Merge remote-tracking branch 'refs/remotes/origin/master' into jd-sandbox

2025-06-28 16:53:40 +00:00 · 2016-08-04 07:19:55 -07:00
parent 2ea51e554c e930fdd559
commit 002539ddd4
22 changed files with 89 additions and 37 deletions
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@ -1,8 +1,5 @@
 # [Keep Windows 10 secure](index.md)
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-## [Device Guard certification and compliance](device-guard-certification-and-compliance.md)
-### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md)
-### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md)
 ## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 ### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 ### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
@ -14,6 +11,16 @@
 ### [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md)
 ## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
 ## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
+## [Device Guard deployment guide](device-guard-deployment-guide.md)
+### [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md)
+### [Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md)
+### [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md)
+### [Deploy Device Guard: deploy code integrity policies](deploy-device-guard-deploy-code-integrity-policies.md)
+#### [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md)
+#### [Deploy code integrity policies: policy rules and file rules](deploy-code-integrity-policies-policy-rules-and-file-rules.md)
+#### [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
+#### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md)
+### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md)
 ## [Protect derived domain credentials with Credential Guard](credential-guard.md)
 ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
 ## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md)
@ -27,8 +34,8 @@
 ### [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
 #### [Windows Information Protection (WIP) overview](wip-enterprise-overview.md)
 #### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
-#### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md)
-#### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md)
+#### [Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md)
+#### [Testing scenarios for Windows Information Protection](testing-scenarios-for-wip.md)
 ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
 ## [VPN profile options](vpn-profile-options.md)
 ## [Windows security baselines](windows-security-baselines.md)
@ -832,7 +839,6 @@
 ###### [Verify That Network Traffic Is Authenticated](verify-that-network-traffic-is-authenticated.md)
 ## [Enterprise security guides](windows-10-enterprise-security-guides.md)
 ### [Control the health of Windows 10-based devices](protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-### [Device Guard deployment guide](device-guard-deployment-guide.md)
 ### [Microsoft Passport guide](microsoft-passport-guide.md)
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 ### [Windows 10 security overview](windows-10-security-guide.md)
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@ -17,17 +17,17 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:

 - [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
- [Remote Credential Guard](remote-credential-guard.md)
+- [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
 - [Windows Defender Offline in Windows 10](windows-defender-offline.md)
- [Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
+- [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
 - [Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)
 - [Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)
 - [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)
 - [Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md)
- [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
- [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
- [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
- [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+- [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
+- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
 - [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)


@ -37,8 +37,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 |----------------------|-------------|
 |[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |New |
 |[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New |
-|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |New |
-|[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New |
+|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |New |
+|[Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |New |
 |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated |
 |[Device Guard deployment guide](device-guard-deployment-guide.md) (multiple topics) | Updated |

@ -47,7 +47,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also

 |New or changed topic | Description |
 |----------------------|-------------|
-|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
+|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
 | [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
 | [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics |
 | [Windows security baselines](windows-security-baselines.md) | New |
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@ -158,6 +158,7 @@ First, you must add the virtualization-based security features. You can do this
    ``` syntax
    dism /image:<WIM file name> /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all
    ```
+
 > [!NOTE]  
 > You can also add these features to an online image by using either DISM or Configuration Manager.

@ -183,6 +184,7 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi
    -   Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it.
 4.  Close Registry Editor.

+
 > [!NOTE]  
 > You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting.

@ -348,6 +350,7 @@ On devices that are running Credential Guard, enroll the devices using the machi
 ``` syntax
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
+
 > [!NOTE]  
 > You must restart the device after enrolling the machine authentication certificate.
  
@ -364,6 +367,7 @@ By using an authentication policy, you can ensure that users only sign into devi
    ``` syntax
    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:”<name of issuance policy>” –groupOU:”<Name of OU to create>” –groupName:”<name of Universal security group to create>”
    ```
+
 ### Deploy the authentication policy

 Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
@ -388,6 +392,7 @@ Now you can set up an authentication policy to use Credential Guard.
 14. Click **OK** to create the authentication policy.
 15. Close Active Directory Administrative Center.

+
 > [!NOTE]  
 > When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.
  
--- a/windows/keep-secure/windows-defender-block-at-first-sight.md
+++ b/windows/keep-secure/windows-defender-block-at-first-sight.md
@ -21,7 +21,7 @@ Block at First Sight is a feature of Windows Defender cloud protection that prov

 You can enable Block at First Sight with Group Policy or individually on endpoints.

-## Backend procesing and near-instant determinations
+## Backend processing and near-instant determinations

 When a Windows Defender client encounters a suspicious but previously undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.

@ -86,16 +86,16 @@ Block at First Sight requires a number of Group Policy settings to be configured

 5.  Expand the tree through **Windows components > Windows Defender > MAPS**.

-1.  Double-click the **Configure the <EFBFBD>Block at First Sight<EFBFBD> feature** setting and set the option to **Enabled**.
+1.  Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Enabled**.

    > [!NOTE]
    > The Block at First Sight feature will not function if the pre-requisite group policies have not been correctly set.

-### Manually enable Block at First Sight on Individual clients
+### Manually enable Block at First Sight on individual clients

 To configure un-managed clients that are running Windows 10, Block at First Sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.

-**Enable Block at First Sight on invididual clients**
+**Enable Block at First Sight on individual clients**

 1. Open Windows Defender settings:

--- a/windows/manage/appv-for-windows.md
+++ b/windows/manage/appv-for-windows.md
@ -9,7 +9,7 @@ ms.prod: w10
 ---


-# Application Virtualization (App-V) overview
+# Application Virtualization (App-V) for Windows 10 overview


 The topics in this section provides information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.
--- a/windows/manage/appv-getting-started.md
+++ b/windows/manage/appv-getting-started.md
@ -11,10 +11,9 @@ ms.prod: w10

 # Getting Started with App-V

-
 Microsoft Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.

-With the release of Windows 10, version 1607, App-V is included with the [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is available with Software Assurance. If you are new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
+With the release of Windows 10, version 1607, App-V is included with the [Windows 10 Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).

 If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).

--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@ -21,6 +21,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
 - [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
 - [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
+- [Application Virtualization (App-V) for Windows 10](appv-for-windows.md)
+- [User Experience Virtualization (UE-V) for Windows 10](uev-for-windows.md)

 ## July 2016

--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@ -26,7 +26,8 @@ In Windows 10, version 1607, the following Group Policies apply only to Windows
 | **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md |
 | **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
 | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md)  |
-| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) |
 | **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |


--- a/windows/manage/uev-for-windows.md
+++ b/windows/manage/uev-for-windows.md
@ -8,7 +8,7 @@ ms.sitesec: library
 ms.prod: w10
 ---

-# User Experience Virtualization overview
+# User Experience Virtualization (UE-V) for Windows 10 overview

 Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 

@ -24,6 +24,8 @@ With User Experience Virtualization (UE-V), you can capture user-customized Wind

 -   Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state

+With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and EU-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices.
+
 ## Components of UE-V

 The diagram below illustrates how UE-V components work together to synchronize user settings.
--- a/windows/plan/change-history-for-plan-for-windows-10-deployment.md
+++ b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
@ -16,7 +16,7 @@ This topic lists new and updated topics in the [Plan for Windows 10 deployment](

 ## RELEASE: Windows 10, version 1607

-The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
+The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update).


 ## July 2016
--- a/windows/whats-new/applocker.md
+++ b/windows/whats-new/applocker.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview
 ---

 # What's new in AppLocker?
--- a/windows/whats-new/bitlocker.md
+++ b/windows/whats-new/bitlocker.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview
 ---

 # What's new in BitLocker?
--- a/windows/whats-new/credential-guard.md
+++ b/windows/whats-new/credential-guard.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---

 # What's new in Credential Guard?
--- a/windows/whats-new/device-management.md
+++ b/windows/whats-new/device-management.md
@ -7,7 +7,7 @@ ms.pagetype: devices, mobile
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
-redirect_url: /whats-new/whats-new-windows-10-version-1507-and-1511
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices
 ---

 # Enterprise management for Windows 10 devices
--- a/windows/whats-new/lockdown-features-windows-10.md
+++ b/windows/whats-new/lockdown-features-windows-10.md
@ -8,7 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
-redirect_url: /manage/lockdown-features-windows-10
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/lockdown-features-windows-10
 ---

 # Lockdown features from Windows Embedded 8.1 Industry
--- a/windows/whats-new/microsoft-passport.md
+++ b/windows/whats-new/microsoft-passport.md
@ -8,7 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile, security
 author: jdeckerMS
-redirect_url: /whats-new/whats-new-windows-10-version-1607
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport
 ---

 # Windows Hello overview
--- a/windows/whats-new/new-provisioning-packages.md
+++ b/windows/whats-new/new-provisioning-packages.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
-redirect_url: /deploy/provisioning-packages
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/deploy/provisioning-packages
 ---

 # Provisioning packages
--- a/windows/whats-new/security-auditing.md
+++ b/windows/whats-new/security-auditing.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
 ms.pagetype: security, mobile
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/security-auditing-overview
 ---

 # What's new in security auditing?
--- a/windows/whats-new/trusted-platform-module.md
+++ b/windows/whats-new/trusted-platform-module.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview
 ---

 # What's new in Trusted Platform Module?
--- a/windows/whats-new/user-account-control.md
+++ b/windows/whats-new/user-account-control.md
@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/user-account-control-overview
 ---

 # What's new in User Account Control?
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@ -30,6 +30,26 @@ Windows ICD now includes simplified workflows for creating provisioning packages

 [Learn more about using provisioning packages in Windows 10.](../deploy/provisioning-packages.md)

+### Windows Upgrade Analytics
+
+Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
+
+With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
+
+Use Upgrade Analytics to get:
+
+- A visual workflow that guides you from pilot to production
+- Detailed computer and application inventory
+- Powerful computer level search and drill-downs
+- Guidance and insights into application and driver compatibility issues, with suggested fixes
+- Data driven application rationalization tools
+- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+- Data export to commonly used software deployment tools
+
+The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready.
+
+[Learn more about planning and managing Windows upgrades with Windows Upgrade Analytics.](../deploy/manage-windows-upgrades-with-upgrade-analytics.md)
+
 ## Security

 ### Credential Guard and Device Guard
@ -100,6 +120,23 @@ Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilit

 Windows 10, Version 1607, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](../manage/set-up-shared-or-guest-pc.md)

+### Application Virtualization (App-V) for Windows 10
+
+Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.
+
+With the release of Windows 10, version 1607, App-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. 
+
+[Learn how to deliver virtual applications with App-V.](../manage/appv-getting-started.md)
+
+### User Experience Virtualization (UE-V) for Windows 10
+
+Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 
+
+With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
+
+With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and EU-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. 
+
+[Learn how to synchronize user-customized settings with UE-V.](../manage/uev-for-windows.md)

 ## Learn more

--- a/windows/whats-new/windows-spotlight.md
+++ b/windows/whats-new/windows-spotlight.md
@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
-redirect_url: /manage/windows-spotlight
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/windows-spotlight
 ---

 # Windows Spotlight on the lock screen