diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 08b59f469e..19820b0309 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -12,7 +12,7 @@ ms.date: 04/17/2018
# Accounts CSP
-The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and joint it to a local user group. This CSP was added in Windows 10, version 1803.
+The Accounts configuration service provider (CSP) is used by the enterprise (1) to rename a device, (2) to create a new local Windows account and join it to a local user group. This CSP was added in Windows 10, version 1803.
The following diagram shows the Accounts configuration service provider in tree format.
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index 9fc4d5138f..a0cec11bb0 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -7,13 +7,27 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
-ms.date: 06/26/2017
+ms.date: 06/25/2018
---
# Diagnose MDM failures in Windows 10
To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop or mobile device. The following sections describe the procedures for collecting MDM logs.
+## Download the MDM Diagnostic Information log from Windows 10 PCs
+
+1. On your managed device go to **Settings** > **Accounts** > **Access work or school**.
+1. Click your work or school account, then click **Info.**
+ 
+
+1. At the bottom of the **Settings** page, click **Create report**.
+ 
+1. A window opens that shows the path to the log files. Click **Export**.
+
+ 
+
+1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
+
## Collect logs directly from Windows 10 PCs
Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
@@ -96,9 +110,9 @@ Example: Export the Debug logs
```
-## Collect logs from Windows 10 Mobile devices
+## Collect logs from Windows 10 Mobile devices
-Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic]( http://go.microsoft.com/fwlink/p/?LinkId=718232) app to collect logs.
+Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medic](https://www.microsoft.com/en-us/p/field-medic/9wzdncrfjb82?activetab=pivot%3aoverviewtab) app to collect logs.
**To collect logs manually**
@@ -168,9 +182,9 @@ The following table contains a list of common providers and their corresponding
-## Collect logs remotely from Windows 10 Mobile devices
+## Collect logs remotely from Windows 10 Holographic or Windows 10 Mobile devices
-For mobile devices already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
+For holographic or mobile devices already enrolled in MDM, you can remotely collect MDM logs through the MDM channel using the [DiagnosticLog CSP](diagnosticlog-csp.md).
You can use the DiagnosticLog CSP to enable the ETW provider. The provider ID is 3DA494E4-0FE2-415C-B895-FB5265C5C83B. The following examples show how to enable the ETW provider:
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures15.png b/windows/client-management/mdm/images/diagnose-mdm-failures15.png
new file mode 100644
index 0000000000..b1bd7207f3
Binary files /dev/null and b/windows/client-management/mdm/images/diagnose-mdm-failures15.png differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures16.png b/windows/client-management/mdm/images/diagnose-mdm-failures16.png
new file mode 100644
index 0000000000..0429b58b91
Binary files /dev/null and b/windows/client-management/mdm/images/diagnose-mdm-failures16.png differ
diff --git a/windows/client-management/mdm/images/diagnose-mdm-failures17.png b/windows/client-management/mdm/images/diagnose-mdm-failures17.png
new file mode 100644
index 0000000000..4271e4f52d
Binary files /dev/null and b/windows/client-management/mdm/images/diagnose-mdm-failures17.png differ
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index f8580b0ac3..1b4f54f5ff 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1627,6 +1627,28 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
## Change history in MDM documentation
+### June 2018
+
+
+
+
+
+
+
+
+
+
+
+[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md) |
+Added procedure for collecting logs remotely from Windows 10 Holographic.
+ |
+
+
+
+
### May 2018
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index af2ccbcbbb..12ec5eed97 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4790,7 +4790,6 @@ The following diagram shows the Policy configuration service provider in tree fo
- [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
- [Settings/AllowDateTime](#settings-allowdatetime)
- [Settings/AllowVPN](#settings-allowvpn)
-- [System/AllowFontProviders](#system-allowfontproviders)
- [System/AllowLocation](#system-allowlocation)
- [System/AllowTelemetry](#system-allowtelemetry)
- [Update/AllowAutoUpdate](#update-allowautoupdate)
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index 8f4da31f35..b7f8fb114a 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1204,7 +1204,6 @@ Footnote:
## System policies supported by Windows Holographic for Business
-- [System/AllowFontProviders](#system-allowfontproviders)
- [System/AllowLocation](#system-allowlocation)
- [System/AllowTelemetry](#system-allowtelemetry)
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index b891078029..ee8b58b6ff 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -634,7 +634,7 @@ Follow these steps to create a bootable USB stick from the offline media content
## Unified Extensible Firmware Interface (UEFI)-based deployments
-As referenced in [Windows 10 deployment tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.
+As referenced in [Windows 10 deployment tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UEFI.

diff --git a/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md b/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md
index c1521d4195..58f6ad67ae 100644
--- a/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/hardware-protection/tpm/trusted-platform-module-overview.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: brianlic-msft
-ms.date: 07/27/2017
+ms.date: 06/18/2018
---
# Trusted Platform Module Technology Overview
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 880d8394b1..1b3fd83542 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -73,7 +73,7 @@ A deployment's trust type defines how each Windows Hello for Business client aut
The key trust type does not require issuing authentication certificates to end users. Users authenticate using a hardware-bound key created during an in-box provisioning experience, which requires an adequate distribution of Windows Server 2016 domain controllers relative to your existing authentication and the number of users included in your Windows Hello for Business deployment. Read the [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
-The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the in-box provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers. Users can authentication using their certificate to any Windows Server 2008 R2 or later domain controller.
+The certificate trust type issues authentication certificates to end users. Users authenticate using a certificate requested using a hardware-bound key created during the in-box provisioning experience. Unlike key trust, certificate trust does not require Windows Server 2016 domain controllers. Users can authentice using their certificate to any Windows Server 2008 R2 or later domain controller.
#### Device registration
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
index a441abbb58..2d8f7185e4 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-and-administration-faq.md
@@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
localizationpriority: high
author: brianlic-msft
-ms.date: 05/03/2018
+ms.date: 06/25/2018
---
# BitLocker Deployment and Administration FAQ
@@ -44,12 +44,12 @@ No, BitLocker does not encrypt and decrypt the entire drive when reading and wri
## How can I prevent users on a network from storing data on an unencrypted drive?
-You can can Group Policy settings to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
+You can configure Group Policy settings to require that data drives be BitLocker-protected before a BitLocker-protected computer can write data to them. For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
When these policy settings are enabled, the BitLocker-protected operating system will mount any data drives that are not protected by BitLocker as read-only.
## What is Used Disk Space Only encryption?
-BitLocker in Windows 10 lets users choose to encrypt just their data. Although it's not the most secure way to encrypt a drive, this option can reduce encryption time by more than 99 percent, depending on how much data that needs to beencrypted. For more information, see [Used Disk Space Only encryption](bitlocker-device-encryption-overview-windows-10.md#used-disk-space-only-encryption).
+BitLocker in Windows 10 lets users choose to encrypt just their data. Although it's not the most secure way to encrypt a drive, this option can reduce encryption time by more than 99 percent, depending on how much data that needs to be encrypted. For more information, see [Used Disk Space Only encryption](bitlocker-device-encryption-overview-windows-10.md#used-disk-space-only-encryption).
## What system changes would cause the integrity check on my operating system drive to fail?
diff --git a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
index 683138cb8a..57cec7412e 100644
--- a/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
@@ -103,7 +103,7 @@ Use optional query parameters to specify and control the amount of data returned
Name | Value| Description
:---|:---|:---
-DateTime?sinceTimeUtc | string | Defines the lower time bound alerts are retrieved from, based on field:
`LastProccesedTimeUtc`
The time range will be: from sinceTimeUtc time to current time.
**NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
+DateTime?sinceTimeUtc | string | Defines the lower time bound alerts are retrieved from, based on field:
`LastProcessedTimeUtc`
The time range will be: from sinceTimeUtc time to current time.
**NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
DateTime?untilTimeUtc | string | Defines the upper time bound alerts are retrieved.
The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time.
**NOTE**: When not specified, the default value will be the current time.
string ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time.
Value should be set according to **ISO 8601** duration format
E.g. `ago=PT10M` will pull alerts received in the last 10 minutes.
int?limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.
**NOTE**: When not specified, all alerts available in the time range will be retrieved.