However, you may need to re-enable it if it has been disabled as part of previous organizational policies.
 
+Organizations running Windows 10 E5, version 1803 can also take advantage of emergency dynamic intelligence updates, which provide near real-time protection from emerging threats. When you turn cloud-delivered protection on, we can deliver a fix for a malware issue via the cloud within minutes instead of waiting for the next update.
+
 >[!TIP]
 >You can also visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the feature is working and see how it works.
 

windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/17/2018
+ms.date: 04/30/2018
 ---
 
 # Windows Defender Antivirus in Windows 10 and Windows Server 2016
@@ -49,6 +49,12 @@ Some of the highlights of Windows Defender AV include:
 >- Fast learning (including Block at first sight)
 >- Potentially unwanted application blocking
 
+## What's new in Windows 10, version 1803
+
+- The [Block at First Sight feature](configure-block-at-first-sight-windows-defender-antivirus.md) can now block non-portable executable files (such as JS, VBS, or macros) as well as executable files.
+- The [Virus & threat protection area in the Windows Defender Security Center](windows-defender-security-center-antivirus.md) now includes a section for Ransomware protection. It includes Controlled folder access settings and Ransomware recovery settings.
+
+
 ## What's new in Windows 10, version 1703
 
 New features for Windows Defender AV in Windows 10, version 1703 include:
@@ -60,9 +66,6 @@ We've expanded this documentation library to cover end-to-end deployment, manage
 - [Evaluation guide for Windows Defender AV](evaluate-windows-defender-antivirus.md)
 - [Deployment guide for Windows Defender AV in a virtual desktop infrastructure environment](deployment-vdi-windows-defender-antivirus.md)
 
-See the [In this library](#in-this-library) list at the end of this topic for links to each of the updated sections in this library.
-
-
 
 <a id="sysreq"></a>
 ## Minimum system requirements

windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md

@@ -76,7 +76,7 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De
 
 ## Common tasks
 
-This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the new Windows Defender Security Center app.
+This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the Windows Defender Security Center app.
 
 > [!NOTE]
 > If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) topic describes how local policy override settings can be configured.
@@ -87,9 +87,9 @@ This section describes how to perform some of the most common tasks when reviewi
 
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
 
-3. Click **Quick scan**.
+3. Click **Scan now**.
 
-4. Click **Advanced scan** to specify different types of scans, such as a full scan.
+4. Click **Run a new advanced scan** to specify different types of scans, such as a full scan.
 
 <a id="definition-version"></a>
 **Review the definition update version and download the latest updates in the Windows Defender Security Center app**
@@ -97,7 +97,7 @@ This section describes how to perform some of the most common tasks when reviewi
 
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
 
-3. Click **Protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
+3. Click **Virus & threat protection updates**. The currently installed version is displayed along with some information about when it was downloaded. You can check this against the latest version available for manual download, or review the change log for that version.
 
 ![Definition version number information](images/defender/wdav-wdsc-defs.png)
 
@@ -138,12 +138,21 @@ This section describes how to perform some of the most common tasks when reviewi
  
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
  
-3. Click **Scan history**.
+3. Click **Threat history**.
  
 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
  
+<a id="ransomware"></a>
+**Set ransomware protection and recovery options**
+1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
 
+3. Click **Ransomware protection**.
+
+4. To change Controlled folder access settings, see [Protect important folders with Controlled folder access](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard).
+
+5. To set up ransomware recovery options, click **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack.
 
 
 ## Related topics

windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md

@@ -11,14 +11,14 @@ ms.pagetype: security
 localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/01/2018
+ms.date: 04/30/2018
 ---
 
 # Customize Attack surface reduction
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10 Enterprise edition, version 1709 and later
 
 
 
@@ -82,9 +82,7 @@ See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) to
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Policies** then **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**.
 

windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md

@@ -46,7 +46,7 @@ This topic describes how to customize the following settings of the Controlled f
 - [Add apps that should be allowed to access protected folders](#allow-specifc-apps-to-make-changes-to-controlled-folders)
 
 >[!WARNING]
->Controlled folder access is a new technology that monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files.
+>Controlled folder access monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files.
 >
 >This may impact your organization's productivity, so you may want to consider running the feature in [audit mode](audit-windows-defender-exploit-guard.md) to fully assess the feature's impact.
 
@@ -67,9 +67,7 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
-
-    ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png)
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**:
 
 3.	Under the **Controlled folder access** section, click **Protected folders**
 
@@ -134,9 +132,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
-
-    ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png)
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**.
 
 3.	Under the **Controlled folder access** section, click **Allow an app through Controlled folder access**
 
@@ -148,9 +144,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Policies** then **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access**.
 

windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md

@@ -127,9 +127,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection** label:
-
-    ![App & browser control screen in the Windows Defender Security Center](images/wdsc-exp-prot.png)
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection**.
       
 3.	Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:
     - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
@@ -154,10 +152,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection settings** at the bottom of the screen:
-
-    ![Screenshot showing the Exploit protection label highlighted in the Windows Defender Security Center App & browser settings section](images/wdsc-exp-prot.png)
-
+2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings** at the bottom of the screen.
 
 3.	Go to the **Program settings** section and choose the app you want to apply mitigations to:
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/01/2018
+ms.date: 04/30/2018
 ---
 
 
@@ -20,7 +20,7 @@ ms.date: 04/01/2018
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10, version 1709 and later
 
 
 
@@ -72,9 +72,7 @@ See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) to
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Policies** then **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Attack surface reduction**.
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/17/2018
+ms.date: 04/30/2018
 ---
 
 
@@ -64,21 +64,16 @@ For further details on how audit mode works, and when you might want to use it,
 
 1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 
-2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then the **Virus & threat protection settings** label:
+2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar) and then click **Ransomware protection**.
 
-    ![Screenshot of the Virus & threat protection settings label in the Windows Defender Security Center](../windows-defender-antivirus/images/defender/wdav-protection-settings-wdsc.png)
+3.	Set the switch for **Controlled folder access** to **On**.
 
-3.	Set the switch for the feature to **On**
-
-    ![Screenshot of the CFA feature switched to On](images/cfa-on.png)
 
 ### Use Group Policy to enable Controlled folder access
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Policies** then **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Controlled folder access**.
 

windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection.md

@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 10/16/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/30/2018
 ---
 
 
@@ -20,7 +20,7 @@ ms.date: 10/16/2017
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10, version 1709 and later
 
 
 
@@ -53,9 +53,7 @@ For background information on how audit mode works, and when you might want to u
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Policies** then **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > Windows Defender Exploit Guard > Network protection**.
 

windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md

@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/30/2018
 ---
 
 
@@ -19,7 +19,7 @@ ms.date: 11/20/2017
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10, version 1709 and later
 
 
 

windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md

@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/30/2018
 ---
 
 # Evaluate Network protection
@@ -20,7 +20,7 @@ ms.date: 11/20/2017
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10 Enterprise edition, version 1709 or later
 
 
 

windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md

@@ -164,9 +164,7 @@ You can use Group Policy to deploy the configuration you've created to multiple
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
-
-4.  Click **Administrative templates**.
+3.  In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
 
 5.  Expand the tree to **Windows components > Windows Defender Exploit Guard > Exploit protection**.
 

windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md

@@ -9,9 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 11/20/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/30/2018
 ---
 
 
@@ -20,7 +20,7 @@ ms.date: 11/20/2017
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10, version 1709 or higher
 
 
 

windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md

@@ -9,16 +9,16 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
-ms.date: 12/12/2017
+author: andreabichsel
+ms.author: v-anbic
+ms.date: 04/30/2018
 ---
 
 # Troubleshoot Attack surface reduction rules
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10, version 1709 or higher
 
 **Audience**
 

windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md

@@ -9,8 +9,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: iaanw
-ms.author: iawilt
+author: andreabichsel
+ms.author: v-anbic
 ms.date: 12/12/2017
 ---
 
@@ -18,7 +18,7 @@ ms.date: 12/12/2017
 
 **Applies to:**
 
-- Windows 10 Enterprise edition, version 1709 or higher
+- Windows 10, version 1709 or higher
 
 **Audience**
 

windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 12/12/2017
+ms.date: 04/30/2018
 ---
 
 
@@ -21,7 +21,7 @@ ms.date: 12/12/2017
 
 **Applies to:**
 
-- Windows 10, version 1709
+- Windows 10, version 1709 and later
 
 
 
@@ -38,6 +38,10 @@ There are four features in Windows Defender EG:
 - [Network protection](network-protection-exploit-guard.md) extends the malware and social engineering protection offered by Windows Defender SmartScreen in Microsoft Edge to cover network traffic and connectivity on your organization's devices. Requires Windows Defender AV.
 - [Controlled folder access](controlled-folders-exploit-guard.md) helps protect files in key system folders from changes made by malicious and suspicious apps, including file-encrypting ransomware malware. Requires Windows Defender AV.
 
+Windows 10, version 1803 provides additional protections:
+
+- New Attack surface reduction rules
+- Controlled folder access can now block disk sectors
 
 You can evaluate each feature of Windows Defender EG with the guides at the following link, which provide pre-built PowerShell scripts and testing tools so you can see the features in action:
 - [Evaluate Windows Defender Exploit Guard](evaluate-windows-defender-exploit-guard.md)

windows/security/threat-protection/windows-defender-security-center/TOC.md

@@ -3,9 +3,13 @@
 
 ## [Customize the Windows Defender Security Center app for your organization](wdsc-customize-contact-information.md)
 ## [Hide Windows Defender Security Center app notifications](wdsc-hide-notifications.md)
+## [Manage Windows Defender Security Center in Windows 10 in S mode](wdsc-windows-10-in-s-mode.md)
 ## [Virus and threat protection](wdsc-virus-threat-protection.md)
-## [Device performance and health](wdsc-device-performance-health.md)
+## [Account protection](wdsc-account-protection.md)
 ## [Firewall and network protection](wdsc-firewall-network-protection.md)
 ## [App and browser control](wdsc-app-browser-control.md)
+## [Device security](wdsc-device-security.md)
+## [Device performance and health](wdsc-device-performance-health.md)
 ## [Family options](wdsc-family-options.md)
 
+

windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md

@@ -39,7 +39,7 @@ This can only be done in Group Policy.
 >[!IMPORTANT]
 >### Requirements
 >
->You must have Windows 10, version 1709 (the Fall Creators Update). The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
+>You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 
 
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
 

windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection.md

@@ -22,7 +22,11 @@ ms.date: 04/30/2018
 - Windows 10, version 1703 and later
 
 
-The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products. In Windows 10, version 1803 and later, this section also contains information and settings for ransomware protection and recovery, including Controlled folder access settings and sign in to Microsoft OneDrive. IT administrators and IT pros can get more information and documentation about configuration from the following:
+The **Virus & threat protection** section contains information and settings for antivirus protection from Windows Defender Antivirus and third-party AV products.
+
+In Windows 10, version 1803, this section also contains information and settings for ransomware protection and recovery. This includes Controlled folder access settings to prevent unknown apps from changing files in protected folders, plus Microsoft OneDrive configuration to help you recover from a ransomware attack. This area also notifies users and provides recovery instructions in the event of a ransomware attack.
+
+IT administrators and IT pros can get more information and documentation about configuration from the following:
 
 - [Windows Defender Antivirus in the Windows Defender Security Center app](../windows-defender-antivirus/windows-defender-security-center-antivirus.md)
 - [Windows Defender Antivirus documentation library](../windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)

windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md

@@ -11,7 +11,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: andreabichsel
 ms.author: v-anbic
-ms.date: 04/11/2018
+ms.date: 04/30/2018
 ---
 
 
@@ -75,12 +75,15 @@ You can find more information about each section, including options for configur
 
 
 ## Open the Windows Defender Security Center app
-- Right-click the icon in the notification area on the taskbar and click **Open**.
+- Click the icon in the notification area on the taskbar.
 
     ![Screen shot of the icon for the Windows Defender Security Center app on the Windows task bar](images/security-center-taskbar.png)
 - Search the Start menu for **Windows Defender Security Center**.
 
     ![Screen shot of the Start menu showing the results of a search for the Windows Defender Security Center app, the first option with a large shield symbol is selected](images/security-center-start-menu.png)
+- Open an area from Windows **Settings**.
+
+    ![Screen shot of Windows Settings showing the different areas available in the Windows Defender Security Center](images/settings-windows-defender-security-center-areas.png)
 
 
 > [!NOTE]

windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md

@@ -28,8 +28,6 @@ Starting with Windows 10, version 1703 your employees can use Windows Defender S
 **To use Windows Defender Security Center to set up Windows Defender SmartScreen on a device**
 1. Open the Windows Defender Security Center app, and then click **App & browser control**.
 
-    ![Windows Defender Security Center](images/windows-defender-security-center.png)
-
 2. In the **App & browser control** screen, choose from the following options:
 
     - In the **Check apps and files** area:

windows/security/threat-protection/windows-security-baselines.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
 ms.localizationpriority: high
 ms.author: sagaudre
 author: brianlic-msft
-ms.date: 10/31/2017
+ms.date: 05/01/2018
 ---
 
 # Windows Security Baselines

windows/whats-new/whats-new-windows-10-version-1803.md

@@ -21,7 +21,7 @@ The following 3-minute video summarizes some of the new features that are availa
 
  
 
-> [!video https://www.youtube.com/embed/LFiP73slWew?autoplay=false]
+> [!video https://www.microsoft.com/en-us/videoplayer/embed/RE21ada?autoplay=false]
 
 
 ## Deployment
@@ -221,7 +221,9 @@ Device Health’s new App Reliability reports enable you to see where app update
 
 ## Microsoft Edge
 
-iOS and Android versions of Edge are now available. Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.
+iOS and Android versions of Edge are now available. For more information, see [Microsoft Edge Tips](https://microsoftedgetips.microsoft.com/en-us?source=firstrunwip).
+
+Support in [Windows Defender Application Guard](#windows-defender-application-guard) is also improved.
 
 
 ## See Also