diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index d5ebe4beb3..f7e67993e5 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -11,6 +11,11 @@ author: greg-lindsay
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+## October 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) | New |
+
## September 2016
| New or changed topic | Description |
|----------------------|-------------|
@@ -29,11 +34,6 @@ The topics in this library have been updated for Windows 10, version 1607 (also
=======
-## October 2016
-| New or changed topic | Description |
-|----------------------|-------------|
-| [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) | New |
-
## August 2016
| New or changed topic | Description |
|----------------------|-------------|
diff --git a/windows/deploy/resolve-windows-10-upgrade-errors.md b/windows/deploy/resolve-windows-10-upgrade-errors.md
index 9fa10e9da9..8ce1abe2e0 100644
--- a/windows/deploy/resolve-windows-10-upgrade-errors.md
+++ b/windows/deploy/resolve-windows-10-upgrade-errors.md
@@ -102,7 +102,7 @@ Note: If only a result code is returned, this can be because a tool is being use
### Result codes
->A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Other error codes](#other-error-codes) section later in this topic.
+>A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](#resolution-procedures) section later in this topic.
Result codes can be matched to the type of error encountered. To match a result code to an error:
diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 3b4fddffaf..89bda37390 100644
--- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -33,15 +33,53 @@ For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThre
1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- a. Click **Endpoint Management** on the **Navigation pane**.
+ a. Select **Endpoint Management** on the **Navigation pane**.
- b. Select **Mobile Device Management/Microsoft Intune**, click **Download package** and save the .zip file.
+ b. Select **Mobile Device Management/Microsoft Intune** > **Download package** and save the .zip file.
+
+ 
2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP.onboarding*.
3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
-Onboarding - Use the onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
+ a. Select **Policy** > **Configuration Policies** > **Add**.
+ 
+
+ b. Under **Windows**, select **Custom Configuration (Windows 10 Desktop and Mobile and later)** > **Create and Deploy a Custom Policy** > **Create Policy**.
+ 
+
+ c. Type a name and description for the policy.
+ 
+
+ d. Under OMA-URI settings, select **Add...**.
+ 
+
+ e. Type the following values then select **OK**:
+ 
+
+ - **Setting name**: Type a name for the setting.
+ - **Setting description**: Type a description for the setting.
+ - **Data type**: Select **String**.
+ - **OMA-URI**: *./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding*
+ - **Value**: Copy and paste the contents of the *WindowsDefenderATP.onboarding* file you downloaded.
+
+
+ f. Save the policy.
+
+ 
+
+ g. Deploy the policy.
+
+ 
+
+ h. Select the device group to deploy the policy to:
+
+ 
+
+When the policy is deployed and is propagated, endpoints will be shown in the **Machines view**.
+
+You can use the following onboarding policies to deploy configuration settings on endpoints. These policies can be sub-categorized to:
- Onboarding
- Health Status for onboarded machines
- Configuration for onboarded machines
@@ -49,10 +87,10 @@ Onboarding - Use the onboarding policies to deploy configuration settings on end
Policy | OMA-URI | Type | Value | Description
:---|:---|:---|:---|:---
Onboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding | String | Copy content from onboarding MDM file | Onboarding
-Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | TRUE | Windows Defender ATP service is running
- | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
- | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
- Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1
Default value: 1 | Windows Defender ATP Sample sharing is enabled
+Health Status for onboarded machines: Sense Is Running | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | TRUE | Windows Defender ATP service is running
+Health Status for onboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
+Health Status for onboarded machines: Organization ID | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
+Configuration for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1
Default value: 1 | Windows Defender ATP Sample sharing is enabled
> [!NOTE]
@@ -83,8 +121,8 @@ Offboarding - Use the offboarding policies to remove configuration settings on e
Policy | OMA-URI | Type | Value | Description
:---|:---|:---|:---|:---
Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | String | Copy content from offboarding MDM file | Offboarding
- Health Status for offboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
- | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
+ Health Status for offboarded machines: Sense Is Running | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
+Health Status for offboarded machines: Onboarding State | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
> [!NOTE]
> The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated.
diff --git a/windows/keep-secure/images/atp-intune-add-oma.png b/windows/keep-secure/images/atp-intune-add-oma.png
new file mode 100644
index 0000000000..87586e7bd2
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-add-oma.png differ
diff --git a/windows/keep-secure/images/atp-intune-add-policy.png b/windows/keep-secure/images/atp-intune-add-policy.png
new file mode 100644
index 0000000000..570ab0a688
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-add-policy.png differ
diff --git a/windows/keep-secure/images/atp-intune-deploy-policy.png b/windows/keep-secure/images/atp-intune-deploy-policy.png
new file mode 100644
index 0000000000..a4f155428d
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-deploy-policy.png differ
diff --git a/windows/keep-secure/images/atp-intune-manage-deployment.png b/windows/keep-secure/images/atp-intune-manage-deployment.png
new file mode 100644
index 0000000000..450cb83369
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-manage-deployment.png differ
diff --git a/windows/keep-secure/images/atp-intune-new-policy.png b/windows/keep-secure/images/atp-intune-new-policy.png
new file mode 100644
index 0000000000..1e3661e63f
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-new-policy.png differ
diff --git a/windows/keep-secure/images/atp-intune-oma-uri-setting.png b/windows/keep-secure/images/atp-intune-oma-uri-setting.png
new file mode 100644
index 0000000000..f201f402da
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-oma-uri-setting.png differ
diff --git a/windows/keep-secure/images/atp-intune-policy-name.png b/windows/keep-secure/images/atp-intune-policy-name.png
new file mode 100644
index 0000000000..b45b2c5211
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-policy-name.png differ
diff --git a/windows/keep-secure/images/atp-intune-save-policy.png b/windows/keep-secure/images/atp-intune-save-policy.png
new file mode 100644
index 0000000000..b4adb7c064
Binary files /dev/null and b/windows/keep-secure/images/atp-intune-save-policy.png differ
diff --git a/windows/keep-secure/images/atp-onboard-mdm.png b/windows/keep-secure/images/atp-onboard-mdm.png
new file mode 100644
index 0000000000..18b70c8c27
Binary files /dev/null and b/windows/keep-secure/images/atp-onboard-mdm.png differ
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index cb46f438f0..dd5ab0c00c 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -12,6 +12,13 @@ author: jdeckerMS
This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+## October 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) |Added an important note about Cortana and Office 365 integration. |
+| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added link to the Windows Restricted Traffic Limited Functionality Baseline. |
+
## September 2016
| New or changed topic | Description |
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 42d9d21bc2..e992a6f40f 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -1353,3 +1353,5 @@ You can turn off automatic updates by doing one of the following. This is not re
- **5**. Turn off automatic updates.
To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).
+
+To help make it easier to deploy settings to restrict connections from Windows 10 to Microsoft, you can apply the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887). This baseline was created in the same way as the [Windows security baselines](../keep-secure/windows-security-baselines.md) that are often used to efficiently configure Windows to a known secure state. Running the Windows Restricted Traffic Limited Functionality Baseline on devices in your organization will allow you to quickly configure all of the settings covered in this document. However, some of the settings reduce the functionality and security configuration of your device and are therefore not recommended. Make sure should you've chosen the right settings configuration for your environment before applying.
\ No newline at end of file
diff --git a/windows/manage/manage-cortana-in-enterprise.md b/windows/manage/manage-cortana-in-enterprise.md
index ff1aec9da2..5fb13a4fac 100644
--- a/windows/manage/manage-cortana-in-enterprise.md
+++ b/windows/manage/manage-cortana-in-enterprise.md
@@ -24,6 +24,10 @@ Cortana in Windows 10 is already great at letting your employees quickly see wh
But Cortana works even harder when she connects to Office 365, helping employees prepare for meetings, learn about co-workers, and receive reminders about where they need to be so they won’t be late.
+>**Important**
+>Before your employees can use Cortana with Office 365, they must sign into Cortana using a Microsoft account (such as, @outlook.com), and then they must go to the **Connected Accounts** section of Cortana’s notebook to turn on and connect to Office 365.
+
+
**More info:**
- For specific info about what you need to know as a company administrator, including how to turn off Cortana with Office 365, see the [Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717378) support topic.