Merge remote-tracking branch 'upstream/public' into martyav-correct-mentions-of-Windows-Defender-SmartScreen

.openpublishing.redirection.json

@@ -1,13 +1,63 @@
 {
 "redirections": [
 {
-"source_path": "windows/application-management/msix-app-packaging-tool-walkthrough.md",
-"redirect_url": "https://docs.microsoft.com/windows/msix/mpt-overview",
+"source_path": "devices/hololens/hololens-upgrade-enterprise.md",
+"redirect_url": "https://docs.microsoft.com/hololens/hololens-requirements#upgrade-to-windows-holographic-for-business",
 "redirect_document_id": true
 },
 {
+"source_path": "devices/hololens/hololens-install-localized.md",
+"redirect_url": "https://docs.microsoft.com/hololens/hololens1-install-localized",
+"redirect_document_id": false
+},
+{
+"source_path": "devices/hololens/hololens-install-apps.md",
+"redirect_url": "https://docs.microsoft.com/hololens/holographic-store-apps",
+"redirect_document_id": false
+},
+{
+"source_path": "devices/hololens/hololens-setup.md",
+"redirect_url": "https://docs.microsoft.com/hololens/hololens1-setup",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-use-apps.md",
+"redirect_url": "https://docs.microsoft.com/hololens/holographic-home#using-apps-on-hololens",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-get-apps.md",
+"redirect_url": "https://docs.microsoft.com/hololens/holographic-store-apps",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-spaces-on-hololens.md",
+"redirect_url": "https://docs.microsoft.com/hololens/hololens-spaces",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-clicker.md",
+"redirect_url": "https://docs.microsoft.com/hololens/hololens1-clicker",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/hololens/hololens-clicker-restart-recover.md",
+"redirect_url": "https://docs.microsoft.com/hololens/hololens1-clicker#restart-or-recover-the-clicker",
+"redirect_document_id": false
+},
+{
+"source_path": "devices/surface/manage-surface-pro-3-firmware-updates.md",
+"redirect_url": "https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates",
+"redirect_document_id": true
+},
+{
+"source_path": "devices/surface/update.md",
+"redirect_url": "https://docs.microsoft.com/surface/manage-surface-driver-and-firmware-updates",
+"redirect_document_id": false
+},
+{
 "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations",
 "redirect_document_id": true
 },
 {
@@ -727,7 +777,7 @@
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package",
 "redirect_document_id": true
 },
 {
@@ -742,62 +792,62 @@
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/customize-attack-surface-reduction",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection",
+"redirect_url": "https://docs.microsoft.com/windows/security/microsoft-defender-atp/customize-exploit-protection",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/emet-exploit-protection-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/emet-exploit-protection",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-exploit-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/enable-network-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-network-protection",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-attack-surface-reduction",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-controlled-folder-access",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-exploit-protection",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-exploit-protection",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/evaluate-network-protection",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/evaluate-network-protection",
 "redirect_document_id": true
 },
 {
@@ -807,22 +857,22 @@
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/event-views",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/graphics.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/graphics",
-"redirect_document_id": true
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
+"redirect_document_id": false
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml",
 "redirect_document_id": true
 },
 {
@@ -837,28 +887,28 @@
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/prerelease.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/prerelease",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/prerelease",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/troubleshoot-np.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-np",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np",
 "redirect_document_id": true
 },
 {
 "source_path": "windows/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
-"redirect_document_id": true
+"redirect_document_id": false
 },
 {
 "source_path": "windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md",
@@ -3153,7 +3203,7 @@
 },
 {
 "source_path": "windows/device-security/device-guard/requirements-and-deployment-planning-guidelines-for-device-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection",
 "redirect_document_id": true
 },
 {
@@ -5991,6 +6041,11 @@
 "redirect_url": "https://docs.microsoft.com/dynamics365/#pivot=mixed-reality-apps",
 "redirect_document_id": true
 },
+{
+    "source_path": "devices/hololens/hololens-restart-recover.md",
+    "redirect_url": "/hololens/hololens-recovery",
+    "redirect_document_id": false
+},
 {
 "source_path": "devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md",
 "redirect_url": "https://docs.microsoft.com/surface-hub/provisioning-packages-for-surface-hub",
@@ -12193,8 +12248,8 @@
 },
 {
 "source_path": "windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md",
-"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/requirements-and-deployment-planning-guidelines-for-virtualization-based-protection-of-code-integrity",
-"redirect_document_id": true
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection",
+"redirect_document_id": false
 },
 {
 "source_path": "windows/keep-secure/requirements-for-deploying-applocker-policies.md",
@@ -15279,7 +15334,12 @@
 {
 "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
-"redirect_document_id": true
+"redirect_document_id": false
+},
+{
+"source_path": "windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md",
+"redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection",
+"redirect_document_id": false
 }
 ]
 }

devices/hololens/TOC.md

@@ -47,12 +47,12 @@
 
 # Hologram optics and placement in space
 ## [Tips for viewing clear Holograms](hololens-calibration.md)
-## [Mapping physical spaces with HoloLens](hololens-spaces.md)
+## [Environment considerations for HoloLens](hololens-environment-considerations.md)
+## [Spatial mapping on HoloLens](hololens-spaces.md)
 
-# Recovery and troubleshooting
-## [Restore HoloLens 2 using Advanced Recovery Companion](hololens-recovery.md)
-## [Restart, reset, or recover the HoloLens](hololens-restart-recover.md)
+# Update and recovery
+## [Join the Windows Insider program](hololens-insider.md)
+## [Restart, reset, or recover](hololens-recovery.md)
 
 # [Give us feedback](hololens-feedback.md)
-# [Insider preview for Microsoft HoloLens](hololens-insider.md)
 # [Change history for Microsoft HoloLens documentation](change-history-hololens.md)

devices/hololens/hololens-environment-considerations.md

@@ -0,0 +1,121 @@
+---
+title: Environment considerations for HoloLens
+description: Get the best possible experience using HoloLens when you optimize the device for your eyes and environment. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better holograms.
+keywords: holographic frame, field of view, fov, calibration, spaces, environment, how-to
+author: dorreneb
+ms.author: dobrown
+manager: jarrettr
+ms.date: 8/29/2019
+ms.prod: hololens
+ms.topic: article
+audience: ITPro
+ms.localizationpriority: medium
+appliesto:
+- HoloLens 1
+- HoloLens 2
+---
+
+# Environment considerations for HoloLens
+
+HoloLens blends the holographic with the "real" world, placing holograms in your surroundings. A holographic app window "hangs" on the wall, a holographic ballerina spins on the tabletop, bunny ears sit on top of your unwitting friend’s head. When you’re using an immersive game or app, the holographic world will spread to fill your surroundings but you’ll still be able to see and move around the space.
+
+The holograms you place will stay where you’ve put them, even if you turn off your device.
+
+## Setting up an environment
+
+HoloLens devices know how to place stable and accurate holograms by *tracking* users in a space. Without proper tracking, the device does not understand the environment or the user within it so holograms can appear in the wrong places, not appear in the same spot every time, or not appear at all. The data used to track users is represented in the *spatial map*.  
+
+Tracking performance is heavily influenced by the environment the user is in, and tuning an environment to induce stable and consistent tracking is an art rather than a science. Many different environmental factors are fused together to enable tracking, but as a Mixed Reality developer, there are several factors you can keep in mind to tune a space for better tracking.
+
+### Lighting
+
+Windows Mixed Reality uses visual light to track the user's location. When an environment is too bright, the cameras can get saturated, and nothing is seen. If the environment is too dark, the cameras cannot pick up enough information, and nothing is seen. Lighting should be even and sufficiently bright that a human can see without effort, but not so bright that the light is painful to look at.  
+
+Areas where there are points of bright light in an overall dim area are also problematic, as the camera has to adjust when moving in and out of bright spaces. This can cause the device to "get lost" and think that the change in light equates to a change in location. Stable light levels in an area will lead to better tracking.  
+
+Any outdoor lighting can also cause instability in the tracker, as the sun may vary considerably over time. For example, tracking in the same space in the summer vs. winter can produce drastically different results, as the secondhand light outside may be higher at different times of year.  
+
+If you have a luxmeter, a steady 500-1000 lux is a good place to start.  
+
+#### Types of lighting
+
+Different types of light in a space can also influence tracking. Light bulbs pulse with the AC electricity running through it - if the AC frequency is 50Hz, then the light pulses at 50Hz. For a human, this pulsing is not noticed. However, HoloLens' 30fps camera sees these changes - some frames will be well-lit, some will be poorly lit, and some will be over-exposed as the camera tries to compensate for light pulses.  
+
+In the USA, electricity frequency standard is 60Hz, so light bulb pulses are harmonized with HoloLens' framerate - 60Hz pulses align with HoloLens' 30 FPS framerate. However, many countries have an AC frequency standard of 50Hz, which means some HoloLens frames will be taken during pulses, and others will not. In particular, fluorescent lighting in Europe has been known to cause issues.  
+
+There are a few things you can try to resolve flickering issues. Temperature, bulb age, and warm-up cycles are common causes of fluorescent flickering and replacing bulbs may help. Tightening bulbs and making sure current draws are constant can also help.  
+
+### Items in a space
+
+HoloLens uses unique environmental landmarks, also known as *features*, to locate itself in a space.  
+
+A device can almost never track in a feature-poor area, as the device has no way of knowing where in space it is. Adding features to the walls of a space is usually a good way to improve tracking. Posters, symbols taped to a wall, plants, unique objects, or other similar items all help. A messy desk is a good example of an environment that leads to good tracking - there are a lot of different features in a single area.  
+
+Additionally, use unique features in the same space. The same poster repeated multiple times over a wall, for example, will cause device confusion as the HoloLens won't know which of the repetitive posters it is looking at. One common way of adding unique features is to use lines of masking tape to create unique, non-repetitive patterns along the walls and floor of a space.  
+
+A good question to ask yourself is: if you saw just a small amount of the scene, could you uniquely locate yourself in the space? If not, it's likely the device will have problems tracking as well.
+
+#### Wormholes
+
+If you have two areas or regions that look the same, the tracker may think they are the same. This results in the device tricking itself into thinking it is somewhere else. We call these types of repetitive areas *wormholes*.  
+
+To prevent wormholes, try to prevent identical areas in the same space. Identical areas can sometimes include factory stations, windows on a building, server racks, or work stations. Labelling areas or adding unique features to each similar-looking areas can help mitigate wormholes.
+
+### Movement in a space
+
+If your environment is constantly shifting and changing, the device has no stable features to locate against.  
+
+The more moving objects that are in a space, including people, the easier it is to lose tracking. Moving conveyor belts, items in different states of construction, and lots of people in a space have all been known to cause tracking issues.
+
+The HoloLens can quickly adapt to these changes, but only when that area is clearly visible to the device. Areas that are not seen as frequently may lag behind reality, which can cause errors in the spatial map. For example, a user scans a friend and then turns around while the friend leaves the room. A 'ghost' representation of the friend will persist in the spatial mapping data until the user re-scans the now empty space.
+
+### Proximity of the user to items in the space
+
+Similarly to how humans cannot focus well on objects close to the eyes, HoloLens struggles when objects are close to it's cameras. If an object is too close to be seen with both cameras, or if an object is blocking one camera, the device will have far more issues with tracking against the object.  
+
+The cameras can see no closer than 15cm from an object.
+
+### Surfaces in a space
+
+Strongly reflective surfaces will likely look different depending on the angle, which affects tracking. Think of a brand new car—when you move around it, light reflects and you see different objects in the surface as you move. To the tracker, the different objects reflected in the surface represent a changing environment, and the device loses tracking.
+
+Less shiny objects are easier to track against.
+
+### Wi-Fi fingerprint considerations
+
+As long as Wi-Fi is enabled, map data will be correlated with a Wi-Fi fingerprint, even when not connected to an actual WiFi network/router. Without Wi-Fi info, the space and holograms may be slightly slower to recognize. If the Wi-Fi signals change significantly, the device may think it is in a different space altogether.
+
+Network identification (such as SSID or MAC address) is not sent to Microsoft, and all Wi-Fi references are kept local on the HoloLens.
+
+## Mapping new spaces
+
+When you enter a new space (or load an existing one), you’ll see a mesh graphic spreading over the space. This means your device is mapping your surroundings. While a HoloLens will learn a space over time, there are tips and tricks to map spaces.
+
+## Environment management
+
+There are two settings which enable users to “clean up” holograms and cause HoloLens to “forget" a space. They exist in **Holograms and environments** in the settings app, with the second setting also appearing under **Privacy** in the settings app.  
+
+1. **Delete nearby holograms**. When you select this setting, HoloLens will erase all anchored holograms and all stored map data for the “current space” where the device is located. A new map section would be created and stored in the database for that location once holograms are again placed in that same space.
+
+1. **Delete all holograms**.By selecting this setting, HoloLens will erase ALL map data and anchored holograms in the entire databases of spaces. No holograms will be rediscovered and any holograms need to be newly placed to again store map sections in the database.
+
+## Hologram quality
+
+Holograms can be placed throughout your environment—high, low, and all around you—but you’ll see them through a [holographic frame](https://docs.microsoft.com/windows/mixed-reality/holographic-frame) that sits in front of your eyes. To get the best view, make sure to adjust your device so you can see the entire frame. And don’t hesitate to walk around your environment and explore!
+
+For your [holograms](https://docs.microsoft.com/windows/mixed-reality/hologram) to look crisp, clear, and stable, your HoloLens needs to be calibrated just for you. When you first set up your HoloLens, you’ll be guided through this process. Later on, if holograms don’t look right or you’re seeing a lot of errors, you can make adjustments.
+
+If you are having trouble mapping spaces, try deleting nearby holograms and remapping the space.
+
+### Calibration
+
+If your holograms look jittery or shaky, or if you’re having trouble placing holograms, the first thing to try is the [Calibration app](hololens-calibration.md). This app can also help if you’re experiencing any discomfort while using your HoloLens.
+
+To get to the Calibration app, go to **Settings** > **System** > **Utilities**. Select **Open Calibration** and follow the instructions.
+
+If someone else is going to be using your HoloLens, they should run the Calibration app first so the device is set up properly for them.
+
+## See also
+
+- [Spatial mapping design](https://docs.microsoft.com/windows/mixed-reality/spatial-mapping-design)
+- [Holograms](https://docs.microsoft.com/windows/mixed-reality/hologram)

devices/hololens/hololens-offline.md

@@ -1,16 +1,16 @@
 ---
 title: Use HoloLens offline
 description: To set up HoloLens, you'll need to connect to a Wi-Fi network
-ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
-ms.reviewer: jarrettrenshaw
+keywords: hololens, offline, OOBE
+audience: ITPro
 ms.date: 07/01/2019
-manager: v-miegge
-keywords: hololens
-ms.prod: hololens
-ms.sitesec: library
+ms.assetid: b86f603c-d25f-409b-b055-4bbc6edcd301
 author: v-miegge
 ms.author: v-miegge
+manager: v-miegge
 ms.topic: article
+ms.prod: hololens
+ms.sitesec: library
 ms.localizationpriority: medium
 appliesto:
 - HoloLens (1st gen)
@@ -35,6 +35,10 @@ HoloLens need a network connection to go through initial device set up.  If your
 | MSA | https://login.live.com/ppsecure/inlineconnect.srf?id=80600 |
 | MSA Pin | https://account.live.com/msangc?fl=enroll |
 
+Additional references:
+
+- [Technical reference for AAD related IP ranges and URLs](https://docs.microsoft.com/office365/enterprise/urls-and-ip-address-ranges)
+
 ## HoloLens limitations
 
 After your HoloLens is set up, you can use it without a Wi-Fi connection, but apps that use Internet connections will have limited capabilities when you use HoloLens offline.

devices/hololens/hololens-recovery.md

@@ -1,55 +1,103 @@
 ---
-title: Restore HoloLens 2 using Advanced Recovery Companion 
-ms.reviewer: 
-manager: dansimp
+title: Reset or recover your HoloLens 
+ms.reviewer: Both basic and advanced instructions for rebooting or resetting your HoloLens.
 description: How to use Advanced Recovery Companion to flash an image to HoloLens 2.
+keywords: how-to, reboot, reset, recover, hard reset, soft reset, power cycle, HoloLens, shut down, arc, advanced recovery companion
 ms.prod: hololens
 ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: mattzmsft
+ms.author: mazeller
+ms.date: 08/30/2019
 ms.topic: article
-ms.localizationpriority: medium
+ms.localizationpriority: 
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
 ---
 
-# Restore HoloLens 2 using Advanced Recovery Companion
+# Restart, reset, or recover HoloLens
 
->[!TIP]
->If you're having issues with HoloLens (the first device released), see [Restart, reset, or recover HoloLens](https://support.microsoft.com/help/13452/hololens-restart-reset-or-recover-hololens). Advanced Recovery Companion is only supported for HoloLens 2.
+If you’re experiencing problems with your HoloLens you may want to try a restart, reset, or even re-flash with device recovery.
 
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+Here are some things to try if your HoloLens isn’t running well.  This article will guide you through the recommended recovery steps in succession.
 
-The Advanced Recovery Companion is a new app in Microsoft Store that you can use to restore the operating system image to your HoloLens device.
+This article focuses on the HoloLens device and software, if your holograms don't look right, [this article](hololens-environment-considerations.md) talks about environmental factors that improve hologram quality.
 
-When your HoloLens 2 is unresponsive, not running properly, or is experiencing software or update problems, try these things in order:
+## Restart your HoloLens
 
-1. [Restart](#restart-hololens-2) the HoloLens 2.
-2. [Reset](#reset-hololens-2) the HoloLens 2.
-3. [Recover](#recover-hololens-2) the HoloLens 2.
+First, try restarting the device.
 
->[!IMPORTANT]
->Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete.
+### Perform a safe restart by using Cortana
 
-## Restart HoloLens 2
+The safest way to restart the HoloLens is by using Cortana. This is generally a great first-step when experiencing an issue with HoloLens:
 
-A device restart can often "fix" a computer issue. First, say "Hey Cortana, restart the device."
+1. Put on your device
+1. Make sure it’s powered on, a user is logged in, and the device is not waiting for a password to unlock it.
+1. Say “Hey Cortana, reboot” or "Hey Cortana, restart."
+1. When she acknowledges she will ask you for confirmation. Wait a second for a sound to play after she has finished her question, indicating she is listening to you and then say “Yes.”
+1. The device will now restart.
 
-If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
+### Perform a safe restart by using the power button
 
-If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
+If you still can't restart your device, you can try to restart it by using the power button:
 
-## Reset HoloLens 2
+1. Press and hold the power button for five seconds.
+   1. After one second, you will see all five LEDs illuminate, then slowly turn off from right to left.
+   1. After five seconds, all LEDs will be off, indicating the shutdown command was issued successfully.
+   1. Note that it’s important to stop pressing the button immediately after all the LEDs have turned off.
+1. Wait one minute for the shutdown to cleanly succeed. Note that the shutdown may still be in progress even if the displays are turned off.
+1. Power on the device again by pressing and holding the power button for one second.
 
-If the device is still having a problem after restart, use reset to return the HoloLens 2 to factory settings.
+### Perform a safe restart by using Windows Device Portal
 
-To reset your HoloLens 2, go to **Settings > Update > Reset** and select **Reset device**. 
+> [!NOTE]
+> To do this, HoloLens has to be configured as a developer device.  
+> Read more about [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal).
+
+If the previous procedure doesn't work, you can try to restart the device by using [Windows Device Portal](https://docs.microsoft.com/windows/mixed-reality/using-the-windows-device-portal). In the upper right corner, there is an option to restart or shut down the device.
+
+### Perform an unsafe forced restart
+
+If none of the previous methods are able to successfully restart your device, you can force a restart. This method is equivalent to pulling the battery from the HoloLens.  It is a dangerous operation which may leave your device in a corrupt state.  If that happens, you'll have to flash your HoloLens.  
+
+> [!WARNING]
+> This is a potentially harmful method and should only be used in the event none of the above methods work.
+
+1. Press and hold the power button for at least 10 seconds.
+
+   - It’s okay to hold the button for longer than 10 seconds.
+   - It’s safe to ignore any LED activity.
+1. Release the button and wait for two or three seconds.
+1. Power on the device again by pressing and holding the power button for one second.
+If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out and the screen stops displaying holograms. Wait 1 minute, then press the power button again to turn on the device.
+
+## Reset to factory settings
 
 >[!NOTE]
 >The battery needs at least 40 percent charge to reset.
 
-## Recover HoloLens 2
+If your HoloLens is still experiencing issues after restarting, try resetting it to factory state.  Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
 
-If the device is still having a problem after reset, you can use Advanced Recovery Companion to flash the device with a new image.
+If you reset your device, all your personal data, apps, and settings will be erased. Resetting will only install the latest installed version of Windows Holographic and you will have to redo all the initialization steps (calibrate, connect to Wi-Fi, create a user account, download apps, and so forth).
+
+1. Launch the Settings app, and then select **Update** > **Reset**.
+1. Select the **Reset device** option and read the confirmation message.
+1. If you agree to reset your device, the device will restart and display a set of spinning gears with a progress bar.
+1. Wait about 30 minutes for this process to complete.
+1. The reset will complete and the device will restart into the out-of-the-box experience.
+
+## Re-install the operating system
+
+If the device is still having a problem after rebooting and resetting, you can use a recovery tool on your computer to reinstall the HoloLens' operating system and firmware.  
+
+HoloLens (1st gen) and HoloLens 2 use different tools but both tools will auto-detect your HoloLens and install new software.
+
+All of the data HoloLens needs to reset is packaged in a Full Flash Update (ffu).  This is similar to an iso, wim, or vhd.  [Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
+
+### HoloLens 2
+
+The Advanced Recovery Companion is a new app in Microsoft Store restore the operating system image to your HoloLens 2 device.
 
 1. On your computer, get [Advanced Recovery Companion](https://www.microsoft.com/p/advanced-recovery-companion/9p74z35sfrs8?activetab=pivot:overviewtab) from Microsoft Store.
 2. Connect HoloLens 2 to your computer.
@@ -58,5 +106,18 @@ If the device is still having a problem after reset, you can use Advanced Recove
 5. On the **Device info** page, select **Install software** to install the default package. (If you have a Full Flash Update (FFU) image that you want to install instead, select **Manual package selection**.)
 6. Software installation will begin. Do not use the device or disconnect the cable during installation. When you see the **Installation finished** page, you can disconnect and use your device.
 
->[!NOTE]
->[Learn about FFU image file formats.](https://docs.microsoft.com/windows-hardware/manufacture/desktop/wim-vs-ffu-image-file-formats)
+### HoloLens (1st gen)
+
+If necessary, you can install a completely new operating system on your HoloLens (1st gen) with the Windows Device Recovery Tool.
+
+Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time.  When you're done, the latest version of the Windows Holographic software approved for your HoloLens will be installed.
+
+To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space.  Please note that you can’t run this tool on a virtual machine.
+
+To recover your HoloLens
+
+1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
+1. Connect the HoloLens (1st gen) to your computer using the Micro USB cable that came with your HoloLens.
+1. Run the Windows Device Recovery Tool and follow the instructions.
+
+If the HoloLens (1st gen) isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.

devices/hololens/hololens-restart-recover.md

@@ -1,55 +0,0 @@
----
-title: Restart, reset, or recover HoloLens
-description: Restart, reset, or recover HoloLens
-ms.assetid: 9a546416-1648-403c-9e0c-742171b8812e
-ms.reviewer: jarrettrenshaw
-ms.date: 07/01/2019
-manager: v-miegge
-keywords: hololens
-ms.prod: hololens
-ms.sitesec: library
-author: v-miegge
-ms.author: v-miegge
-ms.topic: article
-ms.localizationpriority: medium
----
-
-# Restart, reset, or recover HoloLens
-
-Here are some things to try if your HoloLens is unresponsive, isn’t running well, or is experiencing software or update problems.
-
-## Restart your HoloLens
-
-If your HoloLens isn’t running well or is unresponsive, try the following things.
-
-First, try restarting the device: say, "Hey Cortana, restart the device."
-
-If you’re still having problems, press the power button for 4 seconds, until all of the battery indicators fade out. Wait 1 minute, then press the power button again to turn on the device.
-
-If neither of those things works, force restart the device. Hold down the power button for 10 seconds. Release it and wait 30 seconds, then press the power button again to turn on the device.
-
-## Reset or recover your HoloLens
-
-If restarting your HoloLens doesn’t help, another option is to reset it. If resetting it doesn’t fix the problem, the Windows Device Recovery Tool can help you recover your device.
-
->[!IMPORTANT]
->Resetting or recovering your HoloLens will erase all of your personal data, including apps, games, photos, and settings. You won’t be able to restore a backup once the reset is complete.
-
-## Reset
-
-Resetting your HoloLens keeps the version of the Windows Holographic software that’s installed on it and returns everything else to factory settings.
-
-To reset your HoloLens, go to **Settings** > **Update** > **Reset** and select **Reset device**. The battery will need to have at least a 40 percent charge remaining to reset.
-
-## Recover using the Windows Device Recovery Tool
-
-Before you use this tool, determine if restarting or resetting your HoloLens fixes the problem. The recovery process may take some time, and the latest version of the Windows Holographic software approved for your HoloLens will be installed.
-
-To use the tool, you’ll need a computer running Windows 10 or later, with at least 4 GB of free storage space.  Please note that you can’t run this tool on a virtual machine.
-To recover your HoloLens
-
-1. Download and install the [Windows Device Recovery Tool](https://dev.azure.com/ContentIdea/ContentIdea/_queries/query/8a004dbe-73f8-4a32-94bc-368fc2f2a895/) on your computer.
-1. Connect the clicker to your computer using the Micro USB cable that came with your HoloLens.
-1. Run the Windows Device Recovery Tool and follow the instructions.
-
-If the clicker isn’t automatically detected, select **My device was not detected** and follow the instructions to put your device into recovery mode.

devices/hololens/hololens2-setup.md

@@ -62,9 +62,20 @@ To turn on your HoloLens 2, press the Power button.  The LED lights below the Po
 | To turn off | Press and for hold 5s. |  All five lights turn on, then fade off one at a time. After the lights turn off, a sound plays and the screen displays "Goodbye." |
 | To force the Hololens to restart if it is unresponsive | Press and hold for 10s. | All five lights turn on, then fade off one at a time. After the lights turn off. |
 
-## HoloLens indicator lights
+## HoloLens behavior reference
 
-Not sure what the indicator lights on your HoloLens mean? Here's some help!
+Not sure what the indicator lights on your HoloLens mean? Want to know how HoloLens should behave while charging?  Here's some help!
+
+### Charging behavior
+
+| State of the Device	| Action	| HoloLens 2 will do this |
+| - | - | - |
+| OFF |	Plug in USB Cable	| Device transitions to ON with indicator lights showing battery level and device starts charging.
+| ON	| Remove USB Cable	| Device stops charging
+| ON	| Plug in USB Cable	| Device starts charging
+| SLEEP	| Plug in USB Cable	| Device starts charging
+| SLEEP	| Remove USB Cable |	Device stops charging
+| ON with USB cable pluged in	| Turn off Device |	Device transitions to ON with indicator lights showing battery level and device will start charging |
 
 ### Lights that indicate the battery level
 
@@ -76,6 +87,14 @@ Not sure what the indicator lights on your HoloLens mean? Here's some help!
 | One solid light, one light fading in and out | Between 40% and 21% |
 | One light fading in and out | Between 20% and 5% or lower (critical battery) |
 
+### Sleep Behavior
+
+| State of the Device	| Action	| HoloLens 2 will do this |
+| - | - | - |
+| ON	| Single Power button press	| Device transitions to SLEEP and turns off all indicator lights |
+| ON	| No movement for 3 minutes	| Device transition to SLEEP and turns off all indicator lights |
+| SLEEP	| Single Power button Press	| Device transitions to ON and turns on indicator lights |
+
 ### Lights to indicate problems
 
 | When you do this | The lights do this | It means this |

devices/surface-hub/first-run-program-surface-hub.md

@@ -337,12 +337,12 @@ This is what happens when you choose an option.
 
 -   **Use Microsoft Azure Active Directory**
 
-    Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins security group from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization.
+    Clicking this option allows you to join the device to Azure AD. Once you click **Next**, the device will restart to apply some settings, and then you’ll be taken to the [Use Microsoft Azure Active Directory](#use-microsoft-azure) page and asked to enter credentials that can allow you to join Azure AD. Members of the Azure Global Admins role from the joined organization will be able to use the Settings app. The specific people that will be allowed depends on your Azure AD subscription and how you’ve configured the settings for your Azure AD organization.
     
-    >[!IMPORTANT]
-    >Administrators added to the Azure Global Admins group after you join the device to Azure AD will be unable to use the Settings app.
+    > [!IMPORTANT]
+    > Administrators added to the Azure Device Administrators role after you join the device to Azure AD will be unable to use the Settings app.
     >
-    >If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually.
+    > If you join Surface Hub to Azure AD during first-run setup, single sign-on (SSO) for Office apps will not work properly. Users will have to sign in to each Office app individually.
 
 -   **Use Active Directory Domain Services**
 

devices/surface-hub/index.md

@@ -1,7 +1,7 @@
 ---
 title: Surface Hub
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 layout: LandingPage
 ms.prod: surface-hub

devices/surface-hub/surface-hub-2s-account.md

@@ -4,8 +4,8 @@ description: "This page describes the procedure for creating the Surface Hub 2S
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-adoption-kit.md

@@ -4,8 +4,8 @@ description: "Microsoft has developed downloadable materials that you can make a
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-change-history.md

@@ -4,8 +4,8 @@ description: "This page shows change history for Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 audience: Admin
 ms.manager: laurawi
 ms.topic: article

devices/surface-hub/surface-hub-2s-connect.md

@@ -4,8 +4,8 @@ description: "This page explains how to connect external devices to Surface Hub
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-custom-install.md

@@ -4,8 +4,8 @@ description: "Learn how to perform a custom install of Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-deploy-apps-intune.md

@@ -4,8 +4,8 @@ description: "Learn how you can deploy apps to Surface Hub 2S using Intune."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-deploy-checklist.md

@@ -4,8 +4,8 @@ description: "Verify your deployment of Surface Hub 2S using pre- and post-deplo
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-deploy.md

@@ -4,8 +4,8 @@ description: "This page describes how to deploy Surface Hub 2S using provisionin
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-install-mount.md

@@ -4,8 +4,8 @@ description: "Learn how to install and mount Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-manage-intune.md

@@ -4,8 +4,8 @@ description: "Learn how to update and manage Surface Hub 2S using Intune."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
@@ -28,7 +28,7 @@ Surface Hub 2S allows IT administrators to manage settings and policies using a
 
 ### Auto registration — Azure Active Directory Affiliated
 
-When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune.
+When affiliating Surface Hub 2S with a tenant that has Intune auto enrollment enabled, the device will automatically enroll with Intune. For more information, refer to [Intune enrollment methods for Windows devices](https://docs.microsoft.com/intune/enrollment/windows-enrollment-methods).
 
 ## Windows 10 Team Edition settings
 

devices/surface-hub/surface-hub-2s-manage-passwords.md

@@ -4,8 +4,8 @@ description: "Learn how to configure Surface Hub 2S on-premises accounts with Po
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-onprem-powershell.md

@@ -4,8 +4,8 @@ description: "Learn how to configure Surface Hub 2S on-premises accounts with Po
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-onscreen-display.md

@@ -4,8 +4,8 @@ description: "Learn how to use the onscreen display to adjust brightness and oth
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-pack-components.md

@@ -4,8 +4,8 @@ description: "Instructions for packing Surface Hub 2S components, replacing the
 keywords: pack, replace components, camera, compute cartridge
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-phone-authenticate.md

@@ -4,8 +4,8 @@ description: "Learn how to simplify signing in to Surface Hub 2S using password-
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-port-keypad-overview.md

@@ -4,8 +4,8 @@ description: "This page describes the ports, physical buttons, and configuration
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-prepare-environment.md

@@ -4,8 +4,8 @@ description: "Learn what you need to do to prepare your environment for Surface
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-quick-start.md

@@ -4,8 +4,8 @@ description: "View the quick start steps to begin using Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-recover-reset.md

@@ -4,8 +4,8 @@ description: "Learn how to recover and reset Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-secure-with-uefi-semm.md

@@ -4,8 +4,8 @@ description: "Learn more about securing Surface Hub 2S with SEMM."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-setup.md

@@ -4,8 +4,8 @@ description: "Learn how to complete first time Setup for Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article
@@ -27,7 +27,7 @@ When you first start Surface Hub 2S, the device automatically enters first time
 - This option is not shown if connected using an Ethernet cable.
 - You cannot connect to a wireless network in hotspots (captive portals) that redirect sign-in requests to a provider’s website.
 
-3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user@example.com** for online environments. Select **Next.**
+3. **Enter device account info.** Use **domain\user** for on-premises and hybrid environments and **user\@example.com** for online environments. Select **Next.**
 
    ![* Enter device account info *](images/sh2-run2.png) <br>
 1. **Enter additional info.** If requested, provide your Exchange server address and then select **Next.**

devices/surface-hub/surface-hub-2s-site-planning.md

@@ -4,8 +4,8 @@ description: "Learn more about rooms for Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-site-readiness-guide.md

@@ -4,8 +4,8 @@ description: "Get familiar with site readiness requirements and recommendations
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-techspecs.md

@@ -4,9 +4,9 @@ description: "View tech specs for Surface Hub 2S including pen, camera, and opti
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
+author: greg-lindsay
 manager: laurawi
-ms.author: robmazz
+ms.author: greglin
 audience: Admin
 ms.topic: article
 ms.date: 06/20/2019

devices/surface-hub/surface-hub-2s-unpack.md

@@ -4,8 +4,8 @@ description: "This page includes information about safely unpacking Surface Hub
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-2s-whats-new.md

@@ -4,8 +4,8 @@ description: "Learn more about new features in Surface Hub 2S."
 keywords: separate values with commas
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 audience: Admin
 ms.topic: article

devices/surface-hub/surface-hub-start-menu.md

@@ -3,8 +3,8 @@ title: Configure Surface Hub Start menu
 description: Use MDM to customize the Start menu on Surface Hub. 
 ms.prod: surface-hub
 ms.sitesec: library
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 ms.topic: article
 ms.date: 08/15/2018
 ms.reviewer: 

devices/surface/TOC.md

@@ -3,13 +3,17 @@
 ## [Get started](get-started.md)
 
 ## Overview
-### [Surface Pro Tech specs](https://www.microsoft.com/surface/devices/surface-pro/tech-specs)
-### [Surface Book Tech specs](https://www.microsoft.com/surface/devices/surface-book/tech-specs)
-### [Surface Studio Tech specs](https://www.microsoft.com/surface/devices/surface-studio/tech-specs)
-### [Surface Go Tech specs](https://www.microsoft.com/surface/devices/surface-go/tech-specs)
-### [Surface Laptop 2 Tech specs](https://www.microsoft.com/surface/devices/surface-laptop/tech-specs)
+
+### [Surface Pro 7 for Business](https://www.microsoft.com/surface/business/surface-pro-7)
+### [Surface Pro X for Business](https://www.microsoft.com/surface/business/surface-pro-x)
+### [Surface Laptop 3 for Business](https://www.microsoft.com/surface/business/surface-laptop-3)
+### [Surface Book 2 for Business](https://www.microsoft.com/surface/business/surface-book-2)
+### [Surface Studio 2 for Business](https://www.microsoft.com/surface/business/surface-studio-2)
+### [Surface Go](https://www.microsoft.com/surface/business/surface-go)
+### [Secure, work-anywhere mobility with LTE Advanced](https://www.microsoft.com/surface/business/lte-laptops-and-tablets)
 
 ## Plan
+
 ### [Surface device compatibility with Windows 10 Long-Term Servicing Branch](surface-device-compatibility-with-windows-10-ltsc.md)
 ### [Long-Term Servicing Branch for Surface devices](ltsb-for-surface.md)
 ### [Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md)
@@ -19,10 +23,11 @@
 ### [Ethernet adapters and Surface deployment](ethernet-adapters-and-surface-device-deployment.md)
 
 ## Deploy
+
 ### [Deploy Surface devices](deploy.md)
 ### [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
 ### [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
-### [Windows 10 ARM-based PC app compatibility](surface-pro-arm-app-performance.md)
+### [Surface Pro X app compatibility](surface-pro-arm-app-performance.md)
 ### [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)
 ### [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
 ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
@@ -34,16 +39,17 @@
 ### [Surface System SKU reference](surface-system-sku-reference.md)
 
 ## Manage
+
 ### [Optimize Wi-Fi connectivity for Surface devices](surface-wireless-connect.md)
 ### [Best practice power settings for Surface devices](maintain-optimal-power-settings-on-Surface-devices.md)
 ### [Surface Dock Firmware Update](surface-dock-firmware-update.md)
 ### [Battery Limit setting](battery-limit.md)
 ### [Surface Brightness Control](microsoft-surface-brightness-control.md)
 ### [Surface Asset Tag](assettag.md)
-### [Surface firmware and driver updates](update.md)
-### [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)
+### [Manage Surface driver and firmware updates](manage-surface-driver-and-firmware-updates.md)
 
 ## Secure
+### [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)
 ### [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
 ### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
 ### [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)

devices/surface/assettag.md

@@ -3,12 +3,13 @@ title: Surface Asset Tag Tool
 description: This topic explains how to use the Surface Asset Tag Tool.
 ms.prod: w10
 ms.mktglfcycl: manage
+ms.localizationpriority: medium
 ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 02/01/2019
-ms.reviewer: 
+ms.date: 10/21/2019
+ms.reviewer: hachidan
 manager: dansimp
 ---
 
@@ -33,6 +34,9 @@ To run Surface Asset Tag:
     extract the zip file, and save AssetTag.exe in desired folder (in
     this example, C:\\assets).
 
+    > [!NOTE]
+    > For Surface Pro X, use the application named **AssetTag_x86**  in the ZIP file. 
+
 2.  Open a command console as an Administrator and run AssetTag.exe,
     entering the full path to the tool.
 

devices/surface/change-history-for-surface.md

@@ -9,6 +9,9 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ---
 
 # Change history for Surface documentation
@@ -19,7 +22,9 @@ This topic lists new and updated topics in the Surface documentation library.
 
 | **New or changed topic** | **Description** |
 | ------------------------ | --------------- |
+| [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md)| New document explaining how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.|
 | [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)| New document highlighting key considerations for deploying, managing, and servicing Surface Pro X.|
+|Multiple topics| Updated with information on Surface Pro 7, Surface Pro X, and Surface Laptop 3.|
 
 ## September 2019
 

devices/surface/considerations-for-surface-and-system-center-configuration-manager.md

@@ -9,14 +9,16 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/24/2019
 ms.reviewer: 
 manager: dansimp
 ---
 
 # Considerations for Surface and System Center Configuration Manager
 
-Fundamentally, management and deployment of Surface devices with System Center Configuration Manager is the same as the management and deployment of any other PC. Like any other PC, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device.
+Fundamentally, management and deployment of Surface devices with System Center Configuration Manager (SCCM) is the same as the management and deployment of any other PC. Like other PCs, a deployment to Surface devices includes importing drivers, importing a Windows image, preparing a deployment task sequence, and then deploying the task sequence to a collection. After deployment, Surface devices are like any other Windows client – to publish apps, settings, and policies, you use the same process that you would use for any other device.
 
 You can find more information about how to use Configuration Manager to deploy and manage devices in the [Documentation for System Center Configuration Manager](https://docs.microsoft.com/sccm/index).
 
@@ -25,6 +27,11 @@ Although the deployment and management of Surface devices is fundamentally the s
 >[!NOTE]
 >For management of Surface devices it is recommended that you use the Current Branch of System Center Configuration Manager.
 
+## Support for Surface Pro X
+Beginning in version 1802, SCCM includes client management support for Surface Pro X. Note however that running the SCCM agent on Surface Pro X may accelerate battery consumption. In addition, SCCM operating system deployment is not supported on Surface Pro X. For more information, refer to:
+- [What's new in version 1802 of System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802)
+- [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
 ## Updating Surface device drivers and firmware
 
 For devices that receive updates through Windows Update, drivers for Surface components – and even firmware updates – are applied automatically as part of the Windows Update process. For devices with managed updates, such as those updated through Windows Server Update Services (WSUS), the option to install drivers and firmware through Windows Update is not available. For these managed devices, the recommended driver management process is the deployment of driver and firmware updates using the Windows Installer (.msi) files, which are provided through the Microsoft Download Center. You can find a list of these downloads at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices).
@@ -79,3 +86,4 @@ To apply an asset tag using the [Surface Asset Tag CLI Utility](https://www.micr
 When you deploy Windows to a Surface device, the push-button reset functionality of Windows is configured by default to revert the system back to a state where the environment is not yet configured. When the reset function is used, the system discards any installed applications and settings. Although in some situations it can be beneficial to restore the system to a state without applications and settings, in a professional environment this effectively renders the system unusable to the end user.
 
 Push-button reset can be configured, however, to restore the system configuration to a state where it is ready for use by the end user. Follow the process outlined in [Deploy push-button reset features](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/deploy-push-button-reset-features) to customize the push-button reset experience for your devices.
+

devices/surface/customize-the-oobe-for-surface-deployments.md

@@ -13,13 +13,13 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 07/27/2017
+ms.audience: itpro
+ms.date: 10/21/2019
 ---
 
 # Customize the OOBE for Surface deployments
 
-
-This article walks you through the process of customizing the Surface out-of-box experience for end users in your organization.
+This article describes customizing the Surface out-of-box experience for end users in your organization.
 
 It is common practice in a Windows deployment to customize the user experience for the first startup of deployed computers — the out-of-box experience, or OOBE.
 
@@ -28,6 +28,9 @@ It is common practice in a Windows deployment to customize the user experience f
 
 In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.
 
+> [!NOTE]
+> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
 This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image).
 
 >[!NOTE]
@@ -57,7 +60,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
 -   %windir%\\system32\\oobe\\info\\default\\1033\\PenSuccess\_en-US.png
 
 >[!NOTE]
->You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 3 to deploy to Surface Pro 3, and the files from Surface Book to deploy Surface Book, but you should not use the files from a Surface Pro 3 to deploy Surface Book or Surface Pro 4.
+>You should copy the files from a factory image for the same model Surface device that you intend to deploy to. For example, you should use the files from a Surface Pro 7 to deploy to Surface Pro 7, and the files from Surface Book 2 to deploy Surface Book 2, but you should not use the files from a Surface Pro 7 to deploy Surface Book or Surface Pro 6.
 
  
 

devices/surface/deploy-surface-app-with-windows-store-for-business.md

@@ -9,7 +9,9 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 09/21/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -17,12 +19,25 @@ manager: dansimp
 # Deploy Surface app with Microsoft Store for Business and Education
 
 **Applies to**
-* Surface Pro 4
-* Surface Book
-* Surface 3
 
->[!NOTE]
->The Surface app ships in Surface Studio.
+- Surface Pro 7
+- Surface Laptop 3
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+
 
 The Surface app is a lightweight Microsoft Store app that provides control of many Surface-specific settings and options, including: 
 
@@ -36,7 +51,10 @@ The Surface app is a lightweight Microsoft Store app that provides control of ma
 
 * Quick access to support documentation and information for your device
 
-If your organization is preparing images that will be deployed to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business. 
+Customers using Windows Update will ordinarily receive Surface app as part of automatic updates. But if your organization is preparing images for deployment to your Surface devices, you may want to include the Surface app (formerly called the Surface Hub) in your imaging and deployment process instead of requiring users of each individual device to download and install the app from the Microsoft Store or your Microsoft Store for Business. 
+
+> [!NOTE]
+> This article does not apply to Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
 
 ## Surface app overview
 

devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md

@@ -11,7 +11,8 @@ ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
 ms.sitesec: library
 author: dansimp
-ms.date: 08/13/2019
+ms.audience: itpro
+ms.date: 10/21/2019
 ms.author: dansimp
 ms.topic: article
 ---
@@ -68,7 +69,7 @@ Look to the **version** number to determine the latest files that contain the mo
 The first file —  SurfacePro6_Win10_16299_1900307_0.msi  —  is the newest because its VERSION field has the newest build in 2019; the other files are from 2018.
 
 ## Supported devices
-Downloadable MSI files are available for Surface devices from Surface Pro 2 and later.
+Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. 
 
 >[!NOTE]
 >There are no downloadable firmware or driver updates available for Surface devices with Windows RT, including Surface RT and Surface 2. Updates can only be applied using Windows Update.

devices/surface/deploy-windows-10-to-surface-devices-with-mdt.md

@@ -9,7 +9,9 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -17,13 +19,21 @@ manager: dansimp
 # Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit
 
 **Applies to**
-- Surface Studio
-- Surface Pro 4
-- Surface Book
+
+- Surface Studio and later
+- Surface Pro 4 and later
+- Surface Book and later
+- Surface Laptop and later
+- Surface Go
 - Surface 3
 - Windows 10
 
-This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
+This article walks you through the recommended process to deploy Windows 10 to Surface devices with Microsoft deployment technologies. The process described in this article yields a complete Windows 10 environment including updated firmware and drivers for your Surface device along with applications like Microsoft Office 365 and the Surface app. 
+
+> [!NOTE]
+> MDT is not currently supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
+When the process is complete, the Surface device will be ready for use by the end user. You can customize this process to include your own applications and configuration to meet the needs of your organization. You can also follow the guidance provided in this article to integrate deployment to Surface devices into existing deployment strategies.
 
 By following the procedures in this article, you can create an up-to-date reference image and deploy this image to your Surface devices, a process known as *reimaging*. Reimaging will erase and overwrite the existing environment on your Surface devices. This process allows you to rapidly configure your Surface devices with identical environments that can be configured to precisely fit your organization’s requirements. 
 

devices/surface/enroll-and-configure-surface-devices-with-semm.md

@@ -9,7 +9,9 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 01/06/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -20,6 +22,11 @@ With Microsoft Surface Enterprise Management Mode (SEMM), you can securely confi
 
 For a more high-level overview of SEMM, see [Microsoft Surface Enterprise Management Mode](https://technet.microsoft.com/itpro/surface/surface-enterprise-management-mode).
 
+A streamlined method of managing firmware from the cloud on Surface Pro 7,Surface Pro X and Surface Laptop 3 is now available via public preview. For more information,refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+> [!NOTE]
+> SEMM is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md).
+
 #### Download and install Microsoft Surface UEFI Configurator
 The tool used to create SEMM packages is Microsoft Surface UEFI Configurator. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) page in the Microsoft Download Center.
 Run the Microsoft Surface UEFI Configurator Windows Installer (.msi) file to start the installation of the tool. When the installer completes, find Microsoft Surface UEFI Configurator in the All Apps section of your Start menu.

devices/surface/ethernet-adapters-and-surface-device-deployment.md

@@ -13,13 +13,14 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 07/27/2017
+ms.audience: itpro
+ms.date: 10/21/2019
 ---
 
 # Ethernet adapters and Surface deployment
 
 
-This article provides guidance and answers to help you perform a network deployment to Surface devices.
+This article provides guidance and answers to help you perform a network deployment to Surface devices including Surface Pro 3 and later.
 
 Network deployment to Surface devices can pose some unique challenges for system administrators. Due to the lack of a native wired Ethernet adapter, administrators must provide connectivity through a removable Ethernet adapter.
 
@@ -32,6 +33,9 @@ The primary concern when selecting an Ethernet adapter is how that adapter will
 
 Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://www.microsoft.com/surface/accessories/surface-dock) use a chipset that is compatible with the Surface firmware.
 
+> [!NOTE]
+>  PXE boot is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
 The following Ethernet devices are supported for network boot with Surface devices:
 
 -   Surface USB-C to Ethernet and USB 3.0 Adapter
@@ -50,7 +54,6 @@ Third-party Ethernet adapters are also supported for network deployment, althoug
 
 ## Boot Surface devices from the network
 
-
 To boot from the network or a connected USB stick, you must instruct the Surface device to boot from an alternate boot device. You can alter the boot order in the system firmware to prioritize USB boot devices, or you can instruct it to boot from an alternate boot device during the boot up process.
 
 To boot a Surface device from an alternative boot device, follow these steps:

devices/surface/get-started.md

@@ -1,7 +1,7 @@
 ---
 title: Get started with Surface devices
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 layout: LandingPage
 ms.assetid: 
@@ -14,7 +14,7 @@ ms.localizationpriority: High
 ---
 # Get started with Surface devices
 
-Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface devices in your organization.
+Harness the power of Surface, Windows, and Office connected together through the cloud. Find tools, step-by-step guides, and other resources to help you plan, deploy, and manage Surface for Business devices in your organization.
 
 <ul class="panelContent cardsF">
     <li>
@@ -29,7 +29,7 @@ Harness the power of Surface, Windows, and Office connected together through the
                     <div class="cardText">
                         <h3>Plan</h3>
                          <p><a href="considerations-for-surface-and-system-center-configuration-manager.md">Surface and SCCM considerations</a></p>
-                         <p><a href="deploy-surface-app-with-windows-store-for-business.md">Deploy Surface app with Microsoft Store for Business</a></p>
+                         <p><a href="wake-on-lan-for-surface-devices.md">Wake On LAN for Surface devices</a></p>
                     </div>
                 </div>
             </div>
@@ -86,8 +86,8 @@ Harness the power of Surface, Windows, and Office connected together through the
                     </div>
                     <div class="cardText">
                         <h3>Secure</h3>
-                        <p><a href="surface-enterprise-management-mode.md">Surface Enterprise Management Mode (SEMM)</a></p>
-                        <p><a href="manage-surface-uefi-settings.md">Manage UEFI</a></p>
+                          <p><a href="surface-manage-dfci-guide.md">Intune management of Surface UEFI settings</a></p>
+                          <p><a href="surface-enterprise-management-mode.md">Surface Enterprise Management Mode (SEMM)</a></p>                     
                         <p><a href="microsoft-surface-data-eraser.md">Surface Data Eraser tool</a></p>
                     </div>
                 </div>
@@ -105,6 +105,8 @@ Harness the power of Surface, Windows, and Office connected together through the
                     </div>
                     <div class="cardText">
                         <h3>Support</h3>
+                         <p><a href="https://support.microsoft.com/help/4483194/maximize-surface-battery-life">Maximize your Surface battery life</a></p>
+                         <p><a href="https://support.microsoft.com/help/4023468/surface-troubleshoot-surface-dock-and-docking-stations">Troubleshoot Surface Dock and docking stations</a></p>
                         <p><a href="support-solutions-surface.md">Top support solutions</a></p>
                     </div>
                 </div>
@@ -121,12 +123,13 @@ Harness the power of Surface, Windows, and Office connected together through the
             <div class="cardPadding">
                 <div class="card">
                     <div class="cardText">
-                        <h3>Technical specifications</h3>
-                         <P><a href="https://www.microsoft.com/surface/devices/surface-pro/tech-specs" target="_blank">Surface Pro</a></p>
-                         <P><a href="https://www.microsoft.com/p/surface-book-2/8mcpzjjcc98c?activetab=pivot:techspecstab" target="_blank">Surface Book</a></p>
-                         <P><a href="https://www.microsoft.com/surface/devices/surface-studio/tech-specs" target="_blank">Surface Studio</a><p>
-                         <P><a href="https://www.microsoft.com/surface/devices/surface-go/tech-specs" target="_blank">Surface Go</a></p>
-                         <P><a href="https://www.microsoft.com/surface/devices/surface-laptop/tech-specs" target="_blank">Surface Laptop 2</a></p>
+                        <h3>Tech specs</h3>
+                           <P><a href="https://www.microsoft.com/surface/business/surface-pro-7" target="_blank">Surface Pro 7 for Business</a></P>
+                            <P><a href="https://www.microsoft.com/surface/business/surface-pro-x" target="_blank">Surface Pro X for Business</a></p>
+                            <P><a href="https://www.microsoft.com/surface/business/surface-laptop-3" target="_blank">Surface Laptop 3 for Business</a></p>
+                              <P><a href="https://www.microsoft.com/surface/business/surface-book-2" target="_blank">Surface Book 2 for Business</a></p>
+                              <P><a href="https://www.microsoft.com/surface/business/surface-studio-2" target="_blank">Surface Studio 2 for Business</a></p>
+                              <P><a href="https://www.microsoft.com/surface/business/surface-go" target="_blank">Surface Go</a></p>
                     </div>
                 </div>
             </div>

devices/surface/index.md

@@ -3,8 +3,8 @@ title: Microsoft Surface documentation and resources
 layout: HubPage
 hide_bc: true
 description: Surface and Surface Hub documentation for admins & IT professionals
-author: robmazz
-ms.author: robmazz
+author: greg-lindsay
+ms.author: greglin
 manager: laurawi
 ms.topic: hub-page
 keywords: Microsoft Surface, Microsoft Surface Hub, Surface documentation

devices/surface/manage-surface-driver-and-firmware-updates.md

@@ -0,0 +1,65 @@
+---
+title: Manage Surface driver and firmware updates (Surface)
+description: This article describes the available options to manage firmware and driver updates for Surface devices.
+ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
+ms.reviewer: 
+manager: dansimp
+keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.pagetype: surface, devices
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.audience: itpro
+ms.date: 10/21/2019
+---
+
+# Manage Surface driver and firmware updates
+
+This article describes the available options that you can use to manage firmware and driver updates for Surface devices including Surface Pro 3 and later. 
+
+To see a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This design allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience for receiving the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always be appropriate for organizations and businesses. In cases where you strictly manage updates or when you deploy a new operating system to a Surface device, automatic updates from Windows Update may not be appropriate.
+
+## <a href="" id="methods-for-------firmware-deployment"></a>Methods for deploying firmware
+
+Windows Update automatically provides firmware for computers that receive updates directly from Microsoft. However, in environments where  Windows Server Update Services (WSUS) manages updates, Windows Update cannot update the firmware. For managed environments, there are a number of options you can use to deploy firmware updates.
+
+### Windows Update
+
+The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS.
+
+Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives updates from Windows Update downloads each update independently from Microsoft instead of accessing a central location. These operations increase demand on Internet connectivity and bandwidth. Additionally, such updates are not subjected to testing or review by administrators.
+
+For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 4: Configure Group Policy Settings for Automatic Updates](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates).
+
+### Windows Installer Package
+
+Surface driver and firmware updates are packaged as Windows Installer (MSI) files. To deploy these Windows Installer packages, you can use application deployment utilities such as the Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager. Such solutions provide the means for administrators to test and review updates before deploying them, and to centralize deployment. For each device, it is important to select the correct MSI file for the device and its operating system. For more information see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+For instructions on how to deploy updates by using System Center Configuration Manager, refer to [Deploy applications with Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/deploy-applications). For instructions on how to deploy updates by using MDT, see [Deploy a Windows 10 image using MDT](https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt).
+
+> [!NOTE]
+> You can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
+
+### Microsoft System Center Configuration Manager
+
+Starting in Microsoft System Center Configuration Manager version 1710, you can synchronize and deploy Microsoft Surface firmware and driver updates by using the Configuration Manager client. The process resembles that for deploying regular updates. For additional information, see KB 4098906, [How to manage Surface driver updates in Configuration Manager](https://support.microsoft.com/help/4098906/manage-surface-driver-updates-in-configuration-manager).
+
+## Considerations when deploying updates and operating systems together
+
+The process of deploying firmware updates during an operating system deployment is straightforward. You can import the firmware and driver pack into either System Center Configuration Manager or MDT, and use them to deploy a fully updated environment to a target Surface device, complete with firmware. For a complete step-by-step guide to using MDT to deploy Windows to a Surface device, see [Deploy Windows 10 to Surface devices with Microsoft Deployment Toolkit](deploy-windows-10-to-surface-devices-with-mdt.md).
+
+> [!IMPORTANT]
+> Select the correct MSI file for each specific device and its operating system. For more information, see [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+
+**WindowsPE and Surface firmware and drivers**
+
+System Center Configuration Manager and MDT both use the Windows Preinstallation Environment (WindowsPE) during the deployment process. WindowsPE only supports a limited set of basic drivers such as those for network adapters and storage controllers. Drivers for Windows components that are not part of WindowsPE might produce errors. As a best practice, you can prevent such errors by configuring the deployment process to use only the required drivers during the WindowsPE phase.
+
+## Supported devices
+Downloadable MSI files are available for Surface devices from Surface Pro 2 and later. Information about MSI files for the newest Surface devices such as Surface Pro 7, Surface Pro X, and Surface Laptop 3 will be available from this page upon release. 

devices/surface/manage-surface-pro-3-firmware-updates.md

@@ -1,64 +0,0 @@
----
-title: Manage Surface driver and firmware updates (Surface)
-description: This article describes the available options to manage firmware and driver updates for Surface devices.
-ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
-ms.reviewer: 
-manager: dansimp
-keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
-ms.localizationpriority: medium
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.date: 07/27/2017
----
-
-# Manage Surface driver and firmware updates
-
-
-This article describes the available options to manage firmware and driver updates for Surface devices.
-
-For a list of the available downloads for Surface devices and links to download the drivers and firmware for your device, see [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
-
-On Surface devices, the firmware is exposed to the operating system as a driver and is visible in Device Manager. This allows a Surface device firmware to be automatically updated along with all drivers through Windows Update. This mechanism provides a seamless, automatic experience to receive the latest firmware and driver updates. Although automatic updating is easy for end users, updating firmware and drivers automatically may not always apply to organizations and businesses. Automatic updates with Windows Update may not be applicable where updates are carefully managed, or when you deploy a new operating system to a Surface device.
-
-## <a href="" id="methods-for-------firmware-deployment"></a>Methods for firmware deployment
-
-
-Although firmware is provided automatically by Windows Update for computers that receive updates directly from Microsoft, in environments where updates are carefully managed by using Windows Server Update Services (WSUS), updating the firmware through Windows Update is not supported. For managed environments, there are a number of options you can use to deploy firmware updates.
-
-**Windows Update**
-
-The simplest solution to ensure that firmware on Surface devices in your organization is kept up to date is to allow Surface devices to receive updates directly from Microsoft. You can implement this solution easily by excluding Surface devices from Group Policy that directs computers to receive updates from WSUS.
-
-Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators.
-
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](https://technet.microsoft.com/library/dn595129).
-
-**Windows Installer Package**
-
-The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](https://blogs.technet.microsoft.com/surface/2015/03/04/surface-pro-3-msi-now-available/) blog post.
-
-For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](https://technet.microsoft.com/library/gg682082). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](https://technet.microsoft.com/library/dn744279#sec04). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
-
-**Provisioning packages**
-
-New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
-
-**Windows PowerShell**
-
-Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](https://blogs.technet.microsoft.com/deploymentguys/2013/05/16/deploying-drivers-and-firmware-to-surface-pro/) blog post.
-
-## Operating system deployment considerations
-
-
-The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](https://www.microsoft.com/download/details.aspx?id=45292) from the Microsoft Download Center.
-
-The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device.
-
-**Windows PE and Surface firmware and drivers**
-
-A best practice for deployment with any solution that uses the Windows Preinstallation Environment (WinPE), such as System Center Configuration Manager or MDT, is to configure WinPE with only the drivers that are required during the WinPE stage of deployment. These usually include drivers for network adapters and storage controllers. This best practice helps to prevent errors with more complex drivers that rely on components that are not present in WinPE. For Surface Pro 3 devices, this is especially true of the Touch Firmware. The Touch Firmware should never be loaded in a WinPE environment on Surface Pro 3.

devices/surface/manage-surface-uefi-settings.md

@@ -17,13 +17,17 @@ manager: dansimp
 
 # Manage Surface UEFI settings
 
-Current and future generations of Surface devices, including Surface Pro 4, Surface Book, and Surface Studio, use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. 
+Current and future generations of Surface devices, including Surface Pro 7, Surface Book 2, and Surface Studio 2,use a unique UEFI firmware engineered by Microsoft specifically for these devices. This firmware allows for significantly greater control of the device’s operation over firmware versions in earlier generation Surface devices, including the support for touch, mouse, and keyboard operation. By using the Surface UEFI settings you can easily enable or disable internal devices or components, configure security to protect UEFI settings from being changed, and adjust the Surface device boot settings. 
 
 >[!NOTE]
 >Surface Pro 3, Surface 3, Surface Pro 2, Surface 2, Surface Pro, and Surface do not use the Surface UEFI and instead use firmware provided by third-party manufacturers, such as AMI.
 
 You can enter the Surface UEFI settings on your Surface device by pressing the **Volume Up** button and the **Power** button simultaneously. Hold the **Volume Up** button until the Surface logo is displayed, which indicates that the device has begun to boot. 
 
+## Support for cloud-based management
+With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future. DFCI is currently available for Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information, refer to [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+
 ## PC information 
 
 On the **PC information** page, detailed information about your Surface device is provided: 

devices/surface/microsoft-surface-brightness-control.md

@@ -9,7 +9,7 @@ author: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.date: 1/15/2019
-ms.reviewer: 
+ms.reviewer: hachidan
 manager: dansimp
 ---
 
@@ -60,6 +60,11 @@ Full Brightness   | Default: 100  <br>Option: Range of 0-100 percent of screen b
 
 ## Changes and updates
 
+### Version 1.16.137<br>
+*Release Date: 22 October 2019*<br>
+This version of Surface Brightness Control adds support for the following:
+-Recompiled for x86, adding support for Surface Pro 7, Surface Pro X, and Surface Laptop 3. 
+
 ### Version 1.12.239.0
 *Release Date: 26 April 2019*<br>
 This version of Surface Brightness Control adds support for the following:

devices/surface/microsoft-surface-data-eraser.md

@@ -2,7 +2,7 @@
 title: Microsoft Surface Data Eraser (Surface)
 description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
 ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10
-ms.reviewer: 
+ms.reviewer: hachidan
 manager: dansimp
 ms.localizationpriority: medium
 keywords: tool, USB, data, erase
@@ -13,7 +13,8 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 05/15/2018
+ms.audience: itpro
+ms.date: 10/21/2019
 ---
 
 # Microsoft Surface Data Eraser
@@ -28,6 +29,9 @@ Find out how the Microsoft Surface Data Eraser tool can help you securely wipe d
 
 Compatible Surface devices include:
 
+* Surface Pro 7
+* Surface Pro X
+* Surface Laptop 3
 * Surface Pro 6
 * Surface Laptop 2
 * Surface Go
@@ -156,6 +160,12 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
 
 Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
 
+### Version 3.21.137
+*Release Date: 21 Oct 2019*
+This version of Surface Data Eraser is compiled for x86 and adds support for the following devices:
+
+Supports Surface Pro 7, Surface Pro X, and Surface Laptop 3.
+
 ### Version 3.2.78.0
 *Release Date: 4 Dec 2018*
 

devices/surface/microsoft-surface-deployment-accelerator.md

@@ -2,7 +2,7 @@
 title: Microsoft Surface Deployment Accelerator (Surface)
 description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
 ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
-ms.reviewer: 
+ms.reviewer: hachidan
 manager: dansimp
 ms.date: 07/27/2017
 ms.localizationpriority: medium
@@ -14,19 +14,19 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
+ms.audience: itpro
 ---
 
 # Microsoft Surface Deployment Accelerator
 
 
-Microsoft Surface Deployment Accelerator (SDA) provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
+Microsoft Surface Deployment Accelerator (SDA) automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. 
 
-SDA includes a wizard that automates the creation and configuration of a Microsoft recommended deployment experience by using free Microsoft deployment tools. The resulting deployment solution is complete with everything you need to immediately begin the deployment of Windows to a Surface device. You can also use SDA to create and capture a Windows reference image and then deploy it with the latest Windows updates.
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
 
 SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
 
-You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](https://technet.microsoft.com/windows/dn913725).
-
 **Download Microsoft Surface Deployment Accelerator**
 
 You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:

devices/surface/step-by-step-surface-deployment-accelerator.md

@@ -20,6 +20,9 @@ ms.date: 07/27/2017
 
 This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices. This article also contains instructions on how to perform these tasks without an Internet connection or without support for Windows Deployment Services network boot (PXE).
 
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
+
 ## How to install Surface Deployment Accelerator
 
 For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).

devices/surface/support-solutions-surface.md

@@ -47,7 +47,7 @@ These are the top Microsoft Support solutions for common issues experienced when
 
 - [Troubleshoot connecting Surface to a second screen](https://support.microsoft.com/help/4023496)
 
-- [Microsoft Surface Dock Updater](https://docs.microsoft.com/surface/surface-dock-updater)
+- [Microsoft Surface Dock Firmware Update](https://docs.microsoft.com/surface/surface-dock-updater)
 
 ## Surface Drivers and Firmware
 

devices/surface/surface-device-compatibility-with-windows-10-ltsc.md

@@ -9,8 +9,10 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 01/03/2018
-ms.reviewer: 
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
+ms.reviewer: scottmca
 manager: dansimp
 ---
 
@@ -55,7 +57,7 @@ Before you choose to use Windows 10 Enterprise LTSC edition on Surface devices,
 * Surface device replacements (for example, devices replaced under warranty) may contain subtle variations in hardware components that require updated device drivers and firmware. Compatibility with these updates may require the installation of a more recent version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise with the SAC servicing option.
 
 >[!NOTE]
->Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
+>Organizations that standardize on a specific version of Windows 10 Enterprise LTSC may be unable to adopt new generations of Surface hardware such as Surface Pro 7, Surface Pro X, or Surface Laptop 3 without also updating to a later version of Windows 10 Enterprise LTSC or Windows 10 Pro or Enterprise. For more information, see the **How will Windows 10 LTSBs be supported?** topic in the **Supporting the latest processor and chipsets on Windows** section of [Lifecycle Policy FAQ—Windows products](https://support.microsoft.com/help/18581/lifecycle-policy-faq-windows-products#b4).
 
 Surface devices running Windows 10 Enterprise LTSC edition will not receive new features. In many cases these features are requested by customers to improve the usability and capabilities of Surface hardware. For example, new improvements for High DPI applications in Windows 10, version 1703. Customers that use Surface devices in the LTSC configuration will not see the improvements until they either update to a new Windows 10 Enterprise LTSC release or upgrade to a version of Windows 10 with support for the SAC servicing option.
 

devices/surface/surface-diagnostic-toolkit-business.md

@@ -41,6 +41,8 @@ Command line |	Directly troubleshoot Surface devices remotely without user inter
 
 SDT for Business is supported on Surface 3 and later devices, including:
 
+- Surface Pro 7
+- Surface Laptop 3
 - Surface Pro 6
 - Surface Laptop 2
 - Surface Go
@@ -168,6 +170,12 @@ You can select to run a wide range of logs across applications, drivers, hardwar
 - [Use Surface Diagnostic Toolkit for Business using commands](surface-diagnostic-toolkit-command-line.md)
 
 ## Changes and updates
+### Version 2.43.139.0
+*Release date: October 21, 2019*<br>
+This version of Surface Diagnostic Toolkit for Business adds support for the following: 
+-Surface Pro 7
+-Surface Laptop 3
+
 ### Version 2.42.139.0
 *Release date: September 24, 2019*<br>
 This version of Surface Diagnostic Toolkit for Business adds support for the following: 

devices/surface/surface-diagnostic-toolkit-command-line.md

@@ -10,7 +10,7 @@ ms.topic: article
 ms.date: 11/15/2018
 ms.reviewer: hachidan
 manager: dansimp
-ms.localizationpriority: normal
+ms.localizationpriority: medium
 ms.audience: itpro
 ---
 

devices/surface/surface-dock-firmware-update.md

@@ -38,7 +38,8 @@ If preferred, you can manually complete the update as follows:
 > [!NOTE]
 >
 > - Manually installing the MSI file may prompt you to restart Surface; however, restarting is optional and not required.
->- You will need to disconnect and reconnect the dock twice before the update fully completes.
+> - You will need to disconnect and reconnect the dock twice before the update fully completes.
+> - To create a log file, specify the path in the Msiexec command. For example, append /l*v %windir%\logs\ SurfaceDockFWI.log".
 
 ## Network deployment
 
@@ -48,6 +49,12 @@ You can use Windows Installer commands (Msiexec.exe) to deploy Surface Dock Firm
 
 For more information, refer to [Command line options](https://docs.microsoft.com/windows/win32/msi/command-line-options) documentation.
 
+## Intune deployment
+You can use Intune to distribute Surface Dock Firmware Update to your devices. First you will need to convert the MSI file to the .intunewin format, as described in the following documentation: [Intune Standalone - Win32 app management](https://docs.microsoft.com/intune/apps/apps-win32-app-management).
+
+Use the following command:
+  - **msiexec /i <name of msi> /quiet /q**
+
 ## How to verify completion of firmware update
 
 Surface dock firmware consists of two components:
@@ -77,7 +84,7 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
 
 | Log                              | Location                               | Notes                                                                                                                                                                                                         |
 | -------------------------------- | -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Surface Dock Firmware Update log | /l*v %windir%\logs\ SurfaceDockFWI.log | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.                                                                                                  |
+| Surface Dock Firmware Update log | /l*v %windir%\logs\Applications\SurfaceDockFWI.log | Earlier versions of this tool wrote events to Applications and Services Logs\Microsoft Surface Dock Updater.                                                                                                  |
 | Windows Device Install log       | %windir%\inf\ setupapi.dev.log         | For more information about using Device Install Log, refer [to SetupAPI Logging](https://docs.microsoft.com/windows-hardware/drivers/install/setupapi-logging--windows-vista-and-later-) documentation. |
 
  
@@ -101,7 +108,7 @@ Successful completion of Surface Dock Firmware Update results in new registry ke
 
 ## Changes and updates
 
-Microsoft periodically releases new versions of Surface Dock Firmware Update. To update a Surface Dock to the latest firmware, you must use the latest version of Surface Dock Firmware Update.
+Microsoft periodically releases new versions of Surface Dock Firmware Update.Note that the MSI file is not self-updating. If you have deployed the MSI to Surface devices and a new version of the firmware is released, you will need to deploy the new version of the MSI.
 
 ## Versions reference
 ### Version 1.42.139 
@@ -113,6 +120,8 @@ This version, contained in Surface_Dock_FwUpdate_1.42.139_Win10_17134_19.084.316
 - Component10CurrentFwVersion updated to **4ac3970**.
 - Component20CurrentFwVersion updated to **4a1d570**.
 
+It adds support for Surface Pro 7 and Surface Laptop 3.
+
 ## Legacy versions
 
 ### Version 2.23.139.0

devices/surface/surface-enterprise-management-mode.md

@@ -226,6 +226,10 @@ create a reset package using PowerShell to reset SEMM.
 
 ## Version History
 
+### Version 2.59.139
+* Support to Surface Pro 7 and Surface Laptop 3
+- Support to Wake on Power feature
+
 ### Version 2.54.139.0
 * Support to Surface Hub 2S
 * Bug fixes

devices/surface/surface-manage-dfci-guide.md

@@ -0,0 +1,172 @@
+---
+title: Intune management of Surface UEFI settings
+description: This article explains how to configure a DFCI environment in Microsoft Intune and manage firmware settings for targeted Surface devices.
+ms.localizationpriority: medium
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: dansimp
+ms.author: dansimp
+ms.topic: article
+ms.date: 10/20/2019
+ms.reviewer: jesko
+manager: dansimp
+ms.audience: itpro
+---
+# Intune management of Surface UEFI settings
+
+## Introduction
+
+The ability to manage devices from the cloud has dramatically simplified IT deployment and provisioning across the lifecycle. With Device Firmware Configuration Interface (DFCI) profiles built into Microsoft Intune (now available in public preview), Surface UEFI management extends the modern management stack down to the UEFI hardware level. DFCI supports zero-touch provisioning, eliminates BIOS passwords, provides control of security settings including boot options and built-in peripherals, and lays the groundwork for advanced security scenarios in the future.
+
+### Background
+
+Like any computer running Windows 10, Surface devices rely on code stored in the SoC that enables the CPU to interface with hard drives, display devices, USB ports, and other devices. The programs stored in this read-only memory (ROM) are known as firmware (while programs stored in dynamic media are known as software).
+
+In contrast to other Windows 10 devices available in the market today, Surface provides IT admins with the ability to configure and manage firmware through a rich set of UEFI configuration settings. This provides a layer of hardware control on top of software-based policy management as implemented via mobile device management (MDM) policies, Configuration Manager or Group Policy. For example, organizations deploying devices in highly secure areas with sensitive information can prevent camera use by removing functionality at the hardware level. From a device standpoint, turning the camera off via a firmware setting is equivalent to physically removing the camera. Compare the added security of managing at the firmware level to relying only on operating system software settings. For example, if you disable the Windows audio service via a policy setting in a domain environment, a local admin could still re-enable the service.
+
+### DFCI versus SEMM
+
+Until now, managing firmware required enrolling devices into Surface Enterprise Management Mode (SEMM) with the overhead of ongoing manual IT-intensive tasks. As an example, SEMM requires IT staff to physically access each PC to enter a two-digit pin as part of the certificate management process. Although SEMM remains a good solution for organizations in a strictly on-premises environment, its complexity and IT-intensive requirements make it costly to use.
+
+Now with newly integrated UEFI firmware management capabilities in Microsoft Intune, the ability to lock down hardware is simplified and easier to use with new features for provisioning, security, and streamlined updating all in a single console.
+
+DFCI leverages the device profiles capability in Intune and is deployed using Windows Autopilot, eliminating the need for manual interaction by IT admins or end users. A device profile allows you to add and configure settings which can then be deployed to devices enrolled in management within your organization. Once the device receives the device profile, the features and settings are applied automatically. Examples of common device profiles include Email, Device restrictions, VPN, Wi-Fi, and Administrative templates. DFCI is simply an additional device profile that enables you to manage UEFI configuration settings from the cloud without having to maintain a costly on-premises infrastructure.  
+
+## Supported devices
+
+At this time, DFCI is supported in the following devices:
+
+- Surface Pro 7
+- Surface Pro X
+- Surface Laptop 3
+
+## Prerequisites
+
+- Devices must be registered with Windows Autopilot by a [Microsoft Cloud Solution Provider (CSP) partner](https://partner.microsoft.com/membership/cloud-solution-provider) or OEM distributor.
+
+- Before configuring DFCI for Surface, you should be familiar with Autopilot configuration requirements in  [Microsoft Intune](https://docs.microsoft.com/intune/) and [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/) (Azure AD).
+
+## Before you begin
+
+Add your target Surface devices to an Azure AD security group. For more information about creating and managing security groups, refer to [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows#create-your-azure-ad-security-groups).
+
+## Configure DFCI management for Surface devices
+
+A DFCI environment requires setting up a DFCI profile that contains  the settings and an Autopilot profile to apply the settings to registered devices. An enrollment status profile is also recommended to ensure settings are pushed down during OOBE setup when users first start the device. This guide explains how to configure the DFCI environment and manage UEFI configuration settings for targeted Surface devices.
+
+## Create DFCI profile
+
+Before configuring DFCI policy settings, first create a DFCI profile and assign it to the Azure AD security group that contains your target devices.
+
+1. Open Intune select **Device configuration > Profiles > Create profile** and enter a name; for example **My DFCI profile.**
+2. Select Windows 10 and later for platform type.
+3. In the Profile type drop down list, select **Device Firmware Configuration Interface** to open the DFCI blade containing all available policy settings. For information on DFCI settings, refer to Table 2 on this page below or the [Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows). You can configure DFCI settings during the initial setup process or later by editing the DFCI profile.
+
+> ![Create DFCI profile](images/df1.png)
+
+4. Click **OK** and then select **Create**.
+5. Select **Assignments** and under **Select groups to include** select the Azure AD security group that contains your target devices, as shown in the following figure. Click **Save**.
+
+![Assign security group](images/df2a.png)
+
+## Create Autopilot profile
+
+1. Go to **Intune > Device enrollment > Windows enrollment** and scroll down to select **Deployment Profiles**.
+2. Select **Create profile**, enter a name; for example, My Autopilot profile, and select **Next**.
+3. Select the following settings:
+
+- Deployment mode: **User-Driven**.
+- Join type: Azure **AD joined**.
+
+4. Leave the remaining default settings unchanged and select **Next**
+5. On the Scope tags page, select **Next**.
+6. On the Assignments page, choose **Select groups to include** and click your Azure AD security group. Select **Next**.
+7. Accept the summary and then select **Create**. The Autopilot profile is now created and assigned to the group.
+
+## Configure Enrollment Status Page
+
+To ensure that devices apply the DFCI configuration during OOBE before users sign in, you need to configure enrollment status.
+
+For more information, refer to [Set up an enrollment status page](https://docs.microsoft.com/intune/enrollment/windows-enrollment-status).
+
+
+## Configure DFCI settings on Surface devices
+
+DFCI includes a streamlined set of UEFI configuration policies that provide an extra level of security by locking down devices at the hardware level. DFCI is designed to be used in conjunction with mobile device management settings at the software level. Note that DFCI settings only affect hardware components built into Surface devices and do not extend to attached peripherals such as USB webcams. (However, you can use Device restriction policies in Intune to turn off access to attached peripherals at the software level).
+
+You configure DFCI policy settings by editing the DFCI profile:
+
+- **Intune > Device configuration > Profiles > “DFCI profile name” > Properties > Settings**
+
+### Block user access to UEFI settings
+
+For many customers, the ability to block users from changing UEFI settings is critically important and a primary reason to use DFCI. As listed in the followng table, this is managed via the setting **Allow local user to change UEFI settings**. If you do not edit or configure this setting, local users will be able to change any UEFI setting not managed by Intune. Therefore, it’s highly recommended to disable **Allow local user to change UEFI settings.**
+The rest of the DFCI settings enable you to turn off functionality that would otherwise be available to users. For example, if you need to protect sensitive information in highly secure areas, you can disable the camera, and if you don’t want users booting from USB drives, you can disable that also.
+
+### Table 1. DFCI scenarios
+
+| Device management goal                        | Configuration steps                                                                           |
+| --------------------------------------------- | --------------------------------------------------------------------------------------------- |
+| Block local users from changing UEFI settings | Under **Security Features > Allow local user to change UEFI settings**, select **None**.              |
+| Disable cameras                               | Under **Built in Hardware > Cameras**, select **Disabled**.                                       |
+| Disable Microphones and speakers              | Under **Built in Hardware > Microphones and speakers**, select **Disabled**.                      |
+| Disable radios (Bluetooth, Wi-Fi)             | Under **Built in Hardware > Radios (Bluetooth, Wi-Fi, etc…)**, select **Disabled**.                   |
+| Disable Boot from external media (USB, SD)    | Under **Built in Hardware > Boot Options > Boot from external media (USB, SD)**, select **Disabled**. |
+
+ 
+> [!NOTE]
+>  DFCI in Intune includes two settings that do not currently apply to Surface devices:
+- CPU and IO virtualization
+- Disable Boot from network adapters
+ 
+Intune provides Scope tags to delegate administrative rights and Applicability Rules to manage device types. For more information about policy management support and full details on all DFCI settings, refer to [Microsoft Intune documentation](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows).
+
+## Register devices in Autopilot
+
+As stated above, DFCI can only be applied on devices registered in Windows Autopilot by your reseller or distributor and is only supported, at this time, on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For security reasons, it’s not possible to “self-provision” your devices into Autopilot.
+
+## Manually Sync Autopilot devices
+
+Although Intune policy settings typically get applied almost immediately, there may be a delay of 10 minutes before the settings take effect on targeted devices. In rare circumstances, delays of up to 8 hours are possible. To ensure settings apply as soon as possible, (such as in test scenarios), you can manually sync the target devices.
+
+- In Intune, go to **Device enrollment > Windows enrollment > Windows Autopilot Devices** and select **Sync**.
+
+ For more information, refer to [Sync your Windows device manually](https://docs.microsoft.com/intune-user-help/sync-your-device-manually-windows).
+
+> [!NOTE]
+> When adjusting settings directly in UEFI, you need to ensure the device fully restarts to the standard Windows login.
+
+## Verifying UEFI settings on DFCI-managed devices
+
+In a test environment, you can verify settings in the Surface UEFI interface.
+
+1. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time.
+2. Select **Devices**. The UEFI menu will reflect configured settings, as shown in the following figure.
+
+![Surface UEFI](images/df3.png)
+
+Note how:
+
+- The settings are greyed out because **Allow local user to change UEFI setting** is set to None.
+- Audio is set to off because **Microphones and speakers** are set to **Disabled**.
+
+## Removing DFCI policy settings
+
+When you create a DFCI profile, all configured settings will remain in effect across all devices within the profile’s scope of management. You can only remove DFCI policy settings by editing the DFCI profile directly.
+
+If the original DFCI profile has been deleted, you can remove policy settings by creating a new profile and then editing the settings, as appropriate.
+
+## Unregistering devices from DFCI to prepare for resale or recycle
+
+1. Contact your partner, OEM, or reseller to unregister the device from Autopilot.
+2. Remove the device from Intune.
+3. Connect a Surface-branded network adapter.
+4. Open Surface UEFI, which involves pressing the **Volume +** and **Power** buttons at the same time.
+5. Select **Management > Configure > Refresh from Network**.
+6. Validate DFCI is removed from the device in the UEFI.
+
+## Learn more
+- [Windows Autopilot](https://www.microsoft.com/microsoft-365/windows/windows-autopilot)
+- [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md) 
+- [Use DFCI profiles on Windows devices in Microsoft Intune](https://docs.microsoft.com/intune/configuration/device-firmware-configuration-interface-windows)

devices/surface/surface-pro-arm-app-management.md

@@ -28,6 +28,7 @@ Surface Pro X is designed almost exclusively for a modern, cloud-based environme
 For the best experience, deploy Surface Pro X using Windows Autopilot either with the assistance of a Microsoft Cloud Solution Provider or self-provisioned using Autopilot deployment profiles and related features. For more information, refer to:
 
 - [Windows Autopilot and Surface devices](windows-autopilot-and-surface-devices.md)
+- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot)
 
 Autopilot deployment has several advantages: It allows you to use the factory provisioned operating system, streamlined for zero-touch deployment, to include pre-installation of Office Pro Plus.
 
@@ -35,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti
 
 ## Image-based deployment considerations
 
-Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager (SCCM) operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
 
 ## Managing Surface Pro X devices
 
@@ -146,13 +147,12 @@ The following tables show the availability of selected key features on Surface P
 | Conditional Access                | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                      |
 | Secure Boot                       | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                      |
 | Windows Information Protection    | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                      |
-| Surface Data Eraser (SDE)         | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                      |
-
+| Surface Data Eraser (SDE)         | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                     
 ## FAQ
 
-### Will an OS image be available at launch?
+### Can I deploy Surface Pro X with MDT or SCCM?
 
-No. Surface Pro X will be released without a standard Windows .ISO deployment image, which means it’s not supported on the Microsoft Deployment Toolkit (MDT) or operating system deployment methods using System Center Configuration Manager (SCCM) aka ConfiMgr. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+The Microsoft Deployment Toolkit and System Center Configuration Manager operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
 
 ### How can I deploy Surface Pro X?
 

devices/surface/surface-pro-arm-app-performance.md

@@ -1,5 +1,5 @@
 ---
-title: Windows 10 ARM-based PC app compatibility
+title: Surface Pro X app compatibility
 description: This article provides introductory app compatibility information for Surface Pro X ARM-based PCs.
 ms.prod: w10
 ms.localizationpriority: medium
@@ -13,7 +13,7 @@ ms.reviewer: jessko
 manager: dansimp
 ms.audience: itpro
 ---
-# Windows 10 ARM-based PC app compatibility
+# Surface Pro X app compatibility
 
 Applications run differently on ARM-based Windows 10 PCs such as Surface Pro X. Limitations include the following:
 

devices/surface/update.md

@@ -1,27 +0,0 @@
----
-title: Surface firmware and driver updates (Surface)
-description: Find out how to download and manage the latest firmware and driver updates for your Surface device.
-ms.prod: w10
-ms.mktglfcycl: manage
-ms.pagetype: surface, devices
-ms.sitesec: library
-author: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.date: 11/13/2018
-ms.reviewer: 
-manager: dansimp
----
-
-# Surface firmware and driver updates
-
-Find out how to download and manage the latest firmware and driver updates for your Surface device.
-
-## In this section
-
-| Topic | Description |
-| --- | --- |
-| [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md)| Explore the available options to manage firmware and driver updates for Surface devices.|
-| [Deploy the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md)| Find links to manually deploy firmware and drivers, outside of Windows Update. | 
-| [Surface Dock Firmware Update](surface-dock-firmware-update.md)| See how you can update Surface Dock firmware automatically.|
-|[Wake On LAN for Surface devices](wake-on-lan-for-surface-devices.md) | See how you can use Wake On LAN to remotely wake up devices to perform management or maintenance tasks, or to enable management solutions automatically. |

devices/surface/upgrade-surface-devices-to-windows-10-with-mdt.md

@@ -9,7 +9,9 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -17,11 +19,24 @@ manager: dansimp
 # Upgrade Surface devices to Windows 10 with Microsoft Deployment Toolkit
 
 #### Applies to
-* Surface Pro 3
-* Surface 3
-* Surface Pro 2
-* Surface Pro
-* Windows 10
+- Surface Pro 6
+- Surface Laptop 2
+- Surface Go
+- Surface Go with LTE
+- Surface Book 2
+- Surface Pro with LTE Advanced (Model 1807)
+- Surface Pro (Model 1796)
+- Surface Laptop
+- Surface Studio
+- Surface Studio 2
+- Surface Book
+- Surface Pro 4
+- Surface 3 LTE
+- Surface 3
+- Surface Pro 3
+- Surface Pro 2
+- Surface Pro
+- Windows 10
 
 In addition to the traditional deployment method of reimaging devices, administrators that want to upgrade Surface devices that are running Windows 8.1 or Windows 10 have the option of deploying upgrades. By performing an upgrade deployment, Windows 10 can be applied to devices without removing users, apps, or configuration. The users of the deployed devices can simply continue using the devices with the same apps and settings that they used prior to the upgrade. The process described in this article shows how to perform a Windows 10 upgrade deployment to Surface devices.
 
@@ -37,6 +52,9 @@ For versions of Windows prior to Windows 10, if you wanted to install a new vers
 
 Introduced with Windows 10 and MDT 2013 Update 1, you can use the upgrade installation path directly with Microsoft deployment technologies such as the Microsoft Deployment Toolkit (MDT). With an upgrade deployment you can use the same deployment technologies and process, but you can preserve users settings, and applications of the existing environment on the device.
 
+> [!NOTE]
+> MDT is not supported on Surface Pro X. For more information, refer to [Deploying, managing, and servicing Surface Pro X](surface-pro-arm-app-management.md)
+
 ## Deployment tools and resources
 
 Performing an upgrade deployment of Windows 10 requires the same tools and resources that are required for a traditional reimaging deployment. You can read about the tools required, including detailed explanations and installation instructions, in [Deploy Windows 10 to Surface devices with MDT](deploy-windows-10-to-surface-devices-with-mdt.md). To proceed with the upgrade deployment described in this article, you will need the following tools installed and configured:

devices/surface/using-the-sda-deployment-share.md

@@ -9,7 +9,9 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/16/2017
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -20,6 +22,9 @@ With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily
 
 For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/itpro/surface/microsoft-surface-deployment-accelerator).
 
+> [!NOTE]
+> SDA is not supported on Surface Pro 7, Surface Pro X, and Surface Laptop 3. For more information refer to [Deploy Surface devices](deploy.md).
+
 Using SDA provides these primary benefits:
 
 * With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you.

devices/surface/wake-on-lan-for-surface-devices.md

@@ -43,7 +43,7 @@ The following devices are supported for WOL:
 * Surface Laptop 2
 * Surface Go
 * Surface Go with LTE Advanced
-* Surface Studio (see Surface Studio instructions below)
+* Surface Studio 2 (see Surface Studio 2 instructions below)
 
 ## WOL driver
 
@@ -60,9 +60,9 @@ To extract the contents of SurfaceWOL.msi, use the MSIExec administrative instal
 
    `msiexec /a surfacewol.msi targetdir=C:\WOL /qn`
 
-## Surface Studio instructions
+## Surface Studio 2 instructions
 
-To enable WOL on Surface Studio, you must use the following procedure
+To enable WOL on Surface Studio 2, you must use the following procedure
 
 1. Create the following registry keys:
 

devices/surface/windows-autopilot-and-surface-devices.md

@@ -1,5 +1,5 @@
 ---
-title: Windows Autopilot and Surface Devices (Surface)
+title: Windows Autopilot and Surface Devices
 ms.reviewer: 
 manager: dansimp
 description: Find out about Windows Autopilot deployment options for Surface devices.
@@ -11,18 +11,24 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
+ms.localizationpriority: medium
+ms.audience: itpro
+ms.date: 10/21/2019
 ---
 
 # Windows Autopilot and Surface devices
 
-Windows Autopilot is a cloud-based deployment technology available in Windows 10. Using Windows Autopilot, you can remotely deploy and configure devices in a truly zero-touch process right out of the box. Windows Autopilot registered devices are identified over the internet at first boot using a unique device signature, known as the hardware hash, and automatically enrolled and configured using modern management solutions such as Azure Active Directory (AAD) and Mobile Device Management (MDM). 
+Windows Autopilot is a cloud-based deployment technology available in Windows 10. Using Windows Autopilot, you can remotely deploy and configure devices in a zero-touch process right out of the box. Windows Autopilot registered devices are identified over the internet at first boot using a unique device signature, known as a hardware hash, and automatically enrolled and configured using modern management solutions such as Azure Active Directory (AAD) and Mobile Device Management (MDM). 
 
-With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process can eliminate need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution.
+With Surface devices, you can choose to register your devices at the time of purchase when purchasing from a Surface partner enabled for Windows Autopilot. New devices can be shipped directly to your end-users and will be automatically enrolled and configured when the units are unboxed and turned on for the first time. This process  eliminates need to reimage your devices as part of your deployment process, reducing the work required of your deployment staff and opening up new, agile methods for device management and distribution.
 
-In this article learn how to enroll your Surface devices in Windows Autopilot with a Surface partner and the options and considerations you will need to know along the way. This article focuses specifically on Surface devices, for more information about using Windows Autopilot with other devices, or to read more about Windows Autopilot and its capabilities, see [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot) in the Windows Docs Library.  For information about licensing and other prerequisites, see [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements).  
+## Modern management
+Autopilot is the recommended deployment option for Surface devices including Surface Pro 7, Surface Laptop 3, and Surface Pro X, which is specifically designed to be deployed with Autopilot.
 
-### Windows version considerations
-Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale.  All new Surface devices ship with Windows 10 Version 1709 or above.
+ For the best experience, enroll your Surface devices with the assistance of a Microsoft Cloud Solution Provider. Doing so enables you to manage UEFI firmware settings on Surface devices directly from Intune, eliminating the need to physically touch devices for certificate management. For more information, see [Intune management of Surface UEFI settings](surface-manage-dfci-guide.md).
+
+## Windows version considerations
+Support for broad deployments of Surface devices using Windows Autopilot, including enrollment performed by Surface partners at the time of purchase, requires devices manufactured with or otherwise installed with Windows 10 Version 1709 (Fall Creators Update) or later. These versions support a 4000-byte (4k) hash value to uniquely identify devices for Windows Autopilot that is necessary for deployments at scale.  All new Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 ship with Windows 10 Version 1903 or above.
 
 ## Surface partners enabled for Windows Autopilot
 Enrolling Surface devices in Windows Autopilot at the time of purchase is a capability provided by select Surface partners that are enabled with the capability to identify individual Surface devices during the purchase process and perform enrollment on an organization’s behalf. Devices enrolled by a Surface partner at time of purchase can be shipped directly to users and configured entirely through the zero-touch process of Windows Autopilot, Azure Active Directory, and Mobile Device Management.
@@ -34,3 +40,7 @@ When you purchase Surface devices from a Surface partner enabled for Windows Aut
 - [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)
 - [SHI](https://www.shi.com/Surface)
 
+## Learn more
+For more information about Windows Autopilot, refer to:
+- [Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-10-autopilot)
+- [Windows Autopilot requirements](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot-requirements)

mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md

@@ -224,7 +224,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
 
       ```xml
       <Configuration>
-         <Add SourcePath= ”\\Server\Office2016” OfficeClientEdition="32" >
+         <Add SourcePath= "\\Server\Office2016” OfficeClientEdition="32" >
           <Product ID="O365ProPlusRetail ">
             <Language ID="en-us" />
           </Product>

store-for-business/billing-understand-your-invoice-msfb.md

@@ -26,7 +26,6 @@ Invoices are your bill from Microsoft. A few things to note:
 - **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md)
 - **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace. 
 - **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill. 
-- **International customers** - Charges on invoices for international customers are converted to their local currencies. Exchange rate information is listed at the bottom of the invoice.
 
 ## Online invoice
 For Store for Business customers, invoices are also available online. A few things to note:
@@ -107,9 +106,6 @@ At the bottom of the invoice, there are instructions for paying your bill. You c
 ### Publisher information
 If you have third-party services in your bill, the name and address of each publisher is listed at the bottom of your invoice.
 
-### Exchange rate
-If prices were converted to your local currency, the exchange rates are listed in this section at the bottom of the invoice. All Azure charges are priced in USD and third-party services are priced in the seller's currency.
-
 ## Next steps
 If there are Azure charges on your invoice that you would like more details on, see [Understand the Azure charges on your Microsoft Customer Agreement invoice](https://docs.microsoft.com/azure/billing/billing-understand-your-invoice-mca).
 

windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md

@@ -145,6 +145,8 @@ App-V doesn't support Visual Studio 2012.
 
 **Workaround**: Use a newer version of Microsoft Visual Studio.
 
+Currently, Visual Studio 2012 doesn't support app virtualization, whether using Microsoft App-V or third party solutions such as VMWare ThinApp. While it is possible you might find that Visual Studio works well enough for your purposes when running within one of these environments, we are unable to address any bugs or issues found when running in a virtualized environment at this time.
+
 ## Application filename restrictions for App-V Sequencer
 The App-V Sequencer cannot sequence applications with filenames matching "CO_<x>" where x is any numeral. Error 0x8007139F will be generated.
 

windows/application-management/change-history-for-application-management.md

@@ -7,7 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: msfttracyp
+author: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.date: 10/24/2017

windows/application-management/enterprise-background-activity-controls.md

@@ -1,5 +1,5 @@
 ---
-author: msfttracyp
+author: dansimp
 title: Remove background task resource restrictions
 description: Allow enterprise background tasks unrestricted access to computer resources.
 ms.author: dansimp
@@ -8,7 +8,6 @@ ms.reviewer:
 manager: dansimp
 ms.topic: article
 ms.prod: w10
-ms.technology: uwp
 keywords: windows 10, uwp, enterprise, background task, resources
 ---
 

windows/application-management/manage-windows-mixed-reality.md

@@ -8,7 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.localizationpriority: medium
-author: msfttracyp
+author: dansimp
 ms.author: dansimp
 ms.topic: article
 ---
@@ -33,7 +33,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
 
 2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
 
-   a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](http://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
+   a. Download the FOD .cab file for [Windows 10, version 1903](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab), [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab), [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab), or [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab).
 
    >[!NOTE]
    >You must download the FOD .cab file that matches your operating system version.

windows/client-management/administrative-tools-in-windows-10.md

@@ -4,11 +4,11 @@ description: Administrative Tools is a folder in Control Panel that contains too
 ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8
 ms.reviewer: 
 manager: dansimp
-ms.author: tracyp
+ms.author: dansimp
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: msfttracyp
+author: dansimp
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.topic: article

windows/client-management/advanced-troubleshooting-802-authentication.md

@@ -7,7 +7,7 @@ keywords: advanced troubleshooting, 802.1X authentication, troubleshooting, auth
 ms.prod: w10
 ms.mktglfcycl: 
 ms.sitesec: library
-author: msfttracyp
+author: dansimp
 ms.localizationpriority: medium
 ms.author: tracyp
 ms.topic: troubleshooting

windows/client-management/advanced-troubleshooting-boot-problems.md

@@ -3,9 +3,9 @@ title: Advanced troubleshooting for Windows boot problems
 description: Learn how to troubleshoot when Windows is unable to boot
 ms.prod: w10
 ms.sitesec: library
-author: msfttracyp
+author: dansimp
 ms.localizationpriority: medium
-ms.author: tracyp
+ms.author: dansimp
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dansimp
@@ -229,7 +229,7 @@ If the system gets stuck during the kernel phase, you experience multiple sympto
 
 -   Specific error code is displayed.
     For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
-    (To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP    0x7B)](https://internal.support.services.microsoft.com/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
+    [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](https://docs.microsoft.com/windows/client-management/troubleshoot-inaccessible-boot-device)
 
 -   The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
 
@@ -307,9 +307,7 @@ To troubleshoot this Stop error, follow these steps to filter the drivers:
 
 For additional troubleshooting steps, see the following articles:
 
-- [Troubleshooting a Stop 0x7B in Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)  
-  
-- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP](https://internal.support.services.microsoft.com/help/324103).
+- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](https://docs.microsoft.com/windows/client-management/troubleshoot-inaccessible-boot-device)
 
 To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
 
@@ -358,17 +356,15 @@ If the computer does not start, follow these steps:
 
 12. Try to start the computer.
 
-If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following Knowledge Base article:
+If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following articles:
 
-- [969028](https://support.microsoft.com/help/969028) How to generate a kernel or a complete memory dump file in Windows Server 2008 and Windows Server 2008 R2
+- [Generate a kernel or complete crash dump](https://docs.microsoft.com/windows/client-management/generate-kernel-or-complete-crash-dump) 
 
-For more information about page file problems in Windows 10 or Windows Server 2016, see the following Knowledge Base article:
-
-- [4133658](https://support.microsoft.com/help/4133658) Introduction of page file in Long-Term Servicing Channel and Semi-Annual Channel of Windows
+For more information about page file problems in Windows 10 or Windows Server 2016, see the following:
+- [Introduction to page files](https://docs.microsoft.com/windows/client-management/introduction-page-file)
 
 For more information about Stop errors, see the following Knowledge Base article:
-
-- [3106831](https://support.microsoft.com/help/3106831) Troubleshooting Stop error problems for IT Pros
+- [Advanced troubleshooting for Stop error or blue screen error issue](https://docs.microsoft.com/windows/client-management/troubleshoot-stop-errors)
 
 
 If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:

windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md

@@ -7,9 +7,9 @@ keywords: troubleshooting, wireless network connectivity, wireless, Wi-Fi
 ms.prod: w10
 ms.mktglfcycl: 
 ms.sitesec: library
-author: msfttracyp
+author: dansimp
 ms.localizationpriority: medium
-ms.author: tracyp
+ms.author: dansimp
 ms.topic: troubleshooting
 ---
 
@@ -92,7 +92,7 @@ The following is a high-level view of the main wifi components in Windows.
 - Scanning for wireless networks in range
 - Managing connectivity of wireless networks</td></tr>
 <tr><td><img src="images/msm.png"></td><td>The <b>Media Specific Module</b> (MSM) handles security aspects of connection being established.</td></tr>
-<tr><td><img src="images/wifi-stack.png"></td><td>The <b>Native Wifi stack</b> consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.</td></tr>
+<tr><td><img src="images/wifi-stack.png"></td><td>The <b>Native WiFi stack</b> consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.</td></tr>
 <tr><td><img src="images/miniport.png"></td><td>Third-party <b>wireless miniport</b> drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.</td></tr>
 </table>
 

windows/client-management/change-history-for-client-management.md

@@ -7,8 +7,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: msfttracyp
-ms.author: tracyp
+author: dansimp
+ms.author: dansimp
 ms.date: 12/06/2018
 ms.reviewer: 
 manager: dansimp

windows/client-management/mdm/TOC.md

@@ -168,7 +168,6 @@
 #### [Policies supported by Windows 10 IoT Core](policies-supported-by-iot-core.md)
 #### [Policies supported by Microsoft Surface Hub](policies-supported-by-surface-hub.md)
 #### [Policies that can be set using Exchange Active Sync (EAS)](policies-that-can-be-set-using-eas.md)
-#### [ApplicationRestrictions XSD](applicationrestrictions-xsd.md)
 #### [AboveLock](policy-csp-abovelock.md)
 #### [Accounts](policy-csp-accounts.md)
 #### [ActiveXControls](policy-csp-activexcontrols.md)

windows/client-management/mdm/accountmanagement-csp.md

@@ -31,7 +31,7 @@ Root node for the AccountManagement configuration service provider.
 Interior node. 
 
 <a href="" id="accountmanagement-userprofilemanagement-deletionpolicy"></a>**UserProfileManagement/EnableProfileManager**  
-Enable profile lifetime mangement for shared or communal device scenarios. Default value is false.
+Enable profile lifetime management for shared or communal device scenarios. Default value is false.
 
 Supported operations are Add, Get,Replace, and Delete. Value type is bool.
 

windows/client-management/mdm/applicationcontrol-csp.md

@@ -117,16 +117,7 @@ Value type is char.
 To use ApplicationControl CSP, you must:
 - Know a generated policy’s GUID, which can be found in the policy xml as `<PolicyTypeID>`.
 - Convert the policies to binary format using the ConvertFrom-CIPolicy cmdlet in order to be deployed. The binary policy may be signed or unsigned.
-- Create a policy node (a Base64-encoded blob of the binary policy representation) using the [certutil -encode](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_encode) command line tool.
 
-Here is a sample certutil invocation:
-```
-certutil -encode WinSiPolicy.p7b WinSiPolicy.cer 
-```
-An alternative to using certutil would be to use the following PowerShell invocation:
-```
-[Convert]::ToBase64String($(Get-Content -Encoding Byte -ReadCount 0 -Path <bin file>))
-```
 If you are using hybrid MDM management with System Center Configuration Manager or using Intune, ensure that you are using Base64 as the Data type when using Custom OMA-URI
 functionality to apply the Code Integrity policy.
 

windows/client-management/mdm/applicationrestrictions-xsd.md

@@ -1,129 +0,0 @@
----
-title: ApplicationRestrictions XSD
-description: Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy.
-ms.assetid: A5AA2B59-3736-473E-8F70-A90FD61EE426
-ms.reviewer: 
-manager: dansimp
-ms.author: dansimp
-ms.topic: article
-ms.prod: w10
-ms.technology: windows
-author: lomayor
-ms.date: 06/26/2017
----
-
-# ApplicationRestrictions XSD
-
-
-Here's the XSD for the ApplicationManagement/ApplicationRestrictions policy.
-
-```xml
-<?xml version="1.0" encoding="utf-8"?>
-<xs:schema id="AppPolicy_xsd"
-           attributeFormDefault="unqualified"
-           elementFormDefault="qualified"
-           xmlns:xs="http://www.w3.org/2001/XMLSchema"
-           targetNamespace="http://schemas.microsoft.com/phone/2013/policy"
-           xmlns="http://schemas.microsoft.com/phone/2013/policy"
-           xmlns:m="http://schemas.microsoft.com/phone/2013/policy"
-           >
-
-  <!-- Non-empty string must have a non-whitespace character at the beginning and end -->
-  <xs:simpleType name="ST_NonEmptyString">
-    <xs:restriction base="xs:string">
-      <xs:minLength value="1"/>
-      <xs:maxLength value="32767"/>
-      <xs:pattern value="[^\s]|([^\s].*[^\s])"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="ST_Publisher">
-    <xs:restriction base="xs:string">
-      <xs:maxLength value="256"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:simpleType name="CT_LowerCaseGuid">
-    <xs:annotation>
-      <xs:documentation>GUID must use lowercase letters</xs:documentation>
-    </xs:annotation>
-    <xs:restriction base="ST_NonEmptyString">
-      <xs:pattern value="\{[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\}"/>
-    </xs:restriction>
-  </xs:simpleType>
-
-  <xs:complexType name="CT_Application">
-    <xs:attribute name="ProductId" type="CT_LowerCaseGuid" />
-  </xs:complexType>
-
-  <xs:complexType name="CT_ApplicationWithPublisher">
-    <xs:attribute name="ProductId" type="CT_LowerCaseGuid" />
-    <xs:attribute name="PublisherName" type="ST_Publisher" use="optional" />
-  </xs:complexType>
-
-  <xs:complexType name="CT_AllowedPublisher">
-    <xs:sequence>
-      <xs:element name="DenyApp" type="CT_Application" minOccurs="0" maxOccurs="unbounded" />
-    </xs:sequence>
-    <xs:attribute name="PublisherName" type="ST_Publisher" use="required" />
-  </xs:complexType>
-
-  <xs:complexType name="CT_DeniedPublisher">
-    <xs:sequence>
-      <xs:element name="AllowApp" type="CT_Application" minOccurs="0" maxOccurs="unbounded" />
-    </xs:sequence>
-    <xs:attribute name="PublisherName" type="ST_Publisher" use="required" />
-  </xs:complexType>
-
-  <xs:element name="Deny">
-    <xs:complexType>
-      <xs:sequence>
-        <xs:element name="App" type="CT_Application" minOccurs="0" maxOccurs="unbounded" />
-        <xs:element name="Publisher" type="CT_DeniedPublisher" minOccurs="0" maxOccurs="unbounded" />
-      </xs:sequence>
-    </xs:complexType>
-  </xs:element>
-
-  <xs:element name="Allow">
-    <xs:complexType>
-      <xs:sequence>
-        <xs:element name="App" type="CT_ApplicationWithPublisher" minOccurs="0" maxOccurs="unbounded" />
-        <xs:element name="Publisher" type="CT_AllowedPublisher" minOccurs="0" maxOccurs="unbounded" />
-      </xs:sequence>
-    </xs:complexType>
-  </xs:element>
-
-  <xs:element name="AppPolicy">
-    <xs:complexType>
-      <xs:choice minOccurs="0" maxOccurs="1">
-        <xs:element ref="Deny" />
-        <xs:element ref="Allow" />
-      </xs:choice>
-      <xs:attribute name="Version" use="required" type="xs:unsignedLong" />
-    </xs:complexType>
-
-    <!-- Uniqueness Checks -->
-    <xs:unique name="NoDuplicateProductIDs">
-      <xs:selector xpath=".//*"/>
-      <xs:field xpath="@ProductId"/>
-    </xs:unique>
-
-    <!-- Uniqueness Checks -->
-    <xs:unique name="NoDuplicatePublisherNames">
-      <xs:selector xpath=".//*"/>
-      <xs:field xpath="@PublisherName"/>
-    </xs:unique>
-  </xs:element>
-
-</xs:schema>
-```
-
- 
-
- 
-
-
-
-
-
-

windows/client-management/mdm/bitlocker-csp.md

@@ -6,12 +6,16 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: lomayor
-ms.date: 08/05/2019
+ms.localizationpriority: medium
+ms.date: 09/27/2019
 ms.reviewer: 
 manager: dansimp
 ---
 # BitLocker CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices. This CSP was added in Windows 10, version 1703. Starting in Windows 10, version 1809, it is also supported in Windows 10 Pro.
 
 > [!NOTE]
@@ -25,7 +29,7 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation
 
 The following diagram shows the BitLocker configuration service provider in tree format.
 
-![bitlocker csp](images/provisioning-csp-bitlocker.png)
+![BitLocker csp](images/provisioning-csp-bitlocker.png)
 
 <a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**  
 Defines the root node for the BitLocker configuration service provider.
@@ -57,7 +61,7 @@ Allows the administrator to require storage card encryption on the device. This
 Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
 
 - 0 (default) – Storage cards do not need to be encrypted.
-- 1 – Require Storage cards to be encrypted.  
+- 1 – Require storage cards to be encrypted.  
 
 Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
 
@@ -125,10 +129,10 @@ Encryptable fixed data volumes are treated similarly to OS volumes. However, fix
 
 The following list shows the supported values:
 
--   0 (default) – Disable. If the policy setting is not set or is set to 0, the device's enforcement status will not be checked. The policy will not enforce encryption and it will not decrypt encrypted volumes.
--   1 – Enable. The device's enforcement status will be checked. Setting this policy to 1 will trigger encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).  
+-   0 (default) — Disable. If the policy setting is not set or is set to 0, the device's enforcement status is not checked. The policy does not enforce encryption and it does not decrypt encrypted volumes.
+-   1 – Enable. The device's enforcement status is checked. Setting this policy to 1 triggers encryption of all drives (silently or non-silently based on [AllowWarningForOtherDiskEncryption](#allowwarningforotherdiskencryption) policy).  
 
-If you want to disable this policy use the following SyncML:
+If you want to disable this policy, use the following SyncML:
 
 ```xml
 <SyncML>
@@ -151,7 +155,7 @@ If you want to disable this policy use the following SyncML:
 
 <a href="" id="encryptionmethodbydrivetype"></a>**EncryptionMethodByDriveType**
 
-Allows you to set the default encrytion method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)&quot;. 
+Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the Bitlocker Group Policy &quot;Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)&quot;. 
 <table>
 <tr>
     <th>Home</th>
@@ -520,7 +524,8 @@ Set &quot;OSActiveDirectoryBackup_Name&quot; (Save BitLocker recovery informatio
 
 Set the &quot;OSRequireActiveDirectoryBackup_Name&quot; (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds.
 
-&gt; [!Note]<br/>&gt; If the &quot;OSRequireActiveDirectoryBackup_Name&quot; (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
+> [!Note]
+> If the &quot;OSRequireActiveDirectoryBackup_Name&quot; (Do not enable BitLocker until recovery information is stored in AD DS for operating system drives) data field is set, a recovery password is automatically generated.
 
 If you enable this setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives.
 
@@ -533,25 +538,17 @@ Sample value for this node to enable this policy is:
 ```
 
 The possible values for &#39;xx&#39; are:  
-<ul>
-<li>true = Explicitly allow</li>
-<li>false = Policy not set</li>
-<li></li>
-</ul>
+- true = Explicitly allow
+- false = Policy not set
 
 The possible values for &#39;yy&#39; are:  
-<ul>
-<li>2 = Allowed</li>
-<li>1 = Required</li>
-<li>0 = Disallowed</li>
-</ul>
+- 2 = Allowed
+- 1 = Required
+- 0 = Disallowed
 
 The possible values for &#39;zz&#39; are:  
-<ul>
-<li>2 = Store recovery passwords only</li>
-<li>1 = Store recovery passwords and key packages</li>
-<li></li>
-</ul>
+- 2 = Store recovery passwords only
+- 1 = Store recovery passwords and key packages
 
 Disabling the policy will let the system choose the default behaviors. If you want to disable this policy use the following SyncML:
 
@@ -896,6 +893,161 @@ If you want to disable this policy use the following SyncML:
    </Item>
  </Replace>
 ```
+
+<a href="" id="configurerecoverypasswordrotation"></a>**ConfigureRecoveryPasswordRotation**  
+This setting initiates a client-driven recovery password refresh after an OS drive recovery (either by using bootmgr or WinRE) and recovery password unlock on a Fixed data drive. This setting will refresh the specific recovery password that was used, and other unused passwords on the volume will remain unchanged. If the initialization of the refresh fails, the device will retry the refresh during the next reboot. When password refresh is initiated, the client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure. After the recovery password has been successfully backed up to Azure AD, the recovery key that was used locally will be removed. This setting refreshes only the used key and retains other unused keys. 
+<table>
+<tr>
+    <th>Home</th>
+    <th>Pro</th>
+    <th>Business</th>
+    <th>Enterprise</th>
+    <th>Education</th>
+    <th>Mobile</th>
+    <th>Mobile Enterprise</th>
+</tr>
+<tr>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table> 
+Value type is int. Supported operations are Add, Delete, Get, and Replace.
+
+Supported values are:
+- 0 – Refresh off (default)
+- 1 – Refresh on for Azure AD-joined devices 
+- 2 – Refresh on for both Azure AD-joined and hybrid-joined devices 
+
+<a href="" id="rotaterecoverypasswords"></a>**RotateRecoveryPasswords**  
+This setting refreshes all recovery passwords for OS and fixed drives (removable drives are not included so they can be shared between users). All recovery passwords for all drives will be refreshed and only one password per volume is retained. In case of errors, an error code will be returned so that server can take appropriate action to remediate.
+
+The client will generate a new recovery password. The client will use the existing API in Azure AD to upload the new recovery key and retry on failure.  
+
+Policy type is Execute. When “Execute Policy” is pushed, the client sets the status as Pending and initiates an asynchronous rotation operation. After refresh is complete, pass or fail status is updated. The client will not retry, but if needed, the server can re-issue the execute request. 
+
+Server can call Get on the RotateRecoveryPasswordsRotationStatus node to query the status of the refresh. 
+
+Recovery password refresh will only occur for devices that are joined to Azure AD or joined to both Azure AD and on-premises (hybrid Azure AD-joined) that run a Windows 10 edition with the BitLocker CSP (Pro/Enterprise). Devices cannot refresh recovery passwords if they are only registered in Azure AD (also known as workplace-joined) or signed in with a Microsoft account. 
+
+Each server-side recovery key rotation is represented by a request ID. The server can query the following nodes to make sure it reads status/result for same rotation request.
+- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
+- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
+<table>
+<tr>
+    <th>Home</th>
+    <th>Pro</th>
+    <th>Business</th>
+    <th>Enterprise</th>
+    <th>Education</th>
+    <th>Mobile</th>
+    <th>Mobile Enterprise</th>
+</tr>
+<tr>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table> 
+Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
+
+<a href="" id="status"></a>**Status**  
+Interior node. Supported operation is Get.
+
+<a href="" id="status-deviceencryptionstatus"></a>**Status/DeviceEncryptionStatus**  
+This node reports compliance state of device encryption on the system.
+
+<table>
+<tr>
+    <th>Home</th>
+    <th>Pro</th>
+    <th>Business</th>
+    <th>Enterprise</th>
+    <th>Education</th>
+    <th>Mobile</th>
+    <th>Mobile Enterprise</th>
+</tr>
+<tr>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table> 
+
+Supported values:  
+- 0 - Indicates that the device is compliant.
+- Any other value represents a non-compliant device.
+
+Value type is int. Supported operation is Get.
+
+<a href="" id="status-rotaterecoverypasswordsstatus"></a>**Status/RotateRecoveryPasswordsStatus**  
+This node reports the status of RotateRecoveryPasswords request. 
+
+Status code can be one of the following:  
+
+- 2 – Not started
+- 1 - Pending
+- 0 - Pass
+- Any other code - Failure HRESULT
+<table>
+<tr>
+    <th>Home</th>
+    <th>Pro</th>
+    <th>Business</th>
+    <th>Enterprise</th>
+    <th>Education</th>
+    <th>Mobile</th>
+    <th>Mobile Enterprise</th>
+</tr>
+<tr>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table> 
+Value type is int. Supported operation is Get.
+
+<a href="" id="status-rotaterecoverypasswordsrequestid"></a>**Status/RotateRecoveryPasswordsRequestID**  
+This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. 
+This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
+<table>
+<tr>
+    <th>Home</th>
+    <th>Pro</th>
+    <th>Business</th>
+    <th>Enterprise</th>
+    <th>Education</th>
+    <th>Mobile</th>
+    <th>Mobile Enterprise</th>
+</tr>
+<tr>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table> 
+Value type is string. Supported operation is Get.
+
 ### SyncML example
 
 The following example is provided to show proper format and should not be taken as a recommendation.

windows/client-management/mdm/bitlocker-ddf-file.md

@@ -6,7 +6,8 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: lomayor
-ms.date: 06/29/2018
+ms.localizationpriority: medium
+ms.date: 09/30/2019
 ms.reviewer: 
 manager: dansimp
 ---
@@ -20,7 +21,7 @@ This topic shows the OMA DM device description framework (DDF) for the **BitLock
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the current version Windows 10, version 1809. 
+The XML below is the current version for this CSP. 
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -46,7 +47,7 @@ The XML below is the current version Windows 10, version 1809.
             <Permanent />
           </Scope>
           <DFType>
-            <MIME>com.microsoft/3.0/MDM/BitLocker</MIME>
+            <MIME>com.microsoft/5.0/MDM/BitLocker</MIME>
             <DDFName></DDFName>
           </DFType>
         </DFProperties>
@@ -736,6 +737,206 @@ The XML below is the current version Windows 10, version 1809.
             </MSFT:SupportedValues>
           </DFProperties>
         </Node>
+
+        <Node>
+          <NodeName>ConfigureRecoveryPasswordRotation</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description> Allows Admin to configure Numeric Recovery Password Rotation upon use for OS and fixed drives on AAD and Hybrid domain joined devices.
+                          When not configured, Rotation is turned on by default for AAD only and off on Hybrid. The Policy will be effective only when 
+                          Active Directory back up for recovery password is configured to required.
+                          For OS drive: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for operating system drives"
+                          For Fixed drives: Turn on "Do not enable Bitlocker until recovery information is stored to AD DS for fixed data drives"
+                       
+                          Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
+                                            1 - Numeric Recovery Passwords Rotation upon use ON for AAD joined devices. Default value
+                                            2 - Numeric Recovery Passwords Rotation upon use ON for both AAD and Hybrid devices
+                         
+                         If you want to disable this policy use the following SyncML:
+ 
+                         <Replace>
+                         <CmdID>112</CmdID>
+                           <Item>
+                             <Target>
+                                 <LocURI>./Device/Vendor/MSFT/BitLocker/ConfigureRecoveryPasswordRotation</LocURI>
+                             </Target>
+                             <Meta>
+                                 <Format xmlns="syncml:metinf">int</Format>
+                             </Meta>
+                             <Data>0</Data>
+                           </Item>
+                         </Replace>
+            </Description>
+            <DFFormat>
+              <int />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+            <MSFT:SupportedValues low="0" high="2">
+              <MSFT:SupportedValue value="0" description="Numeric Recovery Passwords Key rotation OFF"/>
+              <MSFT:SupportedValue value="1" description="Default Value. Numeric Recovery Passwords Key Rotation ON for AAD joined devices."/>
+              <MSFT:SupportedValue value="2" description="Numeric Recovery Passwords Key Rotation ON for both AAD and Hybrid devices"/>
+            </MSFT:SupportedValues>
+          </DFProperties>
+        </Node>
+
+        <Node>
+          <NodeName>RotateRecoveryPasswords</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Exec />
+            </AccessType>
+            <Description> Allows admin to push one-time rotation of all numeric recovery passwords for OS and Fixed Data drives on an Azure Active Directory or hybrid-joined device.
+                          This policy is Execute type and rotates all numeric passwords when issued from MDM tools.
+                          
+The policy only comes into effect when Active Directory backup for a recovery password is configured to "required."
+                              * For OS drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for operating system drives."
+                              *For fixed drives, enable "Do not enable BitLocker until recovery information is stored to Active Directory Domain Services for fixed data drives."
+                       
+                          Client returns status DM_S_ACCEPTED_FOR_PROCESSING to indicate the rotation has started. Server can query status with the following status nodes: 
+                              
+* status\RotateRecoveryPasswordsStatus 
+                              * status\RotateRecoveryPasswordsRequestID
+                          
+
+                          
+Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
+                         
+                         <Exec>
+                         <CmdID>113</CmdID>
+                           <Item>
+                             <Target>
+                                 <LocURI>./Device/Vendor/MSFT/BitLocker/RotateRecoveryPasswords</LocURI>
+                             </Target>
+                             <Meta>
+                                 <Format xmlns="syncml:metinf">chr</Format>
+                             </Meta>
+                             <Data>&lt;RequestID/&gt;</Data>
+                           </Item>
+                         </Exec>
+            </Description>
+            <DFFormat>
+              <chr />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <MIME>text/plain</MIME>
+            </DFType>
+        </DFProperties>
+        </Node>
+
+        <Node>
+          <NodeName>Status</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>DeviceEncryptionStatus</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <Description>This node reports compliance state of device encryption on the system.
+                           Value '0' means the device is compliant. Any other value represents a non-compliant device.
+              </Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+
+          <Node>
+            <NodeName>RotateRecoveryPasswordsStatus</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description> This Node reports the status of RotateRecoveryPasswords request. 
+                              Status code can be one of the following:
+                              NotStarted(2), Pending (1), Pass (0), Other error codes in case of failure 
+ 
+                </Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Permanent />
+                </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+              </DFProperties>
+            </Node>
+
+          <Node>
+            <NodeName>RotateRecoveryPasswordsRequestID</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                </AccessType>
+                <Description> This Node reports the RequestID corresponding to RotateRecoveryPasswordsStatus. 
+                              This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus
+                              To ensure the status is correctly matched to the request ID.                        
+                  
+                </Description>
+                <DFFormat>
+                  <chr />
+                </DFFormat>
+                  <Occurrence>
+                    <One />
+                  </Occurrence>
+                  <Scope>
+                    <Permanent />
+                  </Scope>
+                <DFType>
+                  <MIME>text/plain</MIME>
+                </DFType>
+             </DFProperties>
+          </Node>
+        </Node>
       </Node>
 </MgmtTree>
 ```

windows/client-management/mdm/defender-csp.md

@@ -9,7 +9,8 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 07/19/2018
+ms.localizationpriority: medium
+ms.date: 10/21/2019
 ---
 
 # Defender CSP
@@ -138,7 +139,7 @@ The following list shows the supported values:
 -   2 = Manual steps required
 -   3 = Full scan required
 -   4 = Reboot required
--   5 = Remediated with non critical failures
+-   5 = Remediated with noncritical failures
 -   6 = Quarantined
 -   7 = Removed
 -   8 = Cleaned
@@ -243,7 +244,7 @@ The following list shows the supported values:
 -   2 = Pending reboot
 -   4 = Pending manual steps (Windows Defender is waiting for the user to take some action, such as restarting the computer or running a full scan)
 -   8 = Pending offline scan
--   16 = Pending critical failure (Windows Defender has failed critically and an Adminsitrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
+-   16 = Pending critical failure (Windows Defender has failed critically and an Administrator needs to investigate and take some action, such as restarting the computer or reinstalling Windows Defender)
 
 Supported operation is Get.
 
@@ -352,6 +353,53 @@ The data type is a string.
 
 Supported operation is Get.
 
+<a href="" id="health-tamperprotectionenabled"></a>**Health/TamperProtectionEnabled**  
+Indicates whether the Windows Defender tamper protection feature is enabled.​
+
+The data type is a boolean.
+
+Supported operation is Get.
+
+<a href="" id="health-isvirtualmachine"></a>**Health/IsVirtualMachine**  
+Indicates whether the device is a virtual machine.
+
+The data type is a string.
+
+Supported operation is Get.
+
+<a href="" id="configuration"></a>**Configuration**  
+An interior node to group Windows Defender configuration information.
+
+Supported operation is Get.
+
+<a href="" id="configuration-tamperprotection"></a>**Configuration/TamperProtection**  
+Tamper protection helps protect important security features from unwanted changes and interference.  This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
+
+Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
+
+The data type is a Signed blob.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Intune tamper protection setting UX supports three states:  
+- Not configured (default): Does not have any impact on the default state of the device.
+- Enabled: Enables the tamper protection feature.
+- Disabled: Turns off the tamper protection feature.
+
+When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
+
+<a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**  
+Enables or disables file hash computation feature.
+When this feature is enabled Windows defender will compute hashes for files it scans.
+
+The data type is a integer.
+
+Supported operations are Add, Delete, Get, Replace.
+
+Valid values are:  
+- 1 – Enable.
+- 0 (default) – Disable.
+
 <a href="" id="scan"></a>**Scan**  
 Node that can be used to start a Windows Defender scan on a device.
 
@@ -375,4 +423,3 @@ Supported operations are Get and Execute.
 
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
-

windows/client-management/mdm/defender-ddf.md

@@ -9,7 +9,8 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 07/12/2018
+ms.localizationpriority: medium
+ms.date: 10/21/2019
 ---
 
 # Defender DDF file
@@ -19,7 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Defende
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1809.
+The XML below is the current version for this CSP.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -628,6 +629,112 @@ The XML below is for Windows 10, version 1809.
               </DFType>
             </DFProperties>
           </Node>
+          <Node>
+            <NodeName>TamperProtectionEnabled</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>IsVirtualMachine</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+        </Node>
+        <Node>
+          <NodeName>Configuration</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Get />
+            </AccessType>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <One />
+            </Occurrence>
+            <Scope>
+              <Permanent />
+            </Scope>
+            <DFType>
+              <DDFName></DDFName>
+            </DFType>
+          </DFProperties>
+          <Node>
+            <NodeName>TamperProtection</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+                <Add />
+                <Delete />
+              </AccessType>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>EnableFileHashComputation</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+                <Add />
+                <Delete />
+              </AccessType>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME>text/plain</MIME>
+              </DFType>
+            </DFProperties>
+          </Node>
         </Node>
         <Node>
           <NodeName>Scan</NodeName>

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -116,6 +116,9 @@ Requirements:
 > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have the Windows 10, version 1903 feature update installed. 
 The default behavior for older releases is to revert to **User Credential**.
 
+> [!NOTE]
+> Device credential group policy setting is not supported for enrolling into Microsoft Intune. 
+
 When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
 
 To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).

windows/client-management/mdm/get-product-details.md

@@ -1,6 +1,6 @@
 ---
 title: Get product details
-description: The Get product details operation retrieves the product information from the Micosoft Store for Business for a specific application.
+description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
 ms.assetid: BC432EBA-CE5E-43BD-BD54-942774767286
 ms.reviewer: 
 manager: dansimp
@@ -14,7 +14,7 @@ ms.date: 09/18/2017
 
 # Get product details
 
-The **Get product details** operation retrieves the product information from the Micosoft Store for Business for a specific application.
+The **Get product details** operation retrieves the product information from the Microsoft Store for Business for a specific application.
 
 ## Request
 

windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md

@@ -24,6 +24,7 @@ This topic provides information about what's new and breaking changes in Windows
 For details about Microsoft mobile device management protocols for Windows 10 see [\[MS-MDM\]: Mobile Device Management Protocol](https://go.microsoft.com/fwlink/p/?LinkId=619346) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( http://go.microsoft.com/fwlink/p/?LinkId=619347). 
 
 - **What’s new in MDM for Windows 10 versions**
+  - [What’s new in MDM for Windows 10, version 1909](#whats-new-in-mdm-for-windows-10-version-1909)
   - [What’s new in MDM for Windows 10, version 1903](#whats-new-in-mdm-for-windows-10-version-1903)
   - [What’s new in MDM for Windows 10, version 1809](#whats-new-in-mdm-for-windows-10-version-1809)
   - [What’s new in MDM for Windows 10, version 1803](#whats-new-in-mdm-for-windows-10-version-1803)
@@ -83,6 +84,27 @@ For details about Microsoft mobile device management protocols for Windows 10 s
     - [September 2017](#september-2017)
     - [August 2017](#august-2017)
 
+## What’s new in MDM for Windows 10, version 1909
+<table class="mx-tdBreakAll">
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td style="vertical-align:top"><a href="bitlocker-csp.md" data-raw-source="[BitLocker CSP](bitlocker-csp.md)">BitLocker CSP</a></td>
+<td style="vertical-align:top"><br>Added the following new nodes in Windows 10, version 1909:</p>
+ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.</li>
+</td></tr>
+</tbody>
+</table>
+
 ## What’s new in MDM for Windows 10, version 1903
 <table class="mx-tdBreakAll">
 <colgroup>
@@ -143,7 +165,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <li><a href="policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon" data-raw-source="[WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)">WindowsLogon/ConfigAutomaticRestartSignOn</a></li>
 <li><a href="policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation" data-raw-source="[WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)">WindowsLogon/EnableFirstLogonAnimation</a></li>
 <tr>
-<td style="vertical-align:top"><a href="policy-csp-audit.md" data-raw-source="[Policy CSP - Audit](applicationcontrol-csp.md)">Policy CSP - Audit</a></td>
+<td style="vertical-align:top"><a href="policy-csp-audit.md" data-raw-source="[Policy CSP - Audit](policy-csp-audit.md)">Policy CSP - Audit</a></td>
 <td style="vertical-align:top"><p>Added new Audit policies in Windows 10, version 1903.</p>
 </td></tr>
 <tr>
@@ -153,6 +175,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
 </td></tr>
 <tr>
+<td style="vertical-align:top"><a href="defender-csp.md" data-raw-source="[Defender CSP](defender-csp.md)">Defender CSP</a></td>
+<td style="vertical-align:top"><p>Added the following new nodes:<br>Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.</p>
+</td></tr>
+<tr>
 <td style="vertical-align:top"><a href="diagnosticlog-csp.md" data-raw-source="[DiagnosticLog CSP](diagnosticlog-csp.md)">DiagnosticLog CSP</a><br>
 <a href="diagnosticlog-ddf.md" data-raw-source="[DiagnosticLog DDF](diagnosticlog-ddf.md)">DiagnosticLog DDF</a></td>
 <td style="vertical-align:top"><p>Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:<br>
@@ -1912,13 +1938,14 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 
 |New or updated topic | Description|
 |--- | ---|
-|[Policy CSP - Update](policy-csp-update.md)|Added the following new policy:<br>Update/TargetReleaseVersion|
+|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:<br>ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.|
+|[Defender CSP](defender-csp.md)|Added the following new nodes:<br>Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.|
 
 ### September 2019
 
 |New or updated topic | Description|
 |--- | ---|
-|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:<br>IsStub|
+|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:<br>IsStub.|
 |[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.|
 |[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies: <br>DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.|
 
@@ -1937,7 +1964,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o
 |[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.|
 |[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:<br>SecurityKey, SecurityKey/UseSecurityKeyForSignin|
 |[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:<br>LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock|
-|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider|
+|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:<br>Create a custom configuration service provider<br>Design a custom configuration service provider<br>IConfigServiceProvider2<br>IConfigServiceProvider2::ConfigManagerNotification<br>IConfigServiceProvider2::GetNode<br>ICSPNode<br>ICSPNode::Add<br>ICSPNode::Clear<br>ICSPNode::Copy<br>ICSPNode::DeleteChild<br>ICSPNode::DeleteProperty<br>ICSPNode::Execute<br>ICSPNode::GetChildNodeNames<br>ICSPNode::GetProperty<br>ICSPNode::GetPropertyIdentifiers<br>ICSPNode::GetValue<br>ICSPNode::Move<br>ICSPNode::SetProperty<br>ICSPNode::SetValue<br>ICSPNodeTransactioning<br>ICSPValidate<br>Samples for writing a custom configuration service provider.|
 
 
 ### June 2019

windows/client-management/mdm/policies-that-can-be-set-using-eas.md

@@ -14,12 +14,10 @@ ms.date: 07/18/2019
 
 # Policies that can be set using Exchange Active Sync (EAS)
 
-- [Browser/AllowBrowser](policy-csp-browser.md#browser-allowbrowser)  
 - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)  
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)  
 - [Connectivity/AllowBluetooth](policy-csp-connectivity.md#connectivity-allowbluetooth)  
 - [Connectivity/AllowCellularDataRoaming](policy-csp-connectivity.md#connectivity-allowcellulardataroaming)  
-- [Connectivity/AllowUSBConnection](policy-csp-connectivity.md#connectivity-allowusbconnection)  
 - [DeviceLock/AllowSimpleDevicePassword](policy-csp-devicelock.md#devicelock-allowsimpledevicepassword)  
 - [DeviceLock/AlphanumericDevicePasswordRequired](policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired)  
 - [DeviceLock/DevicePasswordEnabled](policy-csp-devicelock.md#devicelock-devicepasswordenabled)  

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -138,9 +138,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### AboveLock policies
 
 <dl>
-  <dd>
-    <a href="./policy-csp-abovelock.md#abovelock-allowactioncenternotifications" id="abovelock-allowactioncenternotifications">AboveLock/AllowActionCenterNotifications</a>
-  </dd>
   <dd>
     <a href="./policy-csp-abovelock.md#abovelock-allowcortanaabovelock" id="abovelock-allowcortanaabovelock">AboveLock/AllowCortanaAboveLock</a>
   </dd>
@@ -201,12 +198,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata" id="applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowstore" id="applicationmanagement-allowstore">ApplicationManagement/AllowStore</a>
-  </dd>
-  <dd>
-    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-applicationrestrictions" id="applicationmanagement-applicationrestrictions">ApplicationManagement/ApplicationRestrictions</a>
-  </dd>
   <dd>
     <a href="./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps" id="applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
   </dd>
@@ -632,9 +623,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-allowautofill" id="browser-allowautofill">Browser/AllowAutofill</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-browser.md#browser-allowbrowser" id="browser-allowbrowser">Browser/AllowBrowser</a>
-  </dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-allowconfigurationupdateforbookslibrary" id="browser-allowconfigurationupdateforbookslibrary">Browser/AllowConfigurationUpdateForBooksLibrary</a>
   </dd>
@@ -737,9 +725,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-browser.md#browser-enterprisesitelistserviceurl" id="browser-enterprisesitelistserviceurl">Browser/EnterpriseSiteListServiceUrl</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-browser.md#browser-firstrunurl" id="browser-firstrunurl">Browser/FirstRunURL</a>
-  </dd>
   <dd>
     <a href="./policy-csp-browser.md#browser-homepages" id="browser-homepages">Browser/HomePages</a>
   </dd>
@@ -839,9 +824,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-connectivity.md#connectivity-allowconnecteddevices" id="connectivity-allowconnecteddevices">Connectivity/AllowConnectedDevices</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-connectivity.md#connectivity-allownfc" id="connectivity-allownfc">Connectivity/AllowNFC</a>
-  </dd>
   <dd>
     <a href="./policy-csp-connectivity.md#connectivity-allowphonepclinking" id="connectivity-allowphonepclinking">Connectivity/AllowPhonePCLinking</a>
   </dd>
@@ -1236,9 +1218,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword" id="devicelock-allowidlereturnwithoutpassword">DeviceLock/AllowIdleReturnWithoutPassword</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-devicelock.md#devicelock-allowscreentimeoutwhilelockeduserconfig" id="devicelock-allowscreentimeoutwhilelockeduserconfig">DeviceLock/AllowScreenTimeoutWhileLockedUserConfig</a>
-  </dd>
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-allowsimpledevicepassword" id="devicelock-allowsimpledevicepassword">DeviceLock/AllowSimpleDevicePassword</a>
   </dd>
@@ -1257,18 +1236,12 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-enforcelockscreenandlogonimage" id="devicelock-enforcelockscreenandlogonimage">DeviceLock/EnforceLockScreenAndLogonImage</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-devicelock.md#devicelock-enforcelockscreenprovider" id="devicelock-enforcelockscreenprovider">DeviceLock/EnforceLockScreenProvider</a>
-  </dd>
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts" id="devicelock-maxdevicepasswordfailedattempts">DeviceLock/MaxDevicePasswordFailedAttempts</a>
   </dd>
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock" id="devicelock-maxinactivitytimedevicelock">DeviceLock/MaxInactivityTimeDeviceLock</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelockwithexternaldisplay" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay">DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay</a>
-  </dd>
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters" id="devicelock-mindevicepasswordcomplexcharacters">DeviceLock/MinDevicePasswordComplexCharacters</a>
   </dd>
@@ -1284,9 +1257,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow" id="devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-devicelock.md#devicelock-screentimeoutwhilelocked" id="devicelock-screentimeoutwhilelocked">DeviceLock/ScreenTimeoutWhileLocked</a>
-  </dd>
 </dl>
 
 ### Display policies
@@ -1400,9 +1370,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-allowclipboardhistory" id="experience-allowclipboardhistory">Experience/AllowClipboardHistory</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-experience.md#experience-allowcopypaste" id="experience-allowcopypaste">Experience/AllowCopyPaste</a>
-  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowcortana" id="experience-allowcortana">Experience/AllowCortana</a>
   </dd>
@@ -1415,15 +1382,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-allowmanualmdmunenrollment" id="experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-experience.md#experience-allowsimerrordialogpromptwhennosim" id="experience-allowsimerrordialogpromptwhennosim">Experience/AllowSIMErrorDialogPromptWhenNoSIM</a>
-  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowsaveasofofficefiles" id="experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-experience.md#experience-allowscreencapture" id="experience-allowscreencapture">Experience/AllowScreenCapture</a>
-  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowsharingofofficefiles" id="experience-allowsharingofofficefiles">Experience/AllowSharingOfOfficeFiles</a>
   </dd>
@@ -1433,15 +1394,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata" id="experience-allowtailoredexperienceswithdiagnosticdata">Experience/AllowTailoredExperiencesWithDiagnosticData</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-experience.md#experience-allowtaskswitcher" id="experience-allowtaskswitcher">Experience/AllowTaskSwitcher</a>
-  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight" id="experience-allowthirdpartysuggestionsinwindowsspotlight">Experience/AllowThirdPartySuggestionsInWindowsSpotlight</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-experience.md#experience-allowvoicerecording" id="experience-allowvoicerecording">Experience/AllowVoiceRecording</a>
-  </dd>
   <dd>
     <a href="./policy-csp-experience.md#experience-allowwindowsconsumerfeatures" id="experience-allowwindowsconsumerfeatures">Experience/AllowWindowsConsumerFeatures</a>
   </dd>
@@ -2519,15 +2474,9 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### Messaging policies
 
 <dl>
-  <dd>
-    <a href="./policy-csp-messaging.md#messaging-allowmms" id="messaging-allowmms">Messaging/AllowMMS</a>
-  </dd>
   <dd>
     <a href="./policy-csp-messaging.md#messaging-allowmessagesync" id="messaging-allowmessagesync">Messaging/AllowMessageSync</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-messaging.md#messaging-allowrcs" id="messaging-allowrcs">Messaging/AllowRCS</a>
-  </dd>
 </dl>
 
 ### MSSecurityGuide policies
@@ -3165,9 +3114,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-search.md#search-preventremotequeries" id="search-preventremotequeries">Search/PreventRemoteQueries</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-search.md#search-safesearchpermissions" id="search-safesearchpermissions">Search/SafeSearchPermissions</a>
-  </dd>
 </dl>
 
 ### Security policies
@@ -3179,15 +3125,9 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-security.md#security-allowautomaticdeviceencryptionforazureadjoineddevices" id="security-allowautomaticdeviceencryptionforazureadjoineddevices">Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-security.md#security-allowmanualrootcertificateinstallation" id="security-allowmanualrootcertificateinstallation">Security/AllowManualRootCertificateInstallation</a>
-  </dd>
   <dd>
     <a href="./policy-csp-security.md#security-allowremoveprovisioningpackage" id="security-allowremoveprovisioningpackage">Security/AllowRemoveProvisioningPackage</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-security.md#security-antitheftmode" id="security-antitheftmode">Security/AntiTheftMode</a>
-  </dd>
   <dd>
     <a href="./policy-csp-security.md#security-cleartpmifnotready" id="security-cleartpmifnotready">Security/ClearTPMIfNotReady</a>
   </dd>
@@ -3230,9 +3170,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-settings.md#settings-allowdatetime" id="settings-allowdatetime">Settings/AllowDateTime</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-settings.md#settings-alloweditdevicename" id="settings-alloweditdevicename">Settings/AllowEditDeviceName</a>
-  </dd>
   <dd>
     <a href="./policy-csp-settings.md#settings-allowlanguage" id="settings-allowlanguage">Settings/AllowLanguage</a>
   </dd>
@@ -3598,9 +3535,6 @@ The following diagram shows the Policy configuration service provider in tree fo
 ### TimeLanguageSettings policies
 
 <dl>
-  <dd>
-    <a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-allowset24hourclock" id="timelanguagesettings-allowset24hourclock">TimeLanguageSettings/AllowSet24HourClock</a>
-  </dd>
   <dd>
     <a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone" id="timelanguagesettings-configuretimezone">TimeLanguageSettings/ConfigureTimeZone</a>
   </dd>
@@ -3788,9 +3722,6 @@ The following diagram shows the Policy configuration service provider in tree fo
   <dd>
     <a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
   </dd>
-  <dd>
-    <a href="./policy-csp-update.md#update-targetreleaseversion" id="update-targetreleaseversion">Update/TargetReleaseVersion</a>
-  </dd> 
   <dd>
     <a href="./policy-csp-update.md#update-updatenotificationlevel" id="update-updatenotificationlevel">Update/UpdateNotificationLevel</a>
   </dd>

windows/client-management/mdm/policy-csp-abovelock.md

@@ -2,6 +2,7 @@
 title: Policy CSP - AboveLock
 description: Policy CSP - AboveLock
 ms.author: dansimp
+ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
@@ -21,9 +22,6 @@ manager: dansimp
 ## AboveLock policies  
 
 <dl>
-  <dd>
-    <a href="#abovelock-allowactioncenternotifications">AboveLock/AllowActionCenterNotifications</a>
-  </dd>
   <dd>
     <a href="#abovelock-allowcortanaabovelock">AboveLock/AllowCortanaAboveLock</a>
   </dd>
@@ -35,76 +33,6 @@ manager: dansimp
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="abovelock-allowactioncenternotifications"></a>**AboveLock/AllowActionCenterNotifications**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-Specifies whether to allow Action Center notifications above the device lock screen.
-
-Most restricted value is 0.
-
-<!--/Description-->
-<!--SupportedValues-->
-The following list shows the supported values:
-
--   0 - Not allowed.
--   1 (default) - Allowed.
-
-<!--/SupportedValues-->
-<!--/Policy-->
-
-<hr/>
 
 <!--Policy-->
 <a href="" id="abovelock-allowcortanaabovelock"></a>**AboveLock/AllowCortanaAboveLock**  
@@ -135,14 +63,6 @@ The following list shows the supported values:
     <td>Education</td>
     <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
 </tr>
-<tr>
-    <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-<tr>
-    <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
 </table>
 
 <!--/SupportedSKUs-->
@@ -209,14 +129,6 @@ The following list shows the supported values:
     <td>Education</td>
     <td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
-<tr>
-    <td>Mobile</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Mobile Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
 </table>
 
 <!--/SupportedSKUs-->

windows/client-management/mdm/policy-csp-accounts.md

@@ -2,6 +2,7 @@
 title: Policy CSP - Accounts
 description: Policy CSP - Accounts
 ms.author: dansimp
+ms.localizationpriority: medium
 ms.topic: article
 ms.prod: w10
 ms.technology: windows