diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index e58deb3585..469538cd59 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -61,6 +61,16 @@
             "type_mapping": {
                 "Conceptual": "Content"
             }
+        },
+        {
+            "docset_name": "education",
+            "build_output_subfolder": "education",
+            "locale": "en-us",
+            "version": 0,
+            "open_to_public_contributors": "false",
+            "type_mapping": {
+                "Conceptual": "Content"
+            }
         }
     ],
     "notification_subscribers": ["brianlic@microsoft.com"],
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 7df4d37ea3..d199472eaa 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -84,9 +84,11 @@ IE opens the app’s website.
 **Security Note:**<br>If you don’t fully trust a site, you shouldn’t allow it to launch an outdated app. However, although we don’t recommend it, you can let the webpage launch the app by tapping or clicking **Allow**. This option opens the app without updating or fixing the problem. The next time you visit a webpage running the same outdated app, you’ll get the notification again.
 
 ## How does IE decide which ActiveX controls to block?
-IE uses Microsoft’s versionlist.xml file to determine whether an ActiveX control should be stopped from loading. This file is updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
+IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
 
-You can see your copy of the versionlist.xml file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml`, or you can view Microsoft’s version at [Internet Explorer version list](http://go.microsoft.com/fwlink/p/?LinkId=403864).
+You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here:
+- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?LinkId=798230)
+- [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
 
 **Security Note:**<br>Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
 
@@ -171,7 +173,7 @@ Here’s a detailed example and description of what’s included in the VersionA
 ### Inventory your ActiveX controls by using a local WMI class
 For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
 
-### Before you begin
+#### Before you begin
 Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](http://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
 
 -   **ConfigureWMILogging.ps1**. A Windows PowerShell script.
diff --git a/education/docfx.json b/education/docfx.json
new file mode 100644
index 0000000000..85ad44817c
--- /dev/null
+++ b/education/docfx.json
@@ -0,0 +1,24 @@
+{
+  "build": {
+    "content":
+      [
+        {
+          "files": ["**/**.md"],
+          "exclude": ["**/obj/**"]
+        }
+      ],
+    "resource": [
+        {
+          "files": ["**/images/**", "**/*.json"],
+          "exclude": ["**/obj/**"]
+        }
+    ],
+    "globalMetadata": {
+        "ROBOTS": "INDEX, FOLLOW"
+    },
+    "externalReference": [
+    ],
+    "template": "op.html",
+    "dest": "edu"
+  }
+}
\ No newline at end of file
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 3077e0371c..6b506dbfd5 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -15,6 +15,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 
 |New or changed topic | Description |
 |----------------------|-------------|
+| [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
 | [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
 
 ## April 2016
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index dc5497f7c0..839e14a630 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -20,17 +20,13 @@ The following image shows an example of an error during **Create a work PIN**.
 ## Error mitigations
 When a user encounters an error when creating the work PIN, advise the user to try the following steps. Many errors can be mitigated by one of these steps.
 1.  Try to create the PIN again. Some errors are transient and resolve themselves.
-2.  Log out, log in, and try to create the PIN again.
+2.  Sign out, sign in, and try to create the PIN again.
 3.  Reboot the device and then try to create the PIN again.
 4.  Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** &gt; **System** &gt; **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](http://go.microsoft.com/fwlink/p/?LinkId=715697).
 5.  On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](http://go.microsoft.com/fwlink/p/?LinkId=715697).
 If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
 <table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
+
 <thead>
 <tr class="header">
 <th align="left">Hex</th>
@@ -39,20 +35,13 @@ If the error occurs again, check the error code against the following table to s
 </tr>
 </thead>
 <tbody>
-<tr class="odd">
-<td align="left">0x801C03ED</td>
-<td align="left"><p>Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed</p>
-<p>-or-</p>
-<p>Token was not found in the Authorization header</p>
-<p>-or-</p>
-<p>Failed to read one or more objects</p></td>
-<td align="left">Unjoin the device from Azure Active Directory (Azure AD) and rejoin</td>
-</tr>
+
 <tr class="even">
 <td align="left">0x801C044D</td>
 <td align="left">Authorization token does not contain device ID</td>
 <td align="left">Unjoin the device from Azure AD and rejoin</td>
 </tr>
+
 <tr class="odd">
 <td align="left">0x80090036</td>
 <td align="left">User cancelled an interactive dialog</td>
@@ -77,6 +66,10 @@ If the error occurs again, check the error code against the following table to s
 <td align="left">0x80090005</td>
 <td align="left">NTE_BAD_DATA</td>
 <td align="left">Unjoin the device from Azure AD and rejoin</td>
+</tr><tr class="even">
+<td align="left">0x80090029</td>
+<td align="left">TPM is not set up.</td>
+<td align="left">Sign on with an administrator account. Click **Start**, type "tpm.msc", and select **tpm.msc Microsoft Common Console Document**. In the **Actions** pane, select **Prepare the TPM**. </td>
 </tr>
 <tr class="even">
 <td align="left">0x80090031</td>
@@ -106,17 +99,17 @@ If the error occurs again, check the error code against the following table to s
 <tr class="odd">
 <td align="left">0x801C0010</td>
 <td align="left">The AIK certificate is not valid or trusted</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="even">
 <td align="left">0x801C0011</td>
 <td align="left">The attestation statement of the transport key is invalid</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="odd">
 <td align="left">0x801C0012</td>
 <td align="left">Discovery request is not in a valid format</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="even">
 <td align="left">0x801C0015</td>
@@ -141,7 +134,7 @@ If the error occurs again, check the error code against the following table to s
 <tr class="even">
 <td align="left">0x801C03E9</td>
 <td align="left">Server response message is invalid</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="odd">
 <td align="left">0x801C03EA</td>
@@ -151,37 +144,42 @@ If the error occurs again, check the error code against the following table to s
 <tr class="even">
 <td align="left">0x801C03EB</td>
 <td align="left">Server response http status is not valid</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="odd">
 <td align="left">0x801C03EC</td>
 <td align="left">Unhandled exception from server.</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">sign out and then sign in again.</td>
 </tr>
 <tr class="even">
 <td align="left">0x801C03ED</td>
-<td align="left">The request sent to the server was invalid.</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left"><p>Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed</p>
+<p>-or-</p>
+<p>Token was not found in the Authorization header</p>
+<p>-or-</p>
+<p>Failed to read one or more objects</p>
+<p>-or-</p><p>The request sent to the server was invalid.</p></td>
+<td align="left">Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.</td>
 </tr>
 <tr class="odd">
 <td align="left">0x801C03EE</td>
 <td align="left">Attestation failed</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="even">
 <td align="left">0x801C03EF</td>
 <td align="left">The AIK certificate is no longer valid</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 <tr class="odd">
 <td align="left">​0x801C044D</td>
 <td align="left">Unable to obtain user token</td>
-<td align="left">Log out and then log in again. Check network and credentials.</td>
+<td align="left">Sign out and then sign in again. Check network and credentials.</td>
 </tr>
 <tr class="even">
 <td align="left">0x801C044E</td>
 <td align="left">Failed to receive user creds input</td>
-<td align="left">Log out and then log in again.</td>
+<td align="left">Sign out and then sign in again.</td>
 </tr>
 </tbody>
 </table>
@@ -191,6 +189,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
 | Hex         | Cause                                                                                                 |
 |-------------|-------------------------------------------------------------------------------------------------------|
 | 0x80072f0c  | Unknown                                                                                               |
+| 0x80070057 | Invalid parameter or argument is passed |
 | 0x80090027  | Caller provided wrong parameter. If third-party code receives this error they must change their code. |
 | 0x8009002D  | NTE\_INTERNAL\_ERROR                                                                                  |
 | 0x80090020  | NTE\_FAIL                                                                                             |
diff --git a/windows/keep-secure/microsoft-passport-guide.md b/windows/keep-secure/microsoft-passport-guide.md
index 87b60d6e5d..509ae5dcad 100644
--- a/windows/keep-secure/microsoft-passport-guide.md
+++ b/windows/keep-secure/microsoft-passport-guide.md
@@ -5,6 +5,7 @@ ms.assetid: 11EA7826-DA6B-4E5C-99FB-142CC6BD9E84
 ms.pagetype: security
 keywords: ["security", "credential", "password", "authentication"]
 ms.prod: W10
+ms.pagetype: security
 ms.mktglfcycl: plan
 ms.sitesec: library
 author: challum
@@ -226,7 +227,8 @@ Table 1. Deployment requirements for Microsoft Passport
 </tbody>
 </table>
  
-Note that the current release of Windows 10 supports the Azure AD–only scenarios. Microsoft provides the forward-looking guidance in Table 1 to help organizations prepare their environments for planned future releases of Microsoft Passport for Work capabilities.
+Note that the current release of Windows 10 supports the Azure AD–only (RTM) and hybrid scenarios (RTM + November Update). Microsoft provides the forward-looking guidance in Table 1 to help organizations prepare their environments for planned future releases of Microsoft Passport for Work capabilities.
+
 **Select policy settings**
 Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733877).
 ## Implement Microsoft Passport
@@ -255,12 +257,30 @@ In the Windows 10 initial release, Microsoft supports the following Microsoft P
 -   Facial-recognition capability on devices that have compatible IR-capable cameras
 -   Microsoft Passport for personal credentials on individually owned and corporate-managed devices
 -   Microsoft Passport for Work support for organizations that have cloud-only Azure AD deployments
+<<<<<<< HEAD
 -   Group Policy settings to control Microsoft Passport PIN length and complexity
 In future releases of Windows 10, we plan to add support for additional features:
 -   Additional biometric identifier types, including iris recognition
 -   Key-based Microsoft Passport for Work credentials for on-premises Azure AD deployments and hybrid on-premises/Azure AD deployments
 -   Microsoft Passport for Work certificates issued by a trusted PKI, including smart card and virtual smart card certificates
 -   TPM attestation to protect keys so that a malicious user or program can’t create keys in software (because those keys won’t be TPM attested and can thus be identified as fake)
+=======
+
+-   Group Policy and MDM settings to control Microsoft Passport PIN length and complexity
+
+In the November 2015 release, Microsoft supports the following Microsoft Passport and Windows Hello features:
+
+- Key-based Microsoft Passport for Work credentials for on-premises Azure AD deployments and hybrid on-premises/Azure AD deployments
+
+- Microsoft Passport for Work certificates issued by a trusted PKI, including smart card and virtual smart card certificates
+
+In future releases of Windows 10, we plan to add support for additional features:
+
+- Key-based and certificate-based Microsoft Passport for Work credentials for on-premises AD deployments
+ 
+- TPM attestation to protect keys so that a malicious user or program can’t create keys in software (because those keys won’t be TPM attested and can thus be identified as fake)
+
+>>>>>>> master
 In the longer term, Microsoft will continue to improve on and expand the features of both Microsoft Passport and Windows Hello to cover additional customer requirements for manageability and security. We also are working with the FIDO Alliance and a variety of third parties to encourage adoption of Microsoft Passport by both web and LOB application developers.
  
  
diff --git a/windows/manage/windows-10-mobile-and-mdm.md b/windows/manage/windows-10-mobile-and-mdm.md
index a818434444..076e220c88 100644
--- a/windows/manage/windows-10-mobile-and-mdm.md
+++ b/windows/manage/windows-10-mobile-and-mdm.md
@@ -883,9 +883,6 @@ Table 19. Microsoft Edge settings for Windows 10 Mobile
 | Allow Search Suggestions in Address Bar         | Whether search suggestions are shown in the address bar                                               |
 | Allow SmartScreen                               | Whether SmartScreen Filter is enabled                                                                 |
 | First Run URL                                   | The URL to open when a user launches Microsoft Edge for the first time                                |
-| Include Sites Bypassing Proxy In Intranet Sites | Whether websites that bypass the proxy server are able to use the Intranet security zone              |
-| Include UNC Paths In Intranet Sites             | Whether URL paths can represent Universal Naming Convention (UNC) paths in the Intranet security zone |
-| Intranet Sites                                  | A list of the websites that are in the Intranet security zone                                         |
 | Prevent Smart Screen Prompt Override For Files  | Whether users can override the SmartScreen Filter warnings about downloading unverified files         |
  
 ## Device operations
diff --git a/windows/manage/working-with-line-of-business-apps.md b/windows/manage/working-with-line-of-business-apps.md
index 262e5704c5..a8a36b3268 100644
--- a/windows/manage/working-with-line-of-business-apps.md
+++ b/windows/manage/working-with-line-of-business-apps.md
@@ -41,7 +41,7 @@ What you'll have to set up:
 
 -   LOB publishers need to have an app in the Store, or have an app ready to submit to the Store.
 
-### <a href="" id="add-lob-publisher"></a>Add an LOB publisher (admin)
+### <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Store for Business Admin)
 
 For developers within your own organization, or ISVs you're working with to create LOB apps, you'll need to invite them to become a LOB publisher.
 
@@ -49,7 +49,8 @@ For developers within your own organization, or ISVs you're working with to crea
 
 1.  Sign in to the [Windows Store for Business]( http://go.microsoft.com/fwlink/p/?LinkId=623531).
 2.  Click **Settings**, and then choose **LOB publishers**.
-3.  On the Line-of business publishers page, click **Add** to complete a form and send an email invitation to a developer.
+3.  On the Line-of business publishers page, click **Add** to complete a form and send an email invitation to a developer.<br>
+**Note** This needs to be the email address listed in contact info for the developer account. 
 
 ### <a href="" id="submit-lob-app"></a>Submit apps (LOB publisher)