+
+
+
+
+
+
+
+
+
+
Microsoft 365 Education
+
Microsoft 365 Education empowers educators to unlock creativity, promote teamwork, and provide a simple and safe experience in a single, affordable solution built for education.
diff --git a/store-for-business/app-inventory-management-windows-store-for-business.md b/store-for-business/app-inventory-management-windows-store-for-business.md
index 062c2dbeef..6c598f70cc 100644
--- a/store-for-business/app-inventory-management-windows-store-for-business.md
+++ b/store-for-business/app-inventory-management-windows-store-for-business.md
@@ -22,7 +22,7 @@ You can manage all apps that you've acquired on your **Apps & software** page. T
All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses.
-
+
Microsoft Store for Business and Education shows this info for each app in your inventory:
- Name
diff --git a/store-for-business/configure-mdm-provider-windows-store-for-business.md b/store-for-business/configure-mdm-provider-windows-store-for-business.md
index 2074e51990..1948662653 100644
--- a/store-for-business/configure-mdm-provider-windows-store-for-business.md
+++ b/store-for-business/configure-mdm-provider-windows-store-for-business.md
@@ -1,6 +1,6 @@
---
title: Configure an MDM provider (Windows 10)
-description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Windows Store for Business inventory to manage apps with offline licenses.
+description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses.
ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
ms.prod: w10
ms.mktglfcycl: manage
@@ -16,7 +16,7 @@ ms.localizationpriority: high
- Windows 10
- Windows 10 Mobile
-For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Windows Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
+For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
Your management tool needs to be installed and configured with Azure AD, in the same directory that you are using for Store for Business. Once that's done, you can configure it to work with Store for Business
@@ -35,7 +35,7 @@ After your management tool is added to your Azure AD directory, you can configur
3. From the list of MDM tools, select the one you want to synchronize with Microsoft Store, and then click **Activate.**
Your MDM tool is ready to use with Microsoft Store. To learn how to configure synchronization and deploy apps, see these topics:
-- [Manage apps you purchased from Windows Store for Business with Microsoft Intune](https://technet.microsoft.com/library/mt676514.aspx)
-- [Manage apps from Windows Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
+- [Manage apps you purchased from Microsoft Store for Business with Microsoft Intune](https://technet.microsoft.com/library/mt676514.aspx)
+- [Manage apps from Microsoft Store for Business with System Center Configuration Manager](https://docs.microsoft.com/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
For third-party MDM providers or management servers, check your product documentation.
\ No newline at end of file
diff --git a/store-for-business/distribute-apps-from-your-private-store.md b/store-for-business/distribute-apps-from-your-private-store.md
index 1b56b97f4b..29e97b30bb 100644
--- a/store-for-business/distribute-apps-from-your-private-store.md
+++ b/store-for-business/distribute-apps-from-your-private-store.md
@@ -28,7 +28,7 @@ You can make an app available in your private store when you acquire the app, or
2. Click an app, choose the license type, and then click **Get the app** to acquire the app for your organization.
-
+
Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps & software** for app distribution options.
@@ -37,7 +37,7 @@ Microsoft Store adds the app to **Apps & software**. Click **Manage**, **Apps &
1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
2. Click **Manage**, and then choose **Apps & software**.
-
+
3. Use **Refine results** to search for online-licensed apps under **License type**.
4. From the list of online-licensed apps, click the ellipses for the app you want, and then choose **Add to private store**.
diff --git a/store-for-business/distribute-apps-with-management-tool.md b/store-for-business/distribute-apps-with-management-tool.md
index 557c355557..7c5ff2adbd 100644
--- a/store-for-business/distribute-apps-with-management-tool.md
+++ b/store-for-business/distribute-apps-with-management-tool.md
@@ -22,7 +22,7 @@ You can configure a mobile device management (MDM) tool to synchronize your Micr
Your MDM tool needs to be installed and configured in Azure AD, in the same Azure AD directory used with Microsoft Store.
-In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md) and [Manage apps you purchased from the Windows Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune).
+In Azure AD management portal, find the MDM application, and then add it to your directory. Once the MDM has been configured in Azure AD, you can authorize the tool to work with the Microsoft Store for Business or Microsoft Store for Education. This allows the MDM tool to call Microsoft Store management tool services. For more information, see [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md) and [Manage apps you purchased from the Microsoft Store for Business with Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/manage-apps-you-purchased-from-the-windows-store-for-business-with-microsoft-intune).
Microsoft Store services provide:
@@ -44,11 +44,11 @@ MDM tool requirements:
## Distribute offline-licensed apps
-If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Windows Store for Business.](apps-in-windows-store-for-business.md#licensing-model)
+If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business.](apps-in-windows-store-for-business.md#licensing-model)
This diagram shows how you can use a management tool to distribute offline-licensed app to employees in your organization. Once synchronized from Store for Business, management tools can use the Windows Management framework to distribute applications to devices.
-
+
## Distribute online-licensed apps
@@ -59,13 +59,4 @@ This diagram shows how you can use a management tool to distribute an online-lic
## Related topics
[Configure MDM Provider](configure-mdm-provider-windows-store-for-business.md)
-[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](https://technet.microsoft.com/library/mt676514.aspx)
-
-
-
-
-
-
-
-
-
+[Manage apps you purchased from the Microsoft Store for Business and Education with Microsoft Intune](https://technet.microsoft.com/library/mt676514.aspx)
\ No newline at end of file
diff --git a/store-for-business/roles-and-permissions-windows-store-for-business.md b/store-for-business/roles-and-permissions-windows-store-for-business.md
index 8b3a7e74a3..00de7300ea 100644
--- a/store-for-business/roles-and-permissions-windows-store-for-business.md
+++ b/store-for-business/roles-and-permissions-windows-store-for-business.md
@@ -89,7 +89,7 @@ These permissions allow people to:
3. Click **Add people**, type a name, choose the role you want to assign, and click **Save** .
-
+
4. If you don't find the name you want, you might need to add people to your Azure AD directory. For more information, see [Manage user accounts in Microsoft Store for Business and Education](manage-users-and-groups-windows-store-for-business.md).
diff --git a/store-for-business/working-with-line-of-business-apps.md b/store-for-business/working-with-line-of-business-apps.md
index 1c683c1be0..87dc16ae0e 100644
--- a/store-for-business/working-with-line-of-business-apps.md
+++ b/store-for-business/working-with-line-of-business-apps.md
@@ -49,7 +49,7 @@ Admins need to invite developer or ISVs to become an LOB publisher.
**To invite a developer to become an LOB publisher**
-1. Sign in to the [Windows Store for Business]( https://go.microsoft.com/fwlink/p/?LinkId=623531).
+1. Sign in to the [Microsoft Store for Business]( https://go.microsoft.com/fwlink/p/?LinkId=623531).
2. Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
3. On the Line-of business publishers page, click **Invite** to send an email invitation to a developer.
>[!Note]
@@ -98,7 +98,7 @@ After an ISV submits the LOB app for your company or school, someone with Micros
After you add the app to your inventory, you can choose how to distribute the app. For more information, see:
-- [Distribute apps to your employees from the Windows Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md)
+- [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md)
- [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
diff --git a/windows/application-management/TOC.md b/windows/application-management/TOC.md
index 3f1e9a5aaa..35f3b14372 100644
--- a/windows/application-management/TOC.md
+++ b/windows/application-management/TOC.md
@@ -1,5 +1,6 @@
# [Manage applications in Windows 10](index.md)
## [Sideload apps](sideload-apps-in-windows-10.md)
+## [Remove background task resource restrictions](enterprise-background-activity-controls.md)
## [Application Virtualization (App-V) for Windows](app-v/appv-for-windows.md)
### [Getting Started with App-V](app-v/appv-getting-started.md)
#### [What's new in App-V for Windows 10, version 1703 and earlier](app-v/appv-about-appv.md)
@@ -101,6 +102,7 @@
#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md)
## [Service Host process refactoring](svchost-service-refactoring.md)
## [Per-user services in Windows](per-user-services-in-windows.md)
+## [Disabling System Services in Windows Server](https://docs.microsoft.com/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server)
## [Understand apps in Windows 10](apps-in-windows-10.md)
## [Deploy app upgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md)
## [Change history for Application management](change-history-for-application-management.md)
diff --git a/windows/application-management/change-history-for-application-management.md b/windows/application-management/change-history-for-application-management.md
index 5178cf9050..3aca385415 100644
--- a/windows/application-management/change-history-for-application-management.md
+++ b/windows/application-management/change-history-for-application-management.md
@@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Configure Windows 10](index.md)
| New or changed topic | Description |
| --- | --- |
| [Per-user services in Windows 10](per-user-services-in-windows.md) | New |
+| [Remove background task resource restrictions](enterprise-background-activity-controls.md) | New |
| [Understand the different apps included in Windows 10](apps-in-windows-10.md) | New |
## July 2017
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
new file mode 100644
index 0000000000..238dc36fc2
--- /dev/null
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -0,0 +1,63 @@
+---
+author: TylerMSFT
+title: Remove background task resource restrictions
+description: Allow enterprise background tasks unrestricted access to computer resources.
+ms.author: twhitney
+ms.date: 09/26/2017
+ms.topic: article
+ms.prod: windows
+ms.technology: uwp
+keywords: windows 10, uwp, enterprise, background task, resources
+---
+
+# Remove background task resource restrictions
+
+To provide the best experience for consumers, Windows provides controls that give users the choice of which experiences may run in the background.
+
+By default, resource limits are imposed on applications. Foreground apps are given the most memory and execution time; background apps get less. Users are thus protected from poor foreground app performance and heavy battery drain.
+
+Enterprise users want the same ability to enable or limit background activity. In Windows 10, version 1703 (also known as the Creators Update), enterprises can now configure settings via policy and provisioning that control background activity.
+
+## Background activity controls
+
+Users have the ability to control background activity for their device through two interfaces in the **Settings** app: the **Background apps** page and the **Battery usage by app** page. The **Background apps** page has a master switch to turn background activity on or off for all apps, and provides individual switches to control each app's ability to run in the background.
+
+
+
+The **Battery usage by app** page allows fine-grained tuning of background activity. Users have the ability to set background activity to by **Managed By Windows**, as well as turning it on or off for each app. Only devices with a battery have this page available in the **Settings** app. Here is the set of available controls on desktop:
+
+
+
+Here is the set of available controls for mobile devices:
+
+
+
+Although the user interface differs across editions of the operating system, the policy and developer interface is consistent across Windows 10. For more information about these controls, see [Optimize background activity](https://docs.microsoft.com/windows/uwp/debug-test-perf/optimize-background-activity).
+
+## Enterprise background activity controls
+
+Starting with Windows 10, version 1703, enterprises can control background activity through mobile device management (MDM) or Group Policy. The user controls discussed above can be controlled with the following policies:
+
+`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground`
+`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_ForceAllowTheseApps`
+`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_ForceDenyTheseApps`
+`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_UserInControlOfTheseApps`
+
+These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. See [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsruninbackground) for more information about these policies.
+
+An app can determine which settings are in place for itself by using [BackgroundExecutionManager.RequestAccessAsync](https://docs.microsoft.com/uwp/api/Windows.ApplicationModel.Background.BackgroundAccessStatus) before any background activity is attempted, and then examining the returned [BackgroundAccessStatus](https://docs.microsoft.com/uwp/api/windows.applicationmodel.background.backgroundaccessstatus) enumeration. The values of this enumeration correspond to settings in the **battery usage by App** settings page:
+
+- **AlwaysAllowed**: Corresponds to **Always Allowed in Background** and **Managed By User**. This enables apps to run as much as possible in the background, including while the device is in battery saver mode.
+
+- **AllowedSubjectToSystemPolicy**: This is the default value. It corresponds to **Managed by Windows**. This enables apps to run in the background as determined by Windows. If the device is currently in the battery saver state then background activities do not run.
+
+- **DeniedDueToSystemPolicy**: Corresponds to **Managed by Windows** and indicates that the system has determined that the app cannot currently run in the background.
+
+- **DeniedByUser**: Corresponds to **Never Allowed in the Background**. The app cannot run in the background. Either the configuration in the settings app, or enterprise policy, has defined that this app is not allowed to run in the background.
+
+The Universal Windows Platform ensures that consumers will have great battery life and that foreground apps will perform well. Enterprises have the ability to change settings to enable scenarios specific to their business needs. Administrators can use the **Background apps** policies to enable or disable whether a UWP app can run in the background.
+
+## See also
+
+[Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsruninbackground)
+[Optimize background activity](https://docs.microsoft.com/windows/uwp/debug-test-perf/optimize-background-activity)
diff --git a/windows/application-management/images/backgroundapps-setting.png b/windows/application-management/images/backgroundapps-setting.png
new file mode 100644
index 0000000000..ffa7af0ccf
Binary files /dev/null and b/windows/application-management/images/backgroundapps-setting.png differ
diff --git a/windows/application-management/images/battery-usage-by-app-desktop.png b/windows/application-management/images/battery-usage-by-app-desktop.png
new file mode 100644
index 0000000000..00f7d51136
Binary files /dev/null and b/windows/application-management/images/battery-usage-by-app-desktop.png differ
diff --git a/windows/application-management/images/battery-usage-by-app-mobile.png b/windows/application-management/images/battery-usage-by-app-mobile.png
new file mode 100644
index 0000000000..cb920d0d02
Binary files /dev/null and b/windows/application-management/images/battery-usage-by-app-mobile.png differ
diff --git a/windows/application-management/index.md b/windows/application-management/index.md
index 17767877fd..b42c674d12 100644
--- a/windows/application-management/index.md
+++ b/windows/application-management/index.md
@@ -19,9 +19,12 @@ Learn about managing applications in Windows 10 and Windows 10 Mobile clients.
| Topic | Description |
|---|---|
-|[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications|
|[Sideload apps in Windows 10](sideload-apps-in-windows-10.md)| Requirements and instructions for side-loading LOB applications on Windows 10 and Windows 10 Mobile clients|
-|[Per User services in Windows 10](sideload-apps-in-windows-10.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016|
-|[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise|
+| [Remove background task resource restrictions](enterprise-background-activity-controls.md) | Windows provides controls to manage which experiences may run in the background. |
+|[App-V](app-v/appv-getting-started.md)| Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications|
| [Service Host process refactoring](svchost-service-refactoring.md) | Changes to Service Host grouping in Windows 10 |
+|[Per User services in Windows 10](sideload-apps-in-windows-10.md)| Overview of per user services and instructions for viewing and disabling them in Windows 10 and Windows 2016|
+[Disabling System Services in Windows Server](https://docs.microsoft.com/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server) | Security guidelines for disabling services in Windows Server 2016 with Desktop Experience
+|[Understand apps in Windows 10](apps-in-windows-10.md)| Overview of the different apps included by default in Windows 10 Enterprise|
| [Deploy app updgrades on Windows 10 Mobile](deploy-app-upgrades-windows-10-mobile.md) | How to upgrade apps on Windows 10 Mobile |
+[Change history for Application management](change-history-for-application-management.md) | This topic lists new and updated topics in the Application management documentation for Windows 10 and Windows 10 Mobile.
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 59f79b2a6c..2e6580c656 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 07/27/2017
+ms.date: 09/19/2017
---
# AssignedAccess CSP
@@ -19,7 +19,7 @@ The AssignedAccess configuration service provider (CSP) is used set the device t
For step-by-step guide for setting up devices to run in kiosk mode, see [Set up a kiosk on Windows 10 Pro, Enterprise, or Education.](http://go.microsoft.com/fwlink/p/?LinkID=722211)
-> **Note** The AssignedAccess CSP is only supported in Windows 10 Enterprise and Windows 10 Education.
+> **Note** The AssignedAccess CSP is supported in Windows 10 Enterprise and Windows 10 Education. Starting in Windows 10, version 1709 it is also supported in Windows 10 Pro.
The following diagram shows the AssignedAccess configuration service provider in tree format
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index f619993de2..ff8c33aa7e 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/27/2017
+ms.date: 09/19/2017
---
# Configuration service provider reference
@@ -164,7 +164,7 @@ Footnotes:
 |
- |
+  3 |
|
|
|
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index e92ab5e8bc..9b64ff0fb4 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 06/19/2017
+ms.date: 09/19/2017
---
# EnterpriseAPN CSP
@@ -128,6 +128,149 @@ The following image shows the EnterpriseAPN configuration service provider in tr
Supported operations are Get and Replace.
+## Examples
+
+``` syntax
+
+
+
+
+
+
+ 8000
+
+
+ 8001
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/APNName
+
+
+ chr
+
+ enterprise_apn1
+
+
+
+ 8002
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/IPType
+
+
+ chr
+
+ IPv4
+
+
+
+ 8003
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/IsAttachAPN
+
+
+ bool
+
+ false
+
+
+
+ 8004
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/ClassId
+
+
+ chr
+
+ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA
+
+
+
+ 8005
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/AuthType
+
+
+ chr
+
+ CHAP
+
+
+
+ 8006
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/UserName
+
+
+ chr
+
+ myusername
+
+
+
+ 8007
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/Password
+
+
+ chr
+
+ mypassword
+
+
+
+ 8008
+ -
+
+ ./Vendor/MSFT/EnterpriseAPN/E_APN1/IccId
+
+
+ chr
+
+ FFFFFFFFFFFFFFFFFFFF
+
+
+
+
+
+
+
+
+
+
+```
+
## Related topics
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 50d3253a38..18854315f9 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 09/12/2017
+ms.date: 09/19/2017
---
# What's new in MDM enrollment and management
@@ -974,6 +974,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
+Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.
| [DeviceManageability CSP](devicemanageability-csp.md) |
@@ -1378,6 +1379,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.
+
+| [AssignedAccess CSP](assignedaccess-csp.md) |
+Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.
+ |
| Microsoft Store for Business |
Windows Store for Business name changed to Microsoft Store for Business.
@@ -1393,6 +1398,9 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
For examples, see section 4.3.1 RequestSecurityToken of the the MS-MDE2 protocol documentation.
|
+| [EntepriseAPN CSP](enterpriseapn-csp.md) |
+Added a SyncML example.
+ |
[VPNv2 CSP](vpnv2-csp.md) |
Added RegisterDNS setting in Windows 10, version 1709.
|
@@ -1617,6 +1625,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
+
Starting in Windows 10, version 1709, AssignedAccess CSP is supported in Windows 10 Pro.
| [SurfaceHub CSP](surfacehub-csp.md) |
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index d077ea3454..a6ffde5756 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/20/2017
---
# Policy CSP - System
@@ -303,7 +303,13 @@ ms.date: 08/30/2017
The following tables describe the supported values:
-
+Windows 8.1 Values:
+
+- 0 - Not allowed.
+- 1 – Allowed, except for Secondary Data Requests.
+- 2 (default) – Allowed.
+
+
+Windows 10 Values:
-
+- 0 – Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.
+ Note: This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
+- 1 – Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level.
+- 2 – Enhanced. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels.
+- 3 – Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.
+
+
> [!IMPORTANT]
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 1bf1c34365..acd676eecb 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/20/2017
---
# Policy CSP - Update
@@ -595,7 +595,34 @@ This policy is accessible through the Update setting in the user interface or Gr
If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
+OS upgrade:
+- Maximum deferral: 8 months
+- Deferral increment: 1 month
+- Update type/notes:
+ - Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5
+
+Update:
+- Maximum deferral: 1 month
+- Deferral increment: 1 week
+- Update type/notes:
+ If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
+ - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
+ - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
+ - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
+ - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
+ - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
+ - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
+ - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
+ - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
+
+Other/cannot defer:
+- Maximum deferral: No deferral
+- Deferral increment: No deferral
+- Update type/notes:
+ Any update category not specifically enumerated above falls into this category.
+ - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B
+
+
diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index 8ccede5240..14b763459a 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -2,6 +2,7 @@
## [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md)
## [Basic level Windows diagnostic events and fields](basic-level-windows-diagnostic-events-and-fields.md)
## [Windows 10, version 1703 diagnostic data](windows-diagnostic-data.md)
+## [Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)
## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
## [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md)
## [Configure kiosk and shared devices running Windows 10 desktop editions](kiosk-shared-pc.md)
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index 2a2a60a09d..a3cedc09a0 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,6 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: jdeckerms
+ms.date: 09/25/2017
---
# Change history for Configure Windows 10
@@ -15,16 +16,16 @@ author: jdeckerms
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## September 2017
-
-New or changed topic | Description
---- | ---
- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy.
+|New or changed topic | Description|
+|--- | ---|
+|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|New conceptual info about Windows 10 and the upcoming GDPR-compliance requirements.|
+|[Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added that Windows Spotlight can be managed by the Experience/AllowWindowsSpotlight MDM policy. |
## August 2017
-New or changed topic | Description
---- | ---
- [Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md) | New section; reference content from [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx) is being relocated here from MSDN.
+|New or changed topic | Description|
+|--- | ---|
+|[Windows Configuration Designer provisioning settings (reference)](wcd/wcd.md) | New section; reference content from [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx) is being relocated here from MSDN. |
## July 2017
| New or changed topic | Description |
diff --git a/windows/configuration/gdpr-win10-whitepaper.md b/windows/configuration/gdpr-win10-whitepaper.md
new file mode 100644
index 0000000000..434bb0239b
--- /dev/null
+++ b/windows/configuration/gdpr-win10-whitepaper.md
@@ -0,0 +1,335 @@
+---
+title: Beginning your General Data Protection Regulation (GDPR) journey for Windows 10 (Windows 10)
+description: Use this article to understand what GDPR is and about the products Microsoft provides to help you get started towards compliance.
+keywords: privacy, GDPR
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: high
+author: pwiglemsft
+ms.author: pwigle
+ms.date: 09/25/2017
+---
+
+# Beginning your General Data Protection Regulation (GDPR) journey for Windows 10
+
+This article provides info about the GDPR, including what it is, and the products Microsoft provides to help you to become compliant.
+
+## Introduction
+On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance.
+
+The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the privacy rights of individuals. The GDPR establishes strict global privacy requirements governing how you manage and protect personal data while respecting individual choice — no matter where data is sent, processed, or stored.
+
+Microsoft and our customers are now on a journey to achieve the privacy goals of the GDPR. At Microsoft, we believe privacy is a fundamental right, and we believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. But we also recognize that the GDPR will require significant changes by organizations all over the world.
+
+We have outlined our commitment to the GDPR and how we are supporting our customers within the [Get GDPR compliant with the Microsoft Cloud](https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/#hv52B68OZTwhUj2c.99) blog post by our Chief Privacy Officer [Brendon Lynch](https://blogs.microsoft.com/on-the-issues/author/brendonlynch/) and the [Earning your trust with contractual commitments to the General Data Protection Regulation](https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/#6QbqoGWXCLavGM63.99)” blog post by [Rich Sauer](https://blogs.microsoft.com/on-the-issues/author/rsauer/) - Microsoft Corporate Vice President & Deputy General Counsel.
+
+Although your journey to GDPR-compliance may seem challenging, we're here to help you. For specific information about the GDPR, our commitments and how to begin your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr).
+
+## GDPR and its implications
+The GDPR is a complex regulation that may require significant changes in how you gather, use and manage personal data. Microsoft has a long history of helping our customers comply with complex regulations, and when it comes to preparing for the GDPR, we are your partner on this journey.
+
+The GDPR imposes rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where those businesses are located. Among the key elements of the GDPR are the following:
+
+- **Enhanced personal privacy rights.** Strengthened data protection for residents of EU by ensuring they have the right to access to their personal data, to correct inaccuracies in that data, to erase that data, to object to processing of their personal data, and to move it.
+
+- **Increased duty for protecting personal data.** Reinforced accountability of organizations that process personal data, providing increased clarity of responsibility in ensuring compliance.
+
+- **Mandatory personal data breach reporting.** Organizations that control personal data are required to report personal data breaches that pose a risk to the rights and freedoms of individuals to their supervisory authorities without undue delay, and, where feasible, no later than 72 hours once they become aware of the breach.
+
+As you might anticipate, the GDPR can have a significant impact on your business, potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training. Microsoft Windows 10 can help you effectively and efficiently address some of these requirements.
+
+## Personal and sensitive data
+As part of your effort to comply with the GDPR, you will need to understand how the regulation defines personal and sensitive data and how those definitions relate to data held by your organization.
+
+The GDPR considers personal data to be any information related to an identified or identifiable natural person. That can include both direct identification (such as, your legal name) and indirect identification (such as, specific information that makes it clear it is you the data references). The GDPR also makes clear that the concept of personal data includes online identifiers (such as, IP addresses, mobile device IDs) and location data.
+
+The GDPR introduces specific definitions for genetic data (such as, an individual’s gene sequence) and biometric data. Genetic data and biometric data along with other sub categories of personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership: data concerning health; or data concerning a person’s sex life or sexual orientation) are treated as sensitive personal data under the GDPR. Sensitive personal data is afforded enhanced protections and generally requires an individual’s explicit consent where these data are to be processed.
+
+### Examples of info relating to an identified or identifiable natural person (data subject)
+This list provides examples of several types of info that will be regulated through GDPR. This is not an exhaustive list.
+
+- Name
+
+- Identification number (such as, SSN)
+
+- Location data (such as, home address)
+
+- Online identifier (such as, e-mail address, screen names, IP address, device IDs)
+
+- Pseudonymous data (such as, using a key to identify individuals)
+
+- Genetic data (such as, biological samples from an individual)
+
+- Biometric data (such as, fingerprints, facial recognition)
+
+## Getting started on the journey towards GDPR compliance
+Given how much is involved to become GDPR-compliant, we strongly recommend that you don't wait to prepare until enforcement begins. You should review your privacy and data management practices now. We recommend that you begin your journey to GDPR compliance by focusing on four key steps:
+
+- **Discover.** Identify what personal data you have and where it resides.
+
+- **Manage.** Govern how personal data is used and accessed.
+
+- **Protect.** Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
+
+- **Report.** Act on data requests, report data breaches, and keep required documentation.
+
+ 
+
+For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr).
+
+## Windows 10 security and privacy
+As you work to comply with the GDPR, understanding the role of your desktop and laptop client machines in creating, accessing, processing, storing and managing data that may qualify as personal and potentially sensitive data under the GDPR is important. Windows 10 provides capabilities that will help you comply with the GDPR requirements to implement appropriate technical and organizational security measures to protect personal data.
+
+With Windows 10, your ability to protect, detect and defend against the types of attacks that can lead to data breaches is greatly improved. Given the stringent requirements around breach notification within the GDPR, ensuring that your desktop and laptop systems are well defended will lower the risks you face that could result in costly breach analysis and notification.
+
+In this section, we'll talk about how Windows 10 provides capabilities that fit squarely in the **Protect** stage of your journey, including these 4 scenarios:
+
+- **Threat protection: Pre-breach threat resistance.** Disrupt the malware and hacking industry by moving the playing field to one where they lose the attack vectors that they depend on.
+
+- **Threat protection: Post-breach detection and response.** Detect, investigate, and respond to advanced threats and data breaches on your networks.
+
+- **Identity protection.** Next generation technology to help protect your user’s identities from abuse.
+
+- **Information protection.** Comprehensive data protection while meeting compliance requirements and maintaining user productivity.
+
+These capabilities, discussed in more detail below with references to specific GDPR requirements, are built on top of advanced device protection that maintains the integrity and security of the operating system and data.
+
+A key provision within the GDPR is data protection by design and by default, and helping with your ability to meet this provision are features within Windows 10 such as the Trusted Platform Module (TPM) technology designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations.
+
+The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. Some of the key advantages of using TPM technology are that you can:
+
+- Generate, store, and limit the use of cryptographic keys.
+
+- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself.
+
+- Help to ensure platform integrity by taking and storing security measurements.
+
+Additional advanced device protection relevant to your operating without data breaches include Windows Trusted Boot to help maintain the integrity of the system by ensuring malware is unable to start before system defenses.
+
+### Threat protection: Pre-breach threat resistance
+The GDPR requires you to implement appropriate technical and organizational security measures to protect personal data.
+
+Your ability to meet this requirement to implement appropriate technical security measures should reflect the threats you face in today’s increasingly hostile IT environment. Today’s security threat landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly focused on gaining community recognition through their attacks or the thrill of temporarily taking a system offline. Since then, attacker’s motives have shifted toward making money, including holding devices and data hostage until the owner pays the demanded ransom.
+
+Modern attacks increasingly focus on large-scale intellectual property theft; targeted system degradation that can result in financial loss; and now even cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources. Threats like these require an approach that can meet this challenge.
+
+Not only are these threats a risk to your ability to maintain control of any personal or sensitive data you may have, but they are a material risk to your overall business as well. Consider recent data from Ponemon Institute, Verizon, and Microsoft:
+
+- The average cost of the type of data breach the GDPR will expect you to report is $3.5M. (Ponemon Institute).
+
+- 63% of these breaches involve weak or stolen passwords that the GDPR expects you to address. (2016 Data Breach Investigations Report, Verizon Enterprise).
+
+- Over 300,000 new malware samples are created and spread every day making your task to address data protection even more challenging. (Microsoft Malware Protection Center, Microsoft).
+
+As seen with recent ransomware attacks, once called the "black plague" of the Internet, attackers are going after bigger targets that can afford to pay more, with potentially catastrophic consequences. Desktops and laptops, that contain personal and sensitive data, are commonly targeted where control over data might be lost.
+
+In response to these threats and as a part of your mechanisms to resist these types of breaches so that you remain in compliance with the GDPR, Windows 10 provides built in technology, detailed below including the following:
+
+- Windows Defender Antivirus to respond to emerging threats on data.
+
+- Microsoft Edge to systemically disrupt phishing, malware, and hacking attacks.
+
+- Windows Defender Device Guard to block all unwanted applications on client machines.
+
+#### Responding to emerging data threats
+Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers. In Windows 10, it uses a multi-pronged approach to improve antimalware:
+
+- **Cloud-delivered protection.** Helps to detect and block new malware within seconds, even if the malware has never been seen before.
+
+- **Rich local context.** Improves how malware is identified. Windows 10 informs Windows Defender Antivirus not only about content like files and processes, but also where the content came from, where it's been stored, and more.
+
+- **Extensive global sensors.** Help to keep Windows Defender Antivirus current and aware of even the newest malware. This is accomplished in two ways: by collecting the rich local context data from end points and by centrally analyzing that data.
+
+- **Tamper proofing.** Helps to guard Windows Defender Antivirus itself against malware attacks. For example, Windows Defender Antivirus uses Protected Processes, which prevents untrusted processes from attempting to tamper with Windows Defender Antivirus components, its registry keys, and so on.
+
+- **Enterprise-level features.** Give IT pros the tools and configuration options necessary to make Windows Defender Antivirus an enterprise-class antimalware solution.
+
+#### Systemically disrupting phishing, malware, and hacking attacks
+In today’s threat landscape, your ability to provide those mechanisms should be tied to the specific data-focused attacks you face through phishing, malware and hacking due to the browser-related attacks.
+
+As part of Windows 10, Microsoft has brought you Microsoft Edge, our safest and most secure browser to-date. Over the past two years, we have been continuously innovating, and we’re proud of the progress we’ve made. This quality of engineering is reflected by the reduction of Common Vulnerabilities and Exposures (CVE) when comparing Microsoft Edge with Internet Explorer over the past year. Browser-related attacks on personal and sensitive data that you will need to protect under the GDPR means this innovation in Windows 10 is important.
+
+While no modern browser — or any complex application — is free of vulnerabilities, many of the vulnerabilities for Microsoft Edge have been responsibly reported by professional security researchers who work with the Microsoft Security Response Center (MSRC) and the Microsoft Edge team to ensure customers are protected well before any attacker might use these vulnerabilities in the wild. Even better, there is no evidence that any vulnerabilities have been exploited in the wild as zero-day attacks.
+
+
+
+However, many businesses worldwide have come under increasing threat of targeted attacks, where attackers are crafting specialized attacks against a specific business, attempting to take control of corporate networks and data.
+
+#### Blocking all unwanted apps
+Application Control is your best defense in a world where there are more than 300,000 new malware samples each day. As part of Windows 10, Windows Defender Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period.
+
+With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Windows Defender Device Guard can use the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
+
+Windows Defender Device Guard protects threats that can expose personal or sensitive data to attack, including:
+
+- Exposure to new malware, for which the "signature" is not yet known
+
+- Exposure to unsigned code (most malware is unsigned)
+
+- Malware that gains access to the kernel and then, from within the kernel, captures sensitive information or damages the system
+
+- DMA-based attacks, for example, attacks launched from a malicious device that read secrets from memory, making the enterprise more vulnerable to attack; and
+
+- Exposure to boot kits or to a physically present attacker at boot time.
+
+### Threat protection: Post-breach detection and response
+The GDPR includes explicit requirements for breach notification where a personal data breach means, “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
+
+As noted in the Windows Security Center white paper, [Post Breach: Dealing with Advanced Threats](http://wincom.blob.core.windows.net/documents/Post_Breach_Dealing_with_Advanced_Threats_Whitepaper.pdf), “_Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar._”
+
+#### Insightful security telemetry
+For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify our platform and protect customers. Today, with the immense computing advantages afforded by the cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect our customers.
+
+By applying a combination of automated and manual processes, machine learning and human experts, we can create an Intelligent Security Graph that learns from itself and evolves in real-time, reducing our collective time to detect and respond to new incidents across our products.
+
+
+
+The scope of Microsoft’s threat intelligence spans, literally, billions of data points: 35 billion messages scanned monthly, 1 billion customers across enterprise and consumer segments accessing 200+ cloud services, and 14 billion authentications performed daily. All this data is pulled together on your behalf by Microsoft to create the Intelligent Security Graph that can help you protect your front door dynamically to stay secure, remain productive, and meet the requirements of the GDPR.
+
+#### Detecting attacks and forensic investigation
+Even the best endpoint defenses may be breached eventually, as cyberattacks become more sophisticated and targeted.
+
+Windows Defender Advanced Threat Protection (ATP) helps you detect, investigate, and respond to advanced attacks and data breaches on your networks. GDPR expects you to protect against attacks and breaches through technical security measures to ensure the ongoing confidentiality, integrity, and availability of personal data.
+
+Among the key benefits of ATP are the following:
+
+- Detecting the undetectable - sensors built deep into the operating system kernel, Windows security experts, and unique optics from over 1 billion machines and signals across all Microsoft services.
+
+- Built in, not bolted on - agentless with high performance and low impact, cloud-powered; easy management with no deployment.
+
+- Single pane of glass for Windows security - explore 6 months of rich machine timeline that unifies security events from Windows Defender ATP, Windows Defender Antivirus.
+
+- Power of the Microsoft graph - leverages the Microsoft Intelligence Security Graph to integrate detection and exploration with Office 365 ATP subscription, to track back and respond to attacks.
+
+Read more at [What’s new in the Windows Defender ATP Creators Update preview](https://blogs.microsoft.com/microsoftsecure/2017/03/13/whats-new-in-the-windows-defender-atp-creators-update-preview/).
+
+To provide Detection capabilities, Windows 10 improves our OS memory and kernel sensors to enable detection of attackers who are employing in-memory and kernel-level attacks – shining a light into previously dark spaces where attackers hid from conventional detection tools. We’ve already successfully leveraged this new technology against zero-days attacks on Windows.
+
+
+
+We continue to upgrade our detections of ransomware and other advanced attacks, applying our behavioral and machine-learning detection library to counter changing attacks trends. Our historical detection capability ensures new detection rules apply to up to six months of stored data to detect attacks that previously went unnoticed. Customers can also add customized detection rules or IOCs to augment the detection dictionary.
+
+Customers asked us for a single pane of glass across the entire Windows security stack. Windows Defender Antivirus detections and Windows Defender Device Guard blocks are the first to surface in the Windows Defender ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track attackers moving laterally across the network.
+
+Our alert page now includes a new process tree visualization that aggregates multiple detections and related events into a single view that helps security teams reduce the time to resolve cases by providing the information required to understand and resolve incidents without leaving the alert page.
+
+Security Operations (SecOps) can hunt for evidence of attacks, such as file names or hashes, IP addresses or URLs, behaviors, machines, or users. They can do this immediately by searching the organization’s cloud inventory, across all machines – and going back up to 6 months in time – even if machines are offline, have been reimaged, or no longer exist.
+
+
+
+When detecting an attack, security teams can now take immediate action: isolate machines, ban files from the network, kill or quarantine running processes or files, or retrieve an investigation package from a machine to provide forensic evidence – with a click of a button. Because while detecting advanced attacks is important – shutting them down is even more so.
+
+
+
+### Identity Protection
+Identify and access management is another area where the GDPR has placed special emphasis by calling for mechanisms to grant and restrict access to data subject personal data (for example, role-based access, segregation of duties).
+
+#### Multi-factor protection
+Biometric authentication – using your face, iris, or fingerprint to unlock your devices – is much safer than traditional passwords. You– uniquely you– plus your device are the keys to your apps, data, and even websites and services – not a random assortment of letters and numbers that are easily forgotten, hacked, or written down and pinned to a bulletin board.
+
+Your ability to protect personal and sensitive data, that may be stored or accessed through desktop or laptops will be further enhanced by adopting advanced authentication capabilities such as Windows Hello for Business and Windows Hello companion devices. Windows Hello for Business, part of Windows 10, gives users a personal, secured experience where the device is authenticated based on their presence. Users can log in with a look or a touch, with no need for a password.
+
+In conjunction with Windows Hello for Business, biometric authentication uses fingerprints or facial recognition and is more secure, more personal, and more convenient. If an application supports Hello, Windows 10 enables you to authenticate applications, enterprise content, and even certain online experiences without a password being stored on your device or in a network server at all.
+Windows Hello for Business works with the Companion Device Framework to enhance the user authentication experience. Using the Windows Hello Companion Device Framework, a companion device can provide a rich experience for Windows Hello even when biometrics are not available (for example, if the Windows 10 desktop lacks a camera for face authentication or fingerprint reader device).
+
+There are numerous ways one can use the Windows Hello Companion Device Framework to build a great Windows unlock experience with a companion device. For example, users can:
+
+- Work offline (for example, while traveling on a plane)
+
+- Attach their companion device to PC via USB, touch the button on the companion device, and automatically unlock their PC.
+
+- Carry a phone in their pocket that is already paired with their PC over Bluetooth. Upon hitting the spacebar on their PC, their phone receives a notification. Approve it and the PC simply unlocks.
+
+- Tap their companion device to an NFC reader to quickly unlock their PC.
+
+- Wear a fitness band that has already authenticated the wearer. Upon approaching PC, and by performing a special gesture (like clapping), the PC unlocks.
+
+#### Protection against attacks by isolating user credentials
+As noted in the [Windows 10 Credential Theft Mitigation Guide](https://www.microsoft.com/en-us/download/confirmation.aspx?id=54095), “_the tools and techniques criminals use to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to achieve their goals. Credential theft often relies on operational practices or user credential exposure, so effective mitigations require a holistic approach that addresses people, processes, and technology. In addition, these attacks rely on the attacker stealing credentials after compromising a system to expand or persist access, so organizations must contain breaches rapidly by implementing strategies that prevent attackers from moving freely and undetected in a compromised network._”
+
+An important design consideration for Windows 10 was mitigating credential theft — in particular, derived credentials. Windows Defender Credential Guard provides significantly improved security against derived credential theft and reuse by implementing a significant architectural change in Windows designed to help eliminate hardware-based isolation attacks rather than simply trying to defend against them.
+
+When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges can't extract secrets that are protected by virtualization-based security. While Windows Defender Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Windows Defender Device Guard, as described above, and other security strategies and architectures.
+
+### Information Protection
+The GDPR is focused on information protection regarding data that is considered as personal or sensitive in relation to a natural person, or data subject. Device protection, protection against threats, and identity protection are all important elements of a Defense in Depth strategy surrounding a layer of information protection in your laptop and desktop systems.
+
+As to the protection of data, the GDPR recognizes that in assessing data security risk, consideration should be given to the risks that are presented such as accidental loss, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. It also recommends that measures taken to maintain an appropriate level of security should consider the state-of-the-art and the costs of implementation in relation to the risks among other factors.
+
+Windows 10 provides built in risk mitigation capabilities for today’s threat landscape. In this section, we will look at the types of technologies that will help your journey toward GDPR compliance and at the same time provide you with solid overall data protection as part of a comprehensive information protection strategy.
+
+
+
+#### Encryption for lost or stolen devices
+The GDPR calls for mechanisms that implement appropriate technical security measures to confirm the ongoing confidentiality, integrity, and availability of both personal data and processing systems. BitLocker Encryption, first introduced as part of Microsoft's Next-Generation Secure Computing Base architecture in 2004 and made available with Windows Vista, is a built-in data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
+
+BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or later. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to protect user data and to ensure that a computer has not been tampered with while the system was offline.
+
+Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
+
+Related to BitLocker are Encrypted Hard Drives, a new class of hard drives that are self-encrypting at a hardware level and allow for full disk hardware encryption. Encrypted Hard Drives use the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
+
+By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
+
+Some of the benefits of Encrypted Hard Drives include:
+
+- **Better performance.** Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation.
+
+- **Strong security based in hardware.** Encryption is always "on" and the keys for encryption never leave the hard drive. User authentication is performed by the drive before it will unlock, independently of the operating system
+
+- **Ease of use.** Encryption is transparent to the user because it is on by default. There is no user interaction needed to enable encryption. Encrypted Hard Drives are easily erased using on-board encryption key; there is no need to re-encrypt data on the drive.
+
+- **Lower cost of ownership.** There is no need for new infrastructure to manage encryption keys, since BitLocker leverages your Active Directory Domain Services infrastructure to store recovery information. Your device operates more efficiently because processor cycles don't need to be used for the encryption process.
+
+#### Preventing accidental data leaks to unauthorized users
+Part of the reality of your operating in a mobile-first, cloud-first world is the notion that some laptops will have multiple purposes – both business and personal. Yet that data that is considered as personal and sensitive regarding EU residents considered as “data subjects” must be protected in line with the requirements of the GDPR.
+
+Windows Information Protection helps people separate their work and personal data and keeps data encrypted wherever it’s stored. Your employees can safely use both work and personal data on the same device without switching applications. Windows Information Protection helps end users avoid inadvertent data leaks by sending a warning when copy/pasting information in non-corporate applications – end users can still proceed but the action will be logged centrally.
+
+For example, employees can’t send protected work files from a personal email account instead of their work account. They also can’t accidently post personal or sensitive data from a corporate site into a tweet. Windows Information Protection also helps ensure that they aren’t saving personal or sensitive data in a public cloud storage location.
+
+#### Capabilities to classify, assign permissions and share data
+Windows Information Protection is designed to coexist with advanced data loss prevention (DLP) capabilities found in Office 365 ProPlus, Azure Information Protection, and Azure Rights Management. Advanced DLP prevents printing, for example, or protects work data that is emailed outside your company.
+
+To continously protect your data, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows, the classification and protection needs to be built into the file itself, so this protection can travel with the data wherever it goes. Microsoft Azure Information Protection (AIP) is designed to provide this persistent data protection both on-premises and in the cloud.
+
+Data classification is an important part of any data governance plan. Adopting a classification scheme that applies throughout your business can be particularly helpful in responding to what the GDPR calls data subject (for example, your EU employee or customer) requests, because it enables enterprises to identify more readily and process personal data requests.
+
+Azure Information Protection can be used to help you classify and label your data at the time of creation or modification. Protection in the form of encryption, which the GDPR recognizes may be appropriate at times, or visual markings can then be applied to data needing protection.
+
+With Azure Information Protection, you can either query for data marked with a sensitivity label or intelligently identify sensitive data when a file or email is created or modified. Once identified, you can automatically classify and label the data – all based on the company’s desired policy.
+
+Azure Information Protection also helps your users share sensitive data in a secure manner. In the example below, information about a sensitive acquisition was encrypted and restricted to a group of people who were granted only a limited set of permissions on the information – they could modify the content but could not copy or print it.
+
+
+
+## Related content for associated Windows 10 solutions
+
+- **Windows Hello for Business:** https://www.youtube.com/watch?v=WOvoXQdj-9E and https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-identity-verification
+
+- **Windows Defender Antivirus:** https://www.youtube.com/watch?v=P1aNEy09NaI and https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10
+
+- **Windows Defender Advanced Threat Protection:** https://www.youtube.com/watch?v=qxeGa3pxIwg and https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection
+
+- **Windows Defender Device Guard:** https://www.youtube.com/watch?v=F-pTkesjkhI and https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide
+
+- **Windows Defender Credential Guard:** https://www.youtube.com/watch?v=F-pTkesjkhI and https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard
+
+- **Windows Information Protection:** https://www.youtube.com/watch?v=wLkQOmK7-Jg and https://docs.microsoft.com/en-us/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip
+
+- Windows 10 Security Guide: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-10-security-guide
+
+## Disclaimer
+This article is a commentary on the GDPR, as Microsoft interprets it, as of the date of publication. We’ve spent a lot of time with GDPR and like to think we’ve been thoughtful about its intent and meaning. But the application of GDPR is highly fact-specific, and not all aspects and interpretations of GDPR are well-settled.
+
+As a result, this article is provided for informational purposes only and should not be relied upon as legal advice or to determine how GDPR might apply to you and your organization. We encourage you to work with a legally-qualified professional to discuss GDPR, how it applies specifically to your organization, and how best to ensure compliance.
+
+MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS ARTICLE. This article is provided “as-is.” Information and views expressed in this article, including URL and other Internet website references, may change without notice.
+
+This article does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this article for your internal, reference purposes only.
+
+Published September 2017
+Version 1.0
+© 2017 Microsoft. All rights reserved.
\ No newline at end of file
diff --git a/windows/configuration/images/gdpr-azure-info-protection.png b/windows/configuration/images/gdpr-azure-info-protection.png
new file mode 100644
index 0000000000..ff4581286d
Binary files /dev/null and b/windows/configuration/images/gdpr-azure-info-protection.png differ
diff --git a/windows/configuration/images/gdpr-comp-info-protection.png b/windows/configuration/images/gdpr-comp-info-protection.png
new file mode 100644
index 0000000000..a332b3476f
Binary files /dev/null and b/windows/configuration/images/gdpr-comp-info-protection.png differ
diff --git a/windows/configuration/images/gdpr-cve-graph.png b/windows/configuration/images/gdpr-cve-graph.png
new file mode 100644
index 0000000000..ebc3e7e36b
Binary files /dev/null and b/windows/configuration/images/gdpr-cve-graph.png differ
diff --git a/windows/configuration/images/gdpr-intelligent-security-graph.png b/windows/configuration/images/gdpr-intelligent-security-graph.png
new file mode 100644
index 0000000000..9448465c08
Binary files /dev/null and b/windows/configuration/images/gdpr-intelligent-security-graph.png differ
diff --git a/windows/configuration/images/gdpr-security-center.png b/windows/configuration/images/gdpr-security-center.png
new file mode 100644
index 0000000000..26936520a9
Binary files /dev/null and b/windows/configuration/images/gdpr-security-center.png differ
diff --git a/windows/configuration/images/gdpr-security-center2.png b/windows/configuration/images/gdpr-security-center2.png
new file mode 100644
index 0000000000..971a9918a5
Binary files /dev/null and b/windows/configuration/images/gdpr-security-center2.png differ
diff --git a/windows/configuration/images/gdpr-security-center3.png b/windows/configuration/images/gdpr-security-center3.png
new file mode 100644
index 0000000000..2c5e279211
Binary files /dev/null and b/windows/configuration/images/gdpr-security-center3.png differ
diff --git a/windows/configuration/images/gdpr-steps-diagram.png b/windows/configuration/images/gdpr-steps-diagram.png
new file mode 100644
index 0000000000..8fce18bccd
Binary files /dev/null and b/windows/configuration/images/gdpr-steps-diagram.png differ
diff --git a/windows/configuration/images/package.png b/windows/configuration/images/package.png
index f5e975e3e9..e10cf84f51 100644
Binary files a/windows/configuration/images/package.png and b/windows/configuration/images/package.png differ
diff --git a/windows/configuration/index.md b/windows/configuration/index.md
index df0e8e3a76..93aa72ed2a 100644
--- a/windows/configuration/index.md
+++ b/windows/configuration/index.md
@@ -21,6 +21,7 @@ Enterprises often need to apply custom configurations to devices for their users
| [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md) | Use this article to make informed decisions about how you can configure Windows telemetry in your organization. |
| [Basic level Windows diagnostic data](basic-level-windows-diagnostic-events-and-fields.md) | Learn about diagnostic data that is collected at the basic level in Windows 10, version 1703. |
| [Windows 10, version 1703 diagnostic data](windows-diagnostic-data.md) | Learn about the types of data that is collected at the full level in Windows 10, version 1703. |
+|[Beginning your General Data Protection Regulation (GDPR) journey for Windows 10](gdpr-win10-whitepaper.md)|Learn about Windows 10 and the upcoming GDPR-compliance requirements.|
| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro. |
| [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places. It can connect you to open Wi-Fi hotspots it knows about through crowdsourcing, or to Wi-Fi networks your contacts have shared with you by using Wi-Fi Sense. The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10. |
| [Configure kiosk and shared devices running Windows 10 desktop editions](kiosk-shared-pc.md) | These topics help you configure Windows 10 devices to be shared by multiple users or to run as a kiosk device that runs a single app. |
diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f76eec93a1..ac7292e972 100644
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -71,7 +71,7 @@ See the following table for a summary of the management settings for Windows 10
| Setting | UI | Group Policy | MDM policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) | |  | | | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  | | | |
| [2. Cortana and Search](#bkmk-cortana) |  |  |  |  |  |
| [3. Date & Time](#bkmk-datetime) |  |  | |  | |
| [4. Device metadata retrieval](#bkmk-devinst) | |  | |  | |
@@ -124,7 +124,7 @@ See the following table for a summary of the management settings for Windows Ser
| Setting | UI | Group Policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) | |  |  | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | |  |  | |
| [2. Cortana and Search](#bkmk-cortana) |  |  |  | |
| [3. Date & Time](#bkmk-datetime) |  |  |  | |
| [4. Device metadata retrieval](#bkmk-devinst) | |  |  | |
@@ -150,7 +150,7 @@ See the following table for a summary of the management settings for Windows Ser
| Setting | Group Policy | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) |  |  | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  |  | |
| [3. Date & Time](#bkmk-datetime) |  |  | |
| [6. Font streaming](#font-streaming) |  |  | |
| [13. Network Connection Status Indicator](#bkmk-ncsi) |  | | |
@@ -165,7 +165,7 @@ See the following table for a summary of the management settings for Windows Ser
| Setting | Registry | Command line |
| - | :-: | :-: | :-: | :-: | :-: |
-| [1. Certificate trust lists](#certificate-trust-lists) |  | |
+| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) |  | |
| [3. Date & Time](#bkmk-datetime) |  | |
| [20. Teredo](#bkmk-teredo) | |  |
| [27. Windows Update](#bkmk-wu) |  | |
@@ -174,16 +174,15 @@ See the following table for a summary of the management settings for Windows Ser
Use the following sections for more information about how to configure each setting.
-### 1. Certificate trust lists
+### 1. Automatic Root Certificates Update
-A certificate trust list is a predefined list of items, such as a list of certificate hashes or a list of file name, that are signed by a trusted entity. Windows automatically downloads an updated certificate trust list when it is available.
-
-To turn off the automatic download of an updated certificate trust list, you can turn off automatic root updates, which also includes the disallowed certificate list and the pin rules list.
+The Automatic Root Certificates Update component is designed to automatically check the list of trusted authorities on Windows Update to see if an update is available.
+For more information, see [Automatic Root Certificates Update Configuration](https://technet.microsoft.com/library/cc733922.aspx).
+Although not recommended, you can turn off Automatic Root Certificates Update, which also prevents updates to the disallowed certificate list and the pin rules list.
> [!CAUTION]
> By not automatically downloading the root certificates, the device might have not be able to connect to some websites.
-
For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core:
- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update**
diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 3d057730dc..5055de6869 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -244,4 +244,6 @@
#### [Get started with Device Health](update/device-health-get-started.md)
#### [Using Device Health](update/device-health-using.md)
-## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)
\ No newline at end of file
+## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)
+
+## [Architectural planning posters for Windows 10](windows-10-architecture-posters.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-architecture-posters.md b/windows/deployment/windows-10-architecture-posters.md
new file mode 100644
index 0000000000..b8accd1126
--- /dev/null
+++ b/windows/deployment/windows-10-architecture-posters.md
@@ -0,0 +1,25 @@
+---
+title: Deploy Windows 10 - architectural posters
+description: Provides architural planning posters for Windows 10 in the enterprise
+ms.prod: w10
+ms.author: elizapo
+author: lizap
+ms.date: 09/22/2017
+ms.tgt_pltfrm: na
+ms.topic: article
+ms.localizationpriority: low
+---
+# Architectural planning posters for Windows 10
+
+You can download the following posters for architectural information about deploying Windows 10 in the enterprise.
+
+- [Deploy Windows 10 - Clean installation](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf)
+ Learn about the options and steps for a new installation of Windows 10.
+- [Deploy Windows 10 - In-place upgrade](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf)
+ Learn about the steps to upgrade from a previous version of Windows.
+- [Deploy Windows 10 - Windows AutoPilot](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf)
+ Learn how you can set up and pre-configure Windows 10 devices.
+- [Deploy Windows 10 - Windows servicing](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/WindowsServicing.pdf)
+ Learn how to keep Windows up to date.
+- [Deploy Windows 10 - Protection solutions](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/master/windows/media/ModernSecureDeployment/WindowsServicing.pdf)
+ Learn about the two tiers of protection available for Windows 10 devices.
diff --git a/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md b/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
index d99dda899b..9898cd57e6 100644
--- a/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+++ b/windows/device-security/applocker/add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Add rules for packaged apps to existing AppLocker rule-set
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
diff --git a/windows/device-security/applocker/administer-applocker.md b/windows/device-security/applocker/administer-applocker.md
index 0940acac92..327c091fee 100644
--- a/windows/device-security/applocker/administer-applocker.md
+++ b/windows/device-security/applocker/administer-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Administer AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
diff --git a/windows/device-security/applocker/applocker-architecture-and-components.md b/windows/device-security/applocker/applocker-architecture-and-components.md
index 98760516ec..1d788081eb 100644
--- a/windows/device-security/applocker/applocker-architecture-and-components.md
+++ b/windows/device-security/applocker/applocker-architecture-and-components.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker architecture and components
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professional describes AppLocker’s basic architecture and its major components.
diff --git a/windows/device-security/applocker/applocker-functions.md b/windows/device-security/applocker/applocker-functions.md
index cd1534c55b..1f4bac9193 100644
--- a/windows/device-security/applocker/applocker-functions.md
+++ b/windows/device-security/applocker/applocker-functions.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker functions
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
diff --git a/windows/device-security/applocker/applocker-overview.md b/windows/device-security/applocker/applocker-overview.md
index 1d4fe3bc2f..fd329b6d3d 100644
--- a/windows/device-security/applocker/applocker-overview.md
+++ b/windows/device-security/applocker/applocker-overview.md
@@ -13,7 +13,8 @@ author: brianlic-msft
# AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
diff --git a/windows/device-security/applocker/applocker-policies-deployment-guide.md b/windows/device-security/applocker/applocker-policies-deployment-guide.md
index 2adc3ff79b..c229df7483 100644
--- a/windows/device-security/applocker/applocker-policies-deployment-guide.md
+++ b/windows/device-security/applocker/applocker-policies-deployment-guide.md
@@ -13,7 +13,8 @@ author: brianlic-msft
# AppLocker deployment guide
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
diff --git a/windows/device-security/applocker/applocker-policies-design-guide.md b/windows/device-security/applocker/applocker-policies-design-guide.md
index 2e331c4fb8..afac5cb15b 100644
--- a/windows/device-security/applocker/applocker-policies-design-guide.md
+++ b/windows/device-security/applocker/applocker-policies-design-guide.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker design guide
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
diff --git a/windows/device-security/applocker/applocker-policy-use-scenarios.md b/windows/device-security/applocker/applocker-policy-use-scenarios.md
index 64a8fd4db0..6c6e1335bb 100644
--- a/windows/device-security/applocker/applocker-policy-use-scenarios.md
+++ b/windows/device-security/applocker/applocker-policy-use-scenarios.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker policy use scenarios
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
diff --git a/windows/device-security/applocker/applocker-processes-and-interactions.md b/windows/device-security/applocker/applocker-processes-and-interactions.md
index 5f07c7d07f..d19b4571b0 100644
--- a/windows/device-security/applocker/applocker-processes-and-interactions.md
+++ b/windows/device-security/applocker/applocker-processes-and-interactions.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker processes and interactions
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
diff --git a/windows/device-security/applocker/applocker-settings.md b/windows/device-security/applocker/applocker-settings.md
index 7af2350b9d..09db2282ac 100644
--- a/windows/device-security/applocker/applocker-settings.md
+++ b/windows/device-security/applocker/applocker-settings.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker settings
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional lists the settings used by AppLocker.
diff --git a/windows/device-security/applocker/applocker-technical-reference.md b/windows/device-security/applocker/applocker-technical-reference.md
index 1c797a1679..b5b962a6d7 100644
--- a/windows/device-security/applocker/applocker-technical-reference.md
+++ b/windows/device-security/applocker/applocker-technical-reference.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# AppLocker technical reference
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This overview topic for IT professionals provides links to the topics in the technical reference.
AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.
diff --git a/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md b/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md
index 206c0415fe..03221fef8b 100644
--- a/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md
+++ b/windows/device-security/applocker/configure-an-applocker-policy-for-audit-only.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Configure an AppLocker policy for audit only
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
diff --git a/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md b/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md
index 55e87ba39a..b0c0d7c0ee 100644
--- a/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md
+++ b/windows/device-security/applocker/configure-an-applocker-policy-for-enforce-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Configure an AppLocker policy for enforce rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
diff --git a/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md b/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md
index be96e323ed..f71b399f0b 100644
--- a/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md
+++ b/windows/device-security/applocker/configure-exceptions-for-an-applocker-rule.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Add exceptions for an AppLocker rule
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
diff --git a/windows/device-security/applocker/configure-the-appLocker-reference-device.md b/windows/device-security/applocker/configure-the-appLocker-reference-device.md
index 97d6fd1361..61dbae6818 100644
--- a/windows/device-security/applocker/configure-the-appLocker-reference-device.md
+++ b/windows/device-security/applocker/configure-the-appLocker-reference-device.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Configure the AppLocker reference device
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
diff --git a/windows/device-security/applocker/configure-the-application-identity-service.md b/windows/device-security/applocker/configure-the-application-identity-service.md
index 84a1d64b98..92fb37f9dd 100644
--- a/windows/device-security/applocker/configure-the-application-identity-service.md
+++ b/windows/device-security/applocker/configure-the-application-identity-service.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Configure the Application Identity service
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
diff --git a/windows/device-security/applocker/create-a-rule-for-packaged-apps.md b/windows/device-security/applocker/create-a-rule-for-packaged-apps.md
index f0ed699e79..e2dfbd96a7 100644
--- a/windows/device-security/applocker/create-a-rule-for-packaged-apps.md
+++ b/windows/device-security/applocker/create-a-rule-for-packaged-apps.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create a rule for packaged apps
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
diff --git a/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md b/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md
index 4a1038f165..a7249454f8 100644
--- a/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md
+++ b/windows/device-security/applocker/create-a-rule-that-uses-a-file-hash-condition.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create a rule that uses a file hash condition
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
diff --git a/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md b/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md
index 89a34500cd..1c60d5de26 100644
--- a/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md
+++ b/windows/device-security/applocker/create-a-rule-that-uses-a-path-condition.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create a rule that uses a path condition
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals shows how to create an AppLocker rule with a path condition.
diff --git a/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md b/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md
index 214dca0f70..a36f9277e4 100644
--- a/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md
+++ b/windows/device-security/applocker/create-a-rule-that-uses-a-publisher-condition.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create a rule that uses a publisher condition
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
diff --git a/windows/device-security/applocker/create-applocker-default-rules.md b/windows/device-security/applocker/create-applocker-default-rules.md
index 6f5b802707..c4a5905eee 100644
--- a/windows/device-security/applocker/create-applocker-default-rules.md
+++ b/windows/device-security/applocker/create-applocker-default-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create AppLocker default rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
diff --git a/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md b/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md
index ef423697d1..215c091908 100644
--- a/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/device-security/applocker/create-list-of-applications-deployed-to-each-business-group.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create a list of apps deployed to each business group
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
diff --git a/windows/device-security/applocker/create-your-applocker-planning-document.md b/windows/device-security/applocker/create-your-applocker-planning-document.md
index f2b23f5937..43d92ab3a8 100644
--- a/windows/device-security/applocker/create-your-applocker-planning-document.md
+++ b/windows/device-security/applocker/create-your-applocker-planning-document.md
@@ -12,8 +12,8 @@ author: brianlic-msft
# Create your AppLocker planning document
**Applies to**
-
-- Windows 10
+ - Windows 10
+ - Windows Server
This planning topic for the IT professional summarizes the information you need to research and include in your AppLocker planning document.
diff --git a/windows/device-security/applocker/create-your-applocker-policies.md b/windows/device-security/applocker/create-your-applocker-policies.md
index e4ecc44cee..bea50a3693 100644
--- a/windows/device-security/applocker/create-your-applocker-policies.md
+++ b/windows/device-security/applocker/create-your-applocker-policies.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create Your AppLocker policies
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
diff --git a/windows/device-security/applocker/create-your-applocker-rules.md b/windows/device-security/applocker/create-your-applocker-rules.md
index 8bcb7daf24..d7a36fa59b 100644
--- a/windows/device-security/applocker/create-your-applocker-rules.md
+++ b/windows/device-security/applocker/create-your-applocker-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Create Your AppLocker rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
diff --git a/windows/device-security/applocker/delete-an-applocker-rule.md b/windows/device-security/applocker/delete-an-applocker-rule.md
index 4f50ad433f..e818e08680 100644
--- a/windows/device-security/applocker/delete-an-applocker-rule.md
+++ b/windows/device-security/applocker/delete-an-applocker-rule.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Delete an AppLocker rule
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to delete an AppLocker rule.
diff --git a/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index 0e2faeb18c..365a343e7a 100644
--- a/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/device-security/applocker/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -9,11 +9,11 @@ ms.pagetype: security
author: brianlic-msft
---
-
# Deploy AppLocker policies by using the enforce rules setting
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
diff --git a/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md b/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md
index e56061213f..576d4c610d 100644
--- a/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md
+++ b/windows/device-security/applocker/deploy-the-applocker-policy-into-production.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Deploy the AppLocker policy into production
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
diff --git a/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md b/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md
index 1544475c03..9d33fcc296 100644
--- a/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md
+++ b/windows/device-security/applocker/determine-group-policy-structure-and-rule-enforcement.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Determine the Group Policy structure and rule enforcement
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
diff --git a/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md b/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
index ccf2483c4d..a1b50fe0f8 100644
--- a/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+++ b/windows/device-security/applocker/determine-which-applications-are-digitally-signed-on-a-reference-computer.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Determine which apps are digitally signed on a reference device
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
diff --git a/windows/device-security/applocker/determine-your-application-control-objectives.md b/windows/device-security/applocker/determine-your-application-control-objectives.md
index a74a000710..90a1979777 100644
--- a/windows/device-security/applocker/determine-your-application-control-objectives.md
+++ b/windows/device-security/applocker/determine-your-application-control-objectives.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Determine your application control objectives
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
diff --git a/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md b/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
index 85c56528b1..3f2d01bceb 100644
--- a/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+++ b/windows/device-security/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Display a custom URL message when users try to run a blocked app
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
diff --git a/windows/device-security/applocker/dll-rules-in-applocker.md b/windows/device-security/applocker/dll-rules-in-applocker.md
index b6e4cd9e93..913e1d22ee 100644
--- a/windows/device-security/applocker/dll-rules-in-applocker.md
+++ b/windows/device-security/applocker/dll-rules-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# DLL rules in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the file formats and available default rules for the DLL rule collection.
diff --git a/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md b/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
index 72c1c10193..3837b7f34e 100644
--- a/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
+++ b/windows/device-security/applocker/document-group-policy-structure-and-applocker-rule-enforcement.md
@@ -12,7 +12,8 @@ ms.pagetype: security
# Document the Group Policy structure and AppLocker rule enforcement
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
diff --git a/windows/device-security/applocker/document-your-application-control-management-processes.md b/windows/device-security/applocker/document-your-application-control-management-processes.md
index 6e2a75390d..30b683d9ff 100644
--- a/windows/device-security/applocker/document-your-application-control-management-processes.md
+++ b/windows/device-security/applocker/document-your-application-control-management-processes.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Document your application control management processes
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This planning topic describes the AppLocker policy maintenance information to record for your design document.
diff --git a/windows/device-security/applocker/document-your-application-list.md b/windows/device-security/applocker/document-your-application-list.md
index 735dc55515..aef9a1f741 100644
--- a/windows/device-security/applocker/document-your-application-list.md
+++ b/windows/device-security/applocker/document-your-application-list.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Document your app list
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
diff --git a/windows/device-security/applocker/document-your-applocker-rules.md b/windows/device-security/applocker/document-your-applocker-rules.md
index 68d32d07d7..2d3cc52b44 100644
--- a/windows/device-security/applocker/document-your-applocker-rules.md
+++ b/windows/device-security/applocker/document-your-applocker-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Document your AppLocker rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.
diff --git a/windows/device-security/applocker/edit-an-applocker-policy.md b/windows/device-security/applocker/edit-an-applocker-policy.md
index 8bd9ebfcea..2854dbeb1c 100644
--- a/windows/device-security/applocker/edit-an-applocker-policy.md
+++ b/windows/device-security/applocker/edit-an-applocker-policy.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Edit an AppLocker policy
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps required to modify an AppLocker policy.
diff --git a/windows/device-security/applocker/edit-applocker-rules.md b/windows/device-security/applocker/edit-applocker-rules.md
index 3fcada9c5e..a121fc5b1f 100644
--- a/windows/device-security/applocker/edit-applocker-rules.md
+++ b/windows/device-security/applocker/edit-applocker-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Edit AppLocker rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
diff --git a/windows/device-security/applocker/enable-the-dll-rule-collection.md b/windows/device-security/applocker/enable-the-dll-rule-collection.md
index 3a23c140a8..e322711136 100644
--- a/windows/device-security/applocker/enable-the-dll-rule-collection.md
+++ b/windows/device-security/applocker/enable-the-dll-rule-collection.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Enable the DLL rule collection
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
diff --git a/windows/device-security/applocker/enforce-applocker-rules.md b/windows/device-security/applocker/enforce-applocker-rules.md
index 31ab2aa2b8..e79128491d 100644
--- a/windows/device-security/applocker/enforce-applocker-rules.md
+++ b/windows/device-security/applocker/enforce-applocker-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Enforce AppLocker rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how to enforce application control rules by using AppLocker.
diff --git a/windows/device-security/applocker/executable-rules-in-applocker.md b/windows/device-security/applocker/executable-rules-in-applocker.md
index ebad0e1645..566d3c7e76 100644
--- a/windows/device-security/applocker/executable-rules-in-applocker.md
+++ b/windows/device-security/applocker/executable-rules-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Executable rules in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the file formats and available default rules for the executable rule collection.
diff --git a/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md b/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md
index 8f914cd9f0..a3ed1a08c2 100644
--- a/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md
+++ b/windows/device-security/applocker/export-an-applocker-policy-from-a-gpo.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Export an AppLocker policy from a GPO
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
diff --git a/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md b/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md
index f3f9d22190..13b496fe45 100644
--- a/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md
+++ b/windows/device-security/applocker/export-an-applocker-policy-to-an-xml-file.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Export an AppLocker policy to an XML file
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
diff --git a/windows/device-security/applocker/how-applocker-works-techref.md b/windows/device-security/applocker/how-applocker-works-techref.md
index f9bf8450f5..3de55c8243 100644
--- a/windows/device-security/applocker/how-applocker-works-techref.md
+++ b/windows/device-security/applocker/how-applocker-works-techref.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# How AppLocker works
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
diff --git a/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md b/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md
index 0f0e11976b..2d1b3617ef 100644
--- a/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md
+++ b/windows/device-security/applocker/import-an-applocker-policy-from-another-computer.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Import an AppLocker policy from another computer
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how to import an AppLocker policy.
diff --git a/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md b/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md
index c03e2d5282..f3d0a7dc0c 100644
--- a/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md
+++ b/windows/device-security/applocker/import-an-applocker-policy-into-a-gpo.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Import an AppLocker policy into a GPO
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
diff --git a/windows/device-security/applocker/maintain-applocker-policies.md b/windows/device-security/applocker/maintain-applocker-policies.md
index 69cf6d1483..f35b3a4551 100644
--- a/windows/device-security/applocker/maintain-applocker-policies.md
+++ b/windows/device-security/applocker/maintain-applocker-policies.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Maintain AppLocker policies
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes how to maintain rules within AppLocker policies.
diff --git a/windows/device-security/applocker/manage-packaged-apps-with-applocker.md b/windows/device-security/applocker/manage-packaged-apps-with-applocker.md
index e1a7639af3..b56ac2b7d7 100644
--- a/windows/device-security/applocker/manage-packaged-apps-with-applocker.md
+++ b/windows/device-security/applocker/manage-packaged-apps-with-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Manage packaged apps with AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
diff --git a/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md b/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
index 2e095a1533..9fb22206f3 100644
--- a/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
+++ b/windows/device-security/applocker/merge-applocker-policies-by-using-set-applockerpolicy.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Merge AppLocker policies by using Set-ApplockerPolicy
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
diff --git a/windows/device-security/applocker/merge-applocker-policies-manually.md b/windows/device-security/applocker/merge-applocker-policies-manually.md
index 2747de84e0..da3bd37a55 100644
--- a/windows/device-security/applocker/merge-applocker-policies-manually.md
+++ b/windows/device-security/applocker/merge-applocker-policies-manually.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Merge AppLocker policies manually
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
diff --git a/windows/device-security/applocker/monitor-application-usage-with-applocker.md b/windows/device-security/applocker/monitor-application-usage-with-applocker.md
index 87ead686b6..3460b00c1d 100644
--- a/windows/device-security/applocker/monitor-application-usage-with-applocker.md
+++ b/windows/device-security/applocker/monitor-application-usage-with-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Monitor app usage with AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
diff --git a/windows/device-security/applocker/optimize-applocker-performance.md b/windows/device-security/applocker/optimize-applocker-performance.md
index 5282b92618..efb9e9f766 100644
--- a/windows/device-security/applocker/optimize-applocker-performance.md
+++ b/windows/device-security/applocker/optimize-applocker-performance.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Optimize AppLocker performance
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how to optimize AppLocker policy enforcement.
diff --git a/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md b/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
index b17006c05a..52784431c3 100644
--- a/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+++ b/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Packaged apps and packaged app installer rules in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
diff --git a/windows/device-security/applocker/plan-for-applocker-policy-management.md b/windows/device-security/applocker/plan-for-applocker-policy-management.md
index ba66c70d42..c1a3752333 100644
--- a/windows/device-security/applocker/plan-for-applocker-policy-management.md
+++ b/windows/device-security/applocker/plan-for-applocker-policy-management.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Plan for AppLocker policy management
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
diff --git a/windows/device-security/applocker/refresh-an-applocker-policy.md b/windows/device-security/applocker/refresh-an-applocker-policy.md
index 719bfb599b..e654e73a1b 100644
--- a/windows/device-security/applocker/refresh-an-applocker-policy.md
+++ b/windows/device-security/applocker/refresh-an-applocker-policy.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Refresh an AppLocker policy
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to force an update for an AppLocker policy.
diff --git a/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md b/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md
index 874036e3b6..e8e021aab1 100644
--- a/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md
+++ b/windows/device-security/applocker/requirements-for-deploying-applocker-policies.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Requirements for deploying AppLocker policies
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
diff --git a/windows/device-security/applocker/requirements-to-use-applocker.md b/windows/device-security/applocker/requirements-to-use-applocker.md
index caa0c16d67..a4114f89bb 100644
--- a/windows/device-security/applocker/requirements-to-use-applocker.md
+++ b/windows/device-security/applocker/requirements-to-use-applocker.md
@@ -13,7 +13,8 @@ author: brianlic-msft
# Requirements to use AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
diff --git a/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md b/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md
index 565f6331da..e75cea6f95 100644
--- a/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md
+++ b/windows/device-security/applocker/run-the-automatically-generate-rules-wizard.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Run the Automatically Generate Rules wizard
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
diff --git a/windows/device-security/applocker/script-rules-in-applocker.md b/windows/device-security/applocker/script-rules-in-applocker.md
index 6fd0ec9196..f3f8717563 100644
--- a/windows/device-security/applocker/script-rules-in-applocker.md
+++ b/windows/device-security/applocker/script-rules-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Script rules in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the file formats and available default rules for the script rule collection.
diff --git a/windows/device-security/applocker/security-considerations-for-applocker.md b/windows/device-security/applocker/security-considerations-for-applocker.md
index c959f1bfd0..e8648d0354 100644
--- a/windows/device-security/applocker/security-considerations-for-applocker.md
+++ b/windows/device-security/applocker/security-considerations-for-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Security considerations for AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
diff --git a/windows/device-security/applocker/select-types-of-rules-to-create.md b/windows/device-security/applocker/select-types-of-rules-to-create.md
index 35f8ffd6b2..01004b57ab 100644
--- a/windows/device-security/applocker/select-types-of-rules-to-create.md
+++ b/windows/device-security/applocker/select-types-of-rules-to-create.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Select the types of rules to create
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
diff --git a/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md b/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
index fcc3bf2eac..207597f3b2 100644
--- a/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
+++ b/windows/device-security/applocker/test-an-applocker-policy-by-using-test-applockerpolicy.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Test an AppLocker policy by using Test-AppLockerPolicy
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
diff --git a/windows/device-security/applocker/test-and-update-an-applocker-policy.md b/windows/device-security/applocker/test-and-update-an-applocker-policy.md
index 99e46e3022..4c0cfb3d2f 100644
--- a/windows/device-security/applocker/test-and-update-an-applocker-policy.md
+++ b/windows/device-security/applocker/test-and-update-an-applocker-policy.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Test and update an AppLocker policy
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic discusses the steps required to test an AppLocker policy prior to deployment.
diff --git a/windows/device-security/applocker/tools-to-use-with-applocker.md b/windows/device-security/applocker/tools-to-use-with-applocker.md
index 7708198815..41f6908931 100644
--- a/windows/device-security/applocker/tools-to-use-with-applocker.md
+++ b/windows/device-security/applocker/tools-to-use-with-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Tools to use with AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the tools available to create and administer AppLocker policies.
diff --git a/windows/device-security/applocker/understand-applocker-enforcement-settings.md b/windows/device-security/applocker/understand-applocker-enforcement-settings.md
index a27cfdc9cb..c5552f0544 100644
--- a/windows/device-security/applocker/understand-applocker-enforcement-settings.md
+++ b/windows/device-security/applocker/understand-applocker-enforcement-settings.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understand AppLocker enforcement settings
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the AppLocker enforcement settings for rule collections.
diff --git a/windows/device-security/applocker/understand-applocker-policy-design-decisions.md b/windows/device-security/applocker/understand-applocker-policy-design-decisions.md
index 4c7731bcfc..b7b3d4f4c2 100644
--- a/windows/device-security/applocker/understand-applocker-policy-design-decisions.md
+++ b/windows/device-security/applocker/understand-applocker-policy-design-decisions.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understand AppLocker policy design decisions
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
diff --git a/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md b/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
index fd1d01d9fb..76be28c269 100644
--- a/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+++ b/windows/device-security/applocker/understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understand AppLocker rules and enforcement setting inheritance in Group Policy
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
diff --git a/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md b/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md
index a2ec48ffe5..ba135fa083 100644
--- a/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md
+++ b/windows/device-security/applocker/understand-the-applocker-policy-deployment-process.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understand the AppLocker policy deployment process
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
diff --git a/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md b/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
index b383087281..cab8554448 100644
--- a/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
+++ b/windows/device-security/applocker/understanding-applocker-allow-and-deny-actions-on-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding AppLocker allow and deny actions on rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic explains the differences between allow and deny actions on AppLocker rules.
diff --git a/windows/device-security/applocker/understanding-applocker-default-rules.md b/windows/device-security/applocker/understanding-applocker-default-rules.md
index f0b744d7ad..506b5b73f2 100644
--- a/windows/device-security/applocker/understanding-applocker-default-rules.md
+++ b/windows/device-security/applocker/understanding-applocker-default-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding AppLocker default rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
diff --git a/windows/device-security/applocker/understanding-applocker-rule-behavior.md b/windows/device-security/applocker/understanding-applocker-rule-behavior.md
index ac18934b5f..c2b0777b71 100644
--- a/windows/device-security/applocker/understanding-applocker-rule-behavior.md
+++ b/windows/device-security/applocker/understanding-applocker-rule-behavior.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding AppLocker rule behavior
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
diff --git a/windows/device-security/applocker/understanding-applocker-rule-collections.md b/windows/device-security/applocker/understanding-applocker-rule-collections.md
index bfe5fd07ce..04b78ce9ba 100644
--- a/windows/device-security/applocker/understanding-applocker-rule-collections.md
+++ b/windows/device-security/applocker/understanding-applocker-rule-collections.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding AppLocker rule collections
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
diff --git a/windows/device-security/applocker/understanding-applocker-rule-condition-types.md b/windows/device-security/applocker/understanding-applocker-rule-condition-types.md
index f00afa16e1..e96ad95beb 100644
--- a/windows/device-security/applocker/understanding-applocker-rule-condition-types.md
+++ b/windows/device-security/applocker/understanding-applocker-rule-condition-types.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding AppLocker rule condition types
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the three types of AppLocker rule conditions.
diff --git a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
index 4cedcfd784..0020f81022 100644
--- a/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
+++ b/windows/device-security/applocker/understanding-applocker-rule-exceptions.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding AppLocker rule exceptions
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the result of applying AppLocker rule exceptions to rule collections.
diff --git a/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md b/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
index 89a2b1a770..2eacfe3d74 100644
--- a/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
+++ b/windows/device-security/applocker/understanding-the-file-hash-rule-condition-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding the file hash rule condition in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied.
diff --git a/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md b/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md
index 4d4e950a6c..a8e2676908 100644
--- a/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md
+++ b/windows/device-security/applocker/understanding-the-path-rule-condition-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding the path rule condition in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.
diff --git a/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md b/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md
index 5e0bca2ee0..8cbf42f94e 100644
--- a/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md
+++ b/windows/device-security/applocker/understanding-the-publisher-rule-condition-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Understanding the publisher rule condition in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied.
diff --git a/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md b/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
index 90336b381a..38f498aaaa 100644
--- a/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+++ b/windows/device-security/applocker/use-a-reference-computer-to-create-and-maintain-applocker-policies.md
@@ -1,3 +1,4 @@
+
---
title: Use a reference device to create and maintain AppLocker policies (Windows 10)
description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
@@ -12,7 +13,8 @@ author: brianlic-msft
# Use a reference device to create and maintain AppLocker policies
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
diff --git a/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 0fa2a8f258..aae35f5e9c 100644
--- a/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/device-security/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Use AppLocker and Software Restriction Policies in the same domain
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
diff --git a/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md b/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md
index d7cd5120c4..4bdbfc5015 100644
--- a/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md
+++ b/windows/device-security/applocker/use-the-applocker-windows-powershell-cmdlets.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Use the AppLocker Windows PowerShell cmdlets
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
diff --git a/windows/device-security/applocker/using-event-viewer-with-applocker.md b/windows/device-security/applocker/using-event-viewer-with-applocker.md
index 7a3b0f4f8d..cfd2f5dd66 100644
--- a/windows/device-security/applocker/using-event-viewer-with-applocker.md
+++ b/windows/device-security/applocker/using-event-viewer-with-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Using Event Viewer with AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic lists AppLocker events and describes how to use Event Viewer with AppLocker.
diff --git a/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md b/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md
index 8a427064fb..c080b99c1f 100644
--- a/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md
+++ b/windows/device-security/applocker/using-software-restriction-policies-and-applocker-policies.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Use Software Restriction Policies and AppLocker policies
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
diff --git a/windows/device-security/applocker/what-is-applocker.md b/windows/device-security/applocker/what-is-applocker.md
index c3b47e88d5..6fe751c8cb 100644
--- a/windows/device-security/applocker/what-is-applocker.md
+++ b/windows/device-security/applocker/what-is-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# What Is AppLocker?
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
diff --git a/windows/device-security/applocker/windows-installer-rules-in-applocker.md b/windows/device-security/applocker/windows-installer-rules-in-applocker.md
index 65a86eddfc..550fac37bc 100644
--- a/windows/device-security/applocker/windows-installer-rules-in-applocker.md
+++ b/windows/device-security/applocker/windows-installer-rules-in-applocker.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Windows Installer rules in AppLocker
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic describes the file formats and available default rules for the Windows Installer rule collection.
diff --git a/windows/device-security/applocker/working-with-applocker-policies.md b/windows/device-security/applocker/working-with-applocker-policies.md
index 219638880c..9932ebcb85 100644
--- a/windows/device-security/applocker/working-with-applocker-policies.md
+++ b/windows/device-security/applocker/working-with-applocker-policies.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Working with AppLocker policies
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
diff --git a/windows/device-security/applocker/working-with-applocker-rules.md b/windows/device-security/applocker/working-with-applocker-rules.md
index c6fd38667f..38fb27d6e8 100644
--- a/windows/device-security/applocker/working-with-applocker-rules.md
+++ b/windows/device-security/applocker/working-with-applocker-rules.md
@@ -12,7 +12,8 @@ author: brianlic-msft
# Working with AppLocker rules
**Applies to**
-- Windows 10
+ - Windows 10
+ - Windows Server
This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
diff --git a/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md b/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md
index af3bab22cc..4802b4d1ed 100644
--- a/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md
+++ b/windows/device-security/bitlocker/bitlocker-frequently-asked-questions.md
@@ -151,7 +151,15 @@ The following types of system changes can cause an integrity check failure and p
### What causes BitLocker to start into recovery mode when attempting to start the operating system drive?
-Because BitLocker is designed to protect your computer from numerous attacks, there are numerous reasons why BitLocker could start in recovery mode. In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed.
+Because BitLocker is designed to protect your computer from numerous attacks, there are numerous reasons why BitLocker could start in recovery mode.
+For example:
+
+- Changing the BIOS boot order to boot another drive in advance of the hard drive.
+- Adding or removing hardware, such as inserting a new card in the computer, including some PCMIA wireless cards.
+- Removing, inserting, or completely depleting the charge on a smart battery on a portable computer.
+
+In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password.
+The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed.
### Can I swap hard disks on the same computer if BitLocker is enabled on the operating system drive?
diff --git a/windows/device-security/bitlocker/bitlocker-overview.md b/windows/device-security/bitlocker/bitlocker-overview.md
index 6a94dab8c8..4822689ebb 100644
--- a/windows/device-security/bitlocker/bitlocker-overview.md
+++ b/windows/device-security/bitlocker/bitlocker-overview.md
@@ -80,5 +80,6 @@ When installing the BitLocker optional component on a server you will also need
| [BitLocker Recovery Guide](bitlocker-recovery-guide-plan.md)| This topic for IT professionals describes how to recover BitLocker keys from AD DS. |
| [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md)| This detailed guide will help you understand the circumstances under which the use of pre-boot authentication is recommended for devices running Windows 10, Windows 8.1, Windows 8, or Windows 7; and when it can be safely omitted from a device’s configuration. |
| [Protecting cluster shared volumes and storage area networks with BitLocker](protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md)| This topic for IT pros describes how to protect CSVs and SANs with BitLocker.|
+| [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker) | This topic covers how to use BitLocker with Windows 10 IoT Core |
-If you're looking for info on how to use it with Windows 10 IoT Core, see [Enabling Secure Boot and BitLocker Device Encryption on Windows 10 IoT Core](https://developer.microsoft.com/windows/iot/docs/securebootandbitlocker).
\ No newline at end of file
+Not finding the content you need? Windows 10 users can tell us what content they need using [Feedback Hub](http://userfeedback/UserFeedback/Home/EditContext/897).
diff --git a/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index 8d48b8aff4..16e23be904 100644
--- a/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/device-security/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -41,7 +41,9 @@ A good practice when using manage-bde is to determine the volume status on the t
``` syntax
manage-bde -status
```
-This command returns the volumes on the target, current encryption status and volume type (operating system or data) for each volume.
+This command returns the volumes on the target, current encryption status, encryption method, and volume type (operating system or data) for each volume:
+
+
The following example illustrates enabling BitLocker on a computer without a TPM chip. Before beginning the encryption process you must create the startup key needed for BitLocker and save it to the USB drive. When BitLocker is enabled for the operating system volume, the BitLocker will need to access the USB flash drive to obtain the encryption key (in this example, the drive letter E represents the USB drive). You will be prompted to reboot to complete the encryption process.
diff --git a/windows/device-security/bitlocker/images/feedback-app-icon.png b/windows/device-security/bitlocker/images/feedback-app-icon.png
new file mode 100644
index 0000000000..c600883c0e
Binary files /dev/null and b/windows/device-security/bitlocker/images/feedback-app-icon.png differ
diff --git a/windows/device-security/bitlocker/images/manage-bde-status.png b/windows/device-security/bitlocker/images/manage-bde-status.png
new file mode 100644
index 0000000000..321b1fa052
Binary files /dev/null and b/windows/device-security/bitlocker/images/manage-bde-status.png differ
diff --git a/windows/device-security/tpm/tpm-recommendations.md b/windows/device-security/tpm/tpm-recommendations.md
index 8dcde29788..f30df74373 100644
--- a/windows/device-security/tpm/tpm-recommendations.md
+++ b/windows/device-security/tpm/tpm-recommendations.md
@@ -12,8 +12,6 @@ author: brianlic-msft
# TPM recommendations
-**Applies to**
-
**Applies to**
- Windows 10
- Windows Server 2016
@@ -98,20 +96,19 @@ For end consumers, TPM is behind the scenes but is still very relevant. TPM is u
The following table defines which Windows features require TPM support.
-| Windows Features | Windows 10 TPM 1.2 | Windows 10 TPM 2.0 | Details |
-|-------------------------|----------------------|----------------------|----------|
-| Measured Boot | Required | Required | Measured boot requires TPM 1.2 or 2.0 and UEFI Secure Boot. |
-| Bitlocker | Required | Required | TPM 1.2 or later required or a removable USB memory device such as a flash drive. Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly. |
-| Passport: Domain AADJ Join | Required | Required | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support. |
-| Passport: MSA or Local Account | Required | Required | TPM 2.0 is required with HMAC and EK certificate for key attestation support. |
-| Device Encryption | Not Applicable | Required | TPM 2.0 is required for all InstantGo devices. |
-| Credential Guard | Required | Required | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM. |
-| Device Health Attestation | Required | Required | |
-| Windows Hello / Windows Hello for Business | Not Required | Recommended | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected) |
-| UEFI Secure Boot | Not Required | Recommended | |
-| Platform Key Storage provider | Required | Required | |
-| Virtual Smart Card | Required | Required | |
-| Certificate storage (TPM bound) | Required | Required | |
+| Windows Features | TPM Required | Supports TPM 1.2 | Supports TPM 2.0 | Details |
+|-------------------------|--------------|--------------------|--------------------|----------|
+| Measured Boot | Yes | Yes | Yes | Measured Boot requires TPM 1.2 or 2.0 and UEFI Secure Boot |
+| BitLocker | Yes | Yes | Yes | TPM 1.2 or 2.0 is required |
+| Device Encryption | Yes | N/A | Yes | Device Encryption requires InstantGo/Connected Standby certification, which requires TPM 2.0. |
+| Device Guard | No | Yes | Yes | |
+| Credential Guard | No | Yes | Yes | Windows 10, version 1507 (End of Life as of May 2017) only supported TPM 2.0 for Credential Guard. Beginning with Windows 10, version 1511, TPM 1.2 and 2.0 are supported. |
+| Device Health Attestation| Yes | Yes | Yes | |
+| Windows Hello/Windows Hello for Business| No | Yes | Yes | Azure AD join supports both versions of TPM, but requires TPM with keyed-hash message authentication code (HMAC) and Endorsement Key (EK) certificate for key attestation support. |
+| UEFI Secure Boot | No | Yes | Yes | |
+| TPM Platform Crypto Provider Key Storage Provider| Yes | Yes| Yes | |
+| Virtual Smart Card | Yes | Yes | Yes | |
+| Certificate storage | No | Yes | Yes | TPM is only required when the certificate is stored in the TPM. |
## OEM Status on TPM 2.0 system availability and certified parts
diff --git a/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf b/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf
new file mode 100644
index 0000000000..557f45193a
Binary files /dev/null and b/windows/media/ModernSecureDeployment/Deploy-CleanInstallation.pdf differ
diff --git a/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf b/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf
new file mode 100644
index 0000000000..d01542ed2b
Binary files /dev/null and b/windows/media/ModernSecureDeployment/Deploy-InplaceUpgrade.pdf differ
diff --git a/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf b/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf
new file mode 100644
index 0000000000..87110d6b3e
Binary files /dev/null and b/windows/media/ModernSecureDeployment/Deploy-WindowsAutoPilot.pdf differ
diff --git a/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf b/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf
new file mode 100644
index 0000000000..8d04e66910
Binary files /dev/null and b/windows/media/ModernSecureDeployment/ProtectionSolutions.pdf differ
diff --git a/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf b/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf
new file mode 100644
index 0000000000..86529c1665
Binary files /dev/null and b/windows/media/ModernSecureDeployment/Series-ModernAndSecureWindowsDeployment.pdf differ
diff --git a/windows/media/ModernSecureDeployment/WindowsServicing.pdf b/windows/media/ModernSecureDeployment/WindowsServicing.pdf
new file mode 100644
index 0000000000..19a419e3a9
Binary files /dev/null and b/windows/media/ModernSecureDeployment/WindowsServicing.pdf differ
diff --git a/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md b/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
index df475ea509..465c993f93 100644
--- a/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@@ -19,7 +19,6 @@ The threat landscape is continually evolving. While hackers are busy developing
Windows Defender Application Guard (Application Guard) is designed to help prevent old, and newly emerging attacks, to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by rendering current attack methods obsolete.
-
## What is Application Guard and how does it work?
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.
@@ -39,8 +38,8 @@ Application Guard has been created to target 3 types of enterprise systems:
## In this section
|Topic |Description |
|------|------------|
-|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the pre-requisites necessary to install and use Application Guard. |
-|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization. |
+|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the pre-requisites necessary to install and use Application Guard.|
+|[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
|[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
|[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Windows Defender Application Guard (Application Guard) in your organization.|
|[Frequently Asked Questions - Windows Defender Application Guard](faq-wd-app-guard.md)|Common questions and answers around the features and functionality of Application Guard.|
\ No newline at end of file
+ 
+ 
+ 
+ 
+ 
+ 
- 
- 
- 
- 
- 
+ 
+ 
+ 
+ 
+ 
+