Move cred guard topic from manage cg to requirements doc. Add content to Remote Cred Guard

windows/access-protection/credential-guard/credential-guard-manage.md

@@ -100,15 +100,6 @@ You can also enable Credential Guard by using the [Device Guard and Credential G
 DG_Readiness_Tool_v3.2.ps1 -Enable -AutoReboot
 ```
 
-### Credential Guard deployment in virtual machines
-
-Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. When Credential Guard is deployed on a VM, secrets are protected from attacks inside the VM. Credential Guard does not provide additional protection from privileged system attacks originating from the host.
-
-#### Requirements for running Credential Guard in Hyper-V virtual machines
-
-- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607.
-- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. 
-
 ### Review Credential Guard performance
 
 **Is Credential Guard running?**

windows/access-protection/credential-guard/credential-guard-requirements.md

@@ -35,6 +35,19 @@ The Virtualization-based security requires:
 - CPU virtualization extensions plus extended page tables
 - Windows hypervisor
 
+### Credential Guard deployment in virtual machines 
+
+Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. When Credential Guard is deployed on a VM, secrets are protected from attacks inside the VM. Credential Guard does not provide additional protection from privileged system attacks originating from the host.
+
+#### Requirements for running Credential Guard in Hyper-V virtual machines
+
+- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607.
+- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and be running at least Windows Server 2016 or Windows 10. 
+
+For information about other host platforms, see [Enabling Windows Server 2016 and Hyper-V virtualization based security features on other platforms](https://blogs.technet.microsoft.com/windowsserver/2016/09/29/enabling-windows-server-2016-and-hyper-v-virtualization-based-security-features-on-other-platforms/)
+
+For information about Remote Credential Guard hardware and software requirements, see [Remote Credential Guard requirements](https://docs.microsoft.com/en-us/windows/access-protection/remote-credential-guard#hardware-and-software-requirements)
+
 ## Application requirements
 
 When Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. 

windows/access-protection/remote-credential-guard.md

@@ -47,12 +47,15 @@ Use the following table to compare different security options for Remote Desktop
 
 ## Hardware and software requirements
 
-The Remote Desktop client and server must meet the following requirements in order to use Remote Credential Guard:
+To use Remote Credential Guard, the Remote Desktop client and server must meet the following requirements: 
 
-- They must be joined to an Active Directory domain
-    - Both devices must either joined to the same domain or the Remote Desktop server must be joined to a domain with a trust relationship to the client device's domain.
-- They must use Kerberos authentication.
-- They must be running at least Windows 10, version 1607 or Windows Server 2016.
+- In order to connect using credentials other than signed-in credentials, the Remote Desktop client device must be running at least Windows 10, version 1703.
+
+> [!NOTE]
+> Remote Desktop client devices running earlier versions, at minimum Windows 10 version 1607, only support signed-in credentials, so the client device must also be joined to an Active Directory domain. Both Remote Desktop client and server must either be joined to the same domain, or the Remote Desktop server can be joined to a domain that has a trust relationship to the client device's domain.
+
+- For Remote Credential Guard to be supported, the user must  authenticate to the remote host using Kerberos authentication
+- The remote host must be running at least Windows 10 version 1607, or Windows Server 2016.
 - The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Remote Credential Guard.
 
 ## Enable Remote Credential Guard

windows/device-security/device-guard/deploy-managed-installer-for-device-guard.md

@@ -10,7 +10,7 @@ author: mdsakibMSFT
 
 # Deploy Managed Installer for Device Guard
 
-Creating and maintaining application execution control policies has always been challenging and options for addressing this has been a frequently cited request for customers of AppLocker and Device Guard’s [configurable code integrity (CI)](device-guard-deployment-guide.md). 
+Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Device Guard [configurable code integrity (CI)](device-guard-deployment-guide.md). 
 This is especially true for enterprises with large, ever changing software catalogs. 
 
 Windows 10, version 1703 (also known as the Windows 10 Creators Update) provides a new option, known as a managed installer, that allows IT administrators to automatically authorize applications deployed and installed by a designated software distribution solution, such as System Center Configuration Manager.