diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md
index 461864a1aa..2354de0f40 100644
--- a/devices/surface-hub/save-bitlocker-key-surface-hub.md
+++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md
@@ -24,7 +24,7 @@ There are several ways to manage your BitLocker key on the Surface Hub.
 
 2.  If you’ve joined the Surface Hub to Azure Active Directory (Azure AD), the BitLocker key will be stored under the account that was used to join the device.
 
-3.  If you’re using a local admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
+3.  If you’re using an admin account to manage the device, you can save the BitLocker key by going to the **Settings** app and navigating to **Update & security** > **Recovery**. Insert a USB drive and select the option to save the BitLocker key. The key will be saved to a text file on the USB drive.
 
 
 ## Related topics
diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index 71051b3d27..06b5f7dd0a 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -184,7 +184,7 @@ In Replacement PC mode, the power states are only Ready and Off and only change
 </tr>
 <tr class="even">
 <td align="left"><p>5</p></td>
-<td align="left"><p>50</p></td>
+<td align="left"><p>S0</p></td>
 <td align="left"><p>Ready</p></td>
 </tr>
 </tbody>
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index f7e67993e5..b244f70c5c 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -11,6 +11,11 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## January 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog | 
+
 ## October 2016
 | New or changed topic | Description |
 |----------------------|-------------|
diff --git a/windows/deploy/provisioning-packages.md b/windows/deploy/provisioning-packages.md
index 47223a7427..1e7493e331 100644
--- a/windows/deploy/provisioning-packages.md
+++ b/windows/deploy/provisioning-packages.md
@@ -124,7 +124,6 @@ Provisioning packages can be applied both during image deployment and during run
 - [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md)
 - [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
 - [Set up a shared or guest PC with Windows 10](../manage/set-up-shared-or-guest-pc.md)
-- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
 - [Set up a device for anyone to use (kiosk mode)](../manage/set-up-a-device-for-anyone-to-use.md)
 - [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 - [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain)
diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index f063fa884b..99abea5c99 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -871,4 +871,5 @@
 ### [Microsoft Passport guide](microsoft-passport-guide.md)
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 ### [Windows 10 security overview](windows-10-security-guide.md)
+### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)
 ## [Change history for Keep Windows 10 secure](change-history-for-keep-windows-10-secure.md)
diff --git a/windows/keep-secure/images/security-stages.png b/windows/keep-secure/images/security-stages.png
new file mode 100644
index 0000000000..249ced9d4b
Binary files /dev/null and b/windows/keep-secure/images/security-stages.png differ
diff --git a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
index 0177def043..5af92d1bcf 100644
--- a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
+++ b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md
@@ -34,8 +34,6 @@ If this policy is disabled, the full name of the last user to log on is displaye
 
 Your implementation of this policy depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on user’s full names or domain account names might contradict your overall security policy.
 
-Depending on your security policy, you might also want to enable the [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md) policy, which will prevent the Windows operating system from displaying the logon name when the session is locked or started.
-
 ### Location
 
 Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
diff --git a/windows/keep-secure/smart-card-architecture.md b/windows/keep-secure/smart-card-architecture.md
index 84d38741cf..41b2dcc225 100644
--- a/windows/keep-secure/smart-card-architecture.md
+++ b/windows/keep-secure/smart-card-architecture.md
@@ -74,7 +74,7 @@ Credential providers must be registered on a computer running Windows, and they
 
 ## Smart card subsystem architecture
 
-Vendors provide smart cards and smart card readers, and in many cases the vendors are different for the smart card and the smart card reader. Drivers for smart card readers are written to the [Personal Computer/Smart Card (PC/SC) standard](http://www.pcscworkgroup.com/specifications/overview.php). Each smart card must have a Credential Service Provider (CSP) that uses the CryptoAPI interfaces to enable cryptographic operations, and the WinSCard APIs to enable communications with smart card hardware.
+Vendors provide smart cards and smart card readers, and in many cases the vendors are different for the smart card and the smart card reader. Drivers for smart card readers are written to the [Personal Computer/Smart Card (PC/SC) standard](https://www.pcscworkgroup.com/). Each smart card must have a Credential Service Provider (CSP) that uses the CryptoAPI interfaces to enable cryptographic operations, and the WinSCard APIs to enable communications with smart card hardware.
 
 ### Base CSP and smart card minidriver architecture
 
diff --git a/windows/keep-secure/smart-card-smart-cards-for-windows-service.md b/windows/keep-secure/smart-card-smart-cards-for-windows-service.md
index a0c0edd3dc..1c4f17a7f2 100644
--- a/windows/keep-secure/smart-card-smart-cards-for-windows-service.md
+++ b/windows/keep-secure/smart-card-smart-cards-for-windows-service.md
@@ -14,7 +14,7 @@ Applies To: Windows 10, Windows Server 2016
 
 This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions.
 
-The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications Overview](http://www.pcscworkgroup.com/specifications/overview.php).
+The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications website](https://www.pcscworkgroup.com/).
 
 The Smart Cards for Windows service runs in the context of a local service, and it is implemented as a shared service of the services host (svchost) process. The Smart Cards for Windows service, Scardsvr, has the following service description:
 
diff --git a/windows/keep-secure/windows-credential-theft-mitigation-guide-abstract.md b/windows/keep-secure/windows-credential-theft-mitigation-guide-abstract.md
new file mode 100644
index 0000000000..0386127ed4
--- /dev/null
+++ b/windows/keep-secure/windows-credential-theft-mitigation-guide-abstract.md
@@ -0,0 +1,67 @@
+---
+title: Windows 10 Credential Theft Mitigation Guide Abstract (Windows 10)
+description: Provides a summary of the Windows 10 credential theft mitigation guide.
+ms.assetid: 821ddc1a-f401-4732-82a7-40d1fff5a78a
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: justinha
+---
+
+# Windows 10 Credential Theft Mitigation Guide Abstract
+
+**Applies to**
+-   Windows 10
+
+This topic provides a summary of the Windows 10 credential theft mitigation guide, which can be downloaded from the Microsoft Download Center. 
+This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
+
+- Identify high-value assets
+- Protect against known and unknown threats
+- Detect pass-the-hash and related attacks
+- Respond to suspicious activity
+- Recover from a breach
+
+![Security stages](images\security-stages.png)
+
+## Attacks that steal credentials
+
+Learn about the different types of attacks that are used to steal credentials, and the factors that can place your organization at risk. 
+The types of attacks that are covered include:
+
+- Pass the hash
+- Kerberos pass the ticket
+- Kerberos golden ticket and silver ticket
+- Key loggers
+- Shoulder surfing
+
+## Credential protection strategies
+
+This part of the guide helps you consider the mindset of the attacker, with prescriptive guidance about how to prioritize high-value accounts and computers. 
+You'll learn how to architect a defense against credential theft:
+
+- Establish a containment model for account privileges
+- Harden and restrict administrative hosts
+- Ensure that security configurations and best practices are implemented
+
+## Technical countermeasures for credential theft
+
+Objectives and expected outcomes are covered for each of these countermeasures:
+
+- Use Windows 10 with Credential Guard
+- Restrict and protect high-privilege domain accounts
+- Restrict and protect local accounts with administrative privileges
+- Restrict inbound network traffic
+
+Many other countermeasures are also covered, such as using Microsoft Passport and Windows Hello, or multifactor authentication.
+
+## Detecting credential attacks
+
+This sections covers how to detect the use of stolen credentials and how to collect computer events to help you detect credential theft.
+
+## Responding to suspicious activity
+
+Learn Microsoft's recommendations for responding to incidents, including how to recover control of compromised accounts, how to investigate attacks, and how to recover from a breach. 
+
+
diff --git a/windows/plan/change-history-for-plan-for-windows-10-deployment.md b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
index db42adde11..6d43bdcb7f 100644
--- a/windows/plan/change-history-for-plan-for-windows-10-deployment.md
+++ b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
@@ -13,6 +13,11 @@ author: TrudyHa
 
 This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## January 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Windows 10 Infrastructure Requirements](windows-10-infrastructure-requirements.md) | Added link for Windows Server 2008 R2 and Windows 7 activation and a link to Windows Server 2016 Volume Activation Tips | 
+
 ## September 2016
 
 | New or changed topic | Description |