Merge branch 'master' into apps-in-windows-10-update

store-for-business/add-profile-to-devices.md

@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
-ms.date: 1/29/2018
+ms.date: 2/9/2018
 ms.localizationpriority: high
 ---
 
@@ -20,7 +20,7 @@ Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For
 
 Watch this video to learn more about Windows AutoPilot in Micrsoft Store for Business. </br>
 
-[!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
+> [!video https://www.microsoft.com/en-us/videoplayer/embed/3b30f2c2-a3e2-4778-aa92-f65dbc3ecf54?autoplay=false]
 
 ## What is Windows AutoPilot Deployment Program?
 In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 

windows/deployment/update/update-compliance-monitor.md

@@ -6,9 +6,9 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: deploy
-author: DaniHalfin
+author: Jaimeo
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/13/2017
+ms.date: 02/09/2018
 ---
 
 # Monitor Windows Updates and Windows Defender Antivirus with Update Compliance
@@ -35,9 +35,9 @@ See the following topics in this guide for detailed information about configurin
 - [Get started with Update Compliance](update-compliance-get-started.md): How to add Update Compliance to your environment.
 - [Using Update Compliance](update-compliance-using.md): How to begin using Update Compliance.
 
-<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/1cmF5c_R8I4" frameborder="0" allowfullscreen></iframe>
+Click the following link to see a video demonstrating Update Compliance features.
 
-An overview of the processes used by the Update Compliance solution is provided below.
+[![YouTube video demonstrating Update Compliance](images/UC-vid-crop.jpg)](https://www.youtube.com/embed/1cmF5c_R8I4) 
 
 ## Update Compliance architecture
  

windows/deployment/update/waas-overview.md

@@ -4,10 +4,10 @@ description: In Windows 10, Microsoft has streamlined servicing to make operatin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: Jaimeo
 ms.localizationpriority: high
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 10/16/2017
+ms.date: 02/09/2018
 ---
 
 # Overview of Windows as a service
@@ -23,7 +23,10 @@ ms.date: 10/16/2017
 
 The Windows 10 operating system introduces a new way to build, deploy, and service Windows: Windows as a service. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time. 
 
-<iframe width="560" height="315" align="center" src="https://www.youtube.com/embed/qSAsiM01GOU" frameborder="0" allowfullscreen></iframe>
+Click the following Microsoft Mechanics video for an overview of the release model, particularly the Semi-Annual Channel.
+
+
+[![YouTube video of Michael Niehouse explaining how the Semi-Annual Channel works](images/SAC_vid_crop.jpg)](https://youtu.be/qSAsiM01GOU) 
 
 ## Building
 

windows/deployment/update/waas-quick-start.md

@@ -4,10 +4,10 @@ description: In Windows 10, Microsoft has streamlined servicing to make operatin
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-author: DaniHalfin
+author: Jaimeo
 ms.localizationpriority: high
-ms.author: daniha
+ms.author: jaimeo
-ms.date: 07/27/2017
+ms.date: 02/09/2018
 ---
 
 # Quick guide to Windows as a service
@@ -58,7 +58,10 @@ See [Build deployment rings for Windows 10 updates](waas-deployment-rings-window
 
 ## Video: An overview of Windows as a service
 
-<iframe width="560" height="315" src="https://www.youtube.com/embed/qSAsiM01GOU" frameborder="0" allowfullscreen></iframe> 
+Click the following Microsoft Mechanics video for an overview of the updated release model, particularly the Semi-Annual Channel.
+
+
+[![YouTube video of Michael Niehouse explaining how the Semi-Annual Channel works](images/SAC_vid_crop.jpg)](https://youtu.be/qSAsiM01GOU) 
  
 ## Learn more
 

windows/deployment/upgrade/upgrade-readiness-upgrade-overview.md

@@ -35,7 +35,7 @@ The following color-coded status changes are reflected on the upgrade overview b
 
 Click on a row to drill down and see details about individual computers. If KBs are missing, see [Deploy the compatibility update and related KBs](upgrade-readiness-get-started.md#deploy-the-compatibility-update-and-related-kbs) for information on required KBs.
 
-In the following example, there is no delay in data processing, less than 4% of computers (6k\294k) have incomplete data, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
+In the following example, there is no delay in data processing, more than 10% of computers (6k\8k) have incomplete data, more than 30% of computers (6k/8k) require a KB update, there are no pending user changes, and the currently selected target OS version is the same as the recommended version:
 
 ![Upgrade overview](../images/ur-overview.png)
 
@@ -43,9 +43,9 @@ In the following example, there is no delay in data processing, less than 4% of
 <img src="media/image3.png" width="214" height="345" />
 -->
 
-If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
+If data processing is delayed, the "Last updated" banner will indicate the date on which data was last updated. You can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed until data is refreshed. When your workspace is in this state, there is no action required; data is typically refreshed and the display will return to normal again within 24 hours. 
 
-If there are computers with incomplete data, verify that you have installed the latest compatibilty update and run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center.
+If there are computers with incomplete data, verify that you have installed the latest compatibilty update KBs. Install the updated KBs if necessary and then run the most recent [Update Readiness deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the Microsoft download center. The updated data payload should appear in Upgrade Readiness within 48 hours of a successful run on the deployment script.
 
 Select **Total computers** for a list of computers and details about them, including:
 

windows/security/threat-protection/device-guard/deploy-windows-defender-application-control-policy-rules-and-file-rules.md

@@ -70,13 +70,13 @@ RuleOption -Help** in a Windows PowerShell session. Table 2 describes each rule
 | **2 Required:WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified. |
 | **3 Enabled:Audit Mode (Default)** | Enables the execution of binaries outside of the WDAC policy but logs each occurrence in the CodeIntegrity event log, which can be used to update the existing policy before enforcement. To begin enforcing a WDAC policy, delete this option. |
 | **4 Disabled:Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flighted builds. |
-| **5 Enabled:Inherent Default Policy** | This option is not currently supported. |
+| **5 Enabled:Inherit Default Policy** | This option is not currently supported. |
 | **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
 | **7 Allowed:Debug Policy Augmented** | This option is not currently supported. |
 | **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. |
 | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. |
 | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. |
-| **11 Disabled:Script Enforcement** | WDAC policies also restrict scripts and MSIs, and PowerShell runs in constrained language mode. Enabling this rule option will allow unsigned scripts to run and will leave PowerShell in full language mode. |
+| **11 Disabled:Script Enforcement** | This option is not currently supported. |
 | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. |
 | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as System Center Configuration Manager, that has been defined as a managed installer. |
 | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |