Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs into msesdemo

browsers/internet-explorer/TOC.md

@@ -20,7 +20,7 @@
 ###[Virtualization and compatibility with Internet Explorer 11](ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md)
 ##[Collect data using Enterprise Site Discovery](ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md)
 ##[Enterprise Mode for Internet Explorer 11 (IE11)](ie11-deploy-guide/enterprise-mode-overview-for-ie11.md)
-###[What is Enterprise Mode?](ie11-deploy-guide/what-is-enterprise-mode.md)
+###[Enterprise Mode and the Enterprise Mode Site List](ie11-deploy-guide/what-is-enterprise-mode.md)
 ###[Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md)
 ###[Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md)
 ###[Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
@@ -40,6 +40,18 @@
 ####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
 ####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
 ####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+###[Use the Enterprise Mode Site List Portal](ie11-deploy-guide/use-the-enterprise-mode-portal.md)
+####[Set up the Enterprise Mode Site List Portal](ie11-deploy-guide/set-up-enterprise-mode-portal.md)
+#####[Use the Settings page to finish setting up the Enterprise Mode Site List Portal](ie11-deploy-guide/configure-settings-enterprise-mode-portal.md)
+#####[Add employees to the Enterprise Mode Site List Portal](ie11-deploy-guide/add-employees-enterprise-mode-portal.md)
+####[Workflow-based processes for employees using the Enterprise Mode Site List Portal](ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md)
+#####[Create a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/create-change-request-enterprise-mode-portal.md)
+#####[Verify your changes using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md)
+#####[Approve a change request using the Enterprise Mode Site List Portal](ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md)
+#####[Schedule approved change requests for production using the Enterprise Mode Site List Portal](ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md)
+#####[Verify the change request update in the production environment using the Enterprise Mode Site List Portal](ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md)
+#####[View the apps currently on the Enterprise Mode Site List](ie11-deploy-guide/view-apps-enterprise-mode-site-list.md)
+#####[View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md)
 ###[Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md)
 ###[Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md)
 ###[Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md)

browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md

@@ -0,0 +1,64 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to add employees to the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Add employees to the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After you get the Enterprise Mode Site List Portal up and running, you must add your employees. During this process, you'll also assign roles and groups.
+
+The available roles are:
+
+- **Requester.** The primary role to assign to employees that need to access the Enterprise Mode Site List Portal. The Requester can create change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal change requests, and sign off and close personal change requests.
+
+- **App Manager.** This role is considered part of the Approvers group. The App Manager can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Group Head.** This role is considered part of the Approvers group. The Group Head can approve change requests, validate changes in the pre-production environment, rollback pre-production and production changes in case of failure, send personal approval requests, view personal requests, and sign off and close personal requests.
+
+- **Administrator.** The role with the highest-level rights; we recommend limiting the number of employees you grant this role. The Administrator can perform any task that can be performed by the other roles, in addition to adding employees to the portal, assigning employee roles, approving registrations to the portal, configuring portal settings (for example, determining the freeze schedule, determining the pre-production and production XML paths, and determining the attachment upload location), and using the standalone Enterprise Mode Site List Manager page.
+
+**To add an employee to the Enterprise Mode Site List Portal**
+1. Open the Enterprise Mode Site List Portal and click the **Employee Management** icon in the upper-right area of the page.
+
+   The **Employee management** page appears.
+
+2.  Click **Add a new employee**.
+
+    The **Add a new employee** page appears.
+
+3. Fill out the fields for each employee, including:
+
+   - **Email.** Add the employee's email address.
+   
+   - **Name.** This box autofills based on the email address.
+   
+   - **Role.** Pick a single role for the employee, based on the list above.
+   
+   - **Group name.** Pick the name of the employee's group. The group association also assigns a group of Approvers.
+   
+   - **Comments.** Add optional comments about the employee.
+   
+   - **Active.** Click the check box to make the employee active in the system. If you want to keep the employee in the system, but you want to prevent access, clear this check box.
+
+4. Click **Save**.
+
+**To export all employees to an Excel spreadsheet**
+1. On the **Employee management** page, click **Export to Excel**.
+
+2. Save the EnterpriseModeUsersList.xlsx file.
+
+   The Excel file includes all employees with access to the Enterprise Mode Site List Portal, including user name, email address, role, and group name.

browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md

@@ -0,0 +1,58 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Approve a change request using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After a change request is successfully submitted to the pre-defined Approver(s), employees granted the role of **App Manager**, **Group Head**, or **Administrator**, they must approve the changes.
+
+## Approve or reject a change request
+The Approvers get an email stating that a Requester successfully opened, tested, and submitted the change request to the Approvers group. The Approvers can accept or reject a change request.
+
+**To approve or reject a change request**
+1. The Approver logs onto the Enterprise Mode Site List Portal, **All Approvals** page.
+
+   The Approver can also get to the **All Approvals** page by clicking **Approvals Pending** from the left pane.
+
+2. The Approver clicks the expander arrow (**\/**) to the right side of the change request, showing the list of Approvers and the **Approve** and **Reject** buttons.
+
+3. The Approver reviews the change request, making sure it's correct. If the info is correct, the Approver clicks **Approve** to approve the change request. If the info seems incorrect, or if the app shouldn't be added to the site list, the Approver clicks **Reject**.
+
+   An email is sent to the Requester, the Approver(s) group, and the Administrator(s) group, with the updated status of the request.
+
+
+## Send a reminder to the Approver(s) group
+If the change request is sitting in the approval queue for too long, the Requester can send a reminder to the group.
+
+- From the **My Approvals** page, click the checkbox next to the name of each Approver to be reminded, and then click **Send reminder**.
+
+  An email is sent to the selected Approver(s).
+
+
+## View rejected change requests
+The original Requester, the Approver(s) group, and the Administrator(s) group can all view the rejected change request.
+
+**To view the rejected change request**
+
+- In the Enterprise Mode Site List Portal, click **Rejected** from the left pane.
+
+   All rejected change requests appear, with role assignment determining which ones are visible.
+
+
+## Next steps
+After an Approver approves the change request, it must be scheduled for inclusion in the production Enterprise Mode Site List. For the scheduling steps, see the [Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md) topic.

browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md

@@ -12,6 +12,11 @@ author: eross-msft
 # Change history for Internet Explorer 11
 This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
 
+## April 2017
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode for Internet Explorer 11](enterprise-mode-overview-for-ie11.md)|Updates to the Enterprise Mode section to include info about the Enterprise Mode Site List Portal. |
+
 ## March 2017
 |New or changed topic | Description |
 |----------------------|-------------|

browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md

@@ -0,0 +1,93 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
+author: eross-msft
+ms.prod: ie11
+title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Use the Settings page to finish setting up the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+The **Settings** page lets anyone with Administrator rights set up groups and roles, set up the Enterprise Mode Site List Portal environment, and choose the freeze dates for production changes.
+
+## Use the Environment settings area
+This area lets you specify the location of your production and pre-production environments, where to store your attachments, your settings location, and the website domain for email notifications.
+
+**To add location info**
+1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
+
+   The **Settings** page appears.
+
+2. In the **Environment settings** area of the page, provide the info for your **Pre-production environment**, your **Production environment**, your **Attachments location**, your **Settings location**, and your **Website domain for email notifications**.
+
+3. Click **Credentials** to add the appropriate domain, user name, and password for each location, and then click **OK**.
+
+## Use the Group and role settings area
+After you set up your email credentials, you'll be able to add or edit your Group info, along with picking which roles must be Approvers for the group.
+
+**To add a new group and determine the required change request Approvers**
+1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
+
+   The **Settings** page appears.
+
+2. In the **Group and role settings** area of the page, click **Group details**.
+
+    The **Add or edit group names** box appears.
+
+3. Click the **Add group** tab, and then add the following info:
+
+    - **New group name.** Type name of your new group.
+    
+    - **Group head email.** Type the email address for the primary contact for the group.
+
+    - **Group head name.** This box automatically fills, based on the email address.
+
+    - **Active.** Click the check box to make the group active in the system. If you want to keep the group in the system, but you want to prevent access, clear this check box.
+
+4. Click **Save**.
+
+
+**To set a group's required Approvers**
+1. In the **Group and role settings** area of the page, choose the group name you want to update with Approvers from the **Group name** box.
+
+2. In the **Required approvers** area, choose which roles are required to approve a change request for the group. You can choose one or many roles.
+
+    - **App Manager.** All employees in the selected group must get change request approval by someone assigned this role. 
+
+        You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
+
+    - **Group Head.** All employees in the selected group must get change request approval by someone assigned this role.
+
+        You can change the name of this role by clicking the pencil icon and providing a new name in the **Edit role name** box.
+
+    - **Administrator.** All employees in the selected group must get change request approval by someone assigned this role.
+
+## Use the Freeze production changes area
+This optional area lets you specify a period when your employees must stop adding changes to the current Enterprise Mode Site List. This must include both a start and an end date.
+
+**To add the start and end dates**
+1. Open the Enterprise Mode Site List Portal and click the **Settings** icon in the upper-right area of the page.
+
+   The **Settings** page appears.
+
+2. In the **Freeze production changes** area of the page, use the calendars to provide the **Freeze start date** and the **Freeze end date**. Your employees can't add apps to the production Enterprise Mode Site List during this span of time.
+
+3. Click **Save**.
+
+## Related topics
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
+
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 

browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md

@@ -0,0 +1,69 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to create a change request within the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Create a change request using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
+
+>[!Important]
+>Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+
+**To create a new change request**
+1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
+
+   The **Create new request** page appears.
+
+2. Fill out the required fields, based on the group and the app, including:
+
+    - **Group name.** Select the name of your group from the dropdown box.
+    
+    - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
+
+        - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
+
+        - **Add new app.** If your app isn't listed, you can click **Add new app** to add it to the list.
+
+    - **Requested by.** Automatically filled in with your name.
+
+    - **Description.** Add descriptive info about the app.
+
+    - **Requested change.** Select whether you want to **Add to EMIE**, **Delete from EMIE**, or **Update to EMIE**.
+
+    - **Reason for request.** Select the best reason for why you want to update, delete, or add the app.
+
+    - **Business impact (optional).** An optional area where you can provide info about the business impact of this app and the change.
+
+    - **App location (URL).** The full URL location to the app, starting with http:// or https://.
+
+    - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
+
+    - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/en-us/library/cc288325(v=vs.85).aspx).
+    
+4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
+    
+    A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
+
+5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
+
+    - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
+        
+    - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
+
+## Next steps
+After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.

browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md

@@ -2,7 +2,7 @@
 localizationpriority: low
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
-description: Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
+description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
 author: eross-msft
 ms.prod: ie11
 ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
@@ -26,7 +26,7 @@ Use the topics in this section to learn how to set up and use Enterprise Mode an
 ## In this section
 |Topic                                                          |Description                                                                        |
 |---------------------------------------------------------------|-----------------------------------------------------------------------------------|
-|[What is Enterprise Mode?](what-is-enterprise-mode.md)         |Includes descriptions of the features of Enterprise Mode.                          |
+|[Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)|Includes descriptions of the features of Enterprise Mode.                          |
 |[Set up Enterprise Mode logging and data collection](set-up-enterprise-mode-logging-and-data-collection.md) |Guidance about how to turn on local control of Enterprise Mode and how to use ASP or the GitHub sample to collect data from your local computers. |
 |[Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md) |Guidance about how to turn on Enterprise Mode and set up a site list, using Group Policy or the registry. |
 |[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Guidance about how to write the XML for your site list, including what not to include, how to use trailing slashes, and info about how to target specific sites. |
@@ -34,6 +34,7 @@ Use the topics in this section to learn how to set up and use Enterprise Mode an
 |[Check for a new Enterprise Mode site list xml file](check-for-new-enterprise-mode-site-list-xml-file.md) |Guidance about how the Enterprise Mode functionality looks for your updated site list. |
 |[Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md) |Guidance about how to turn on local control of Enterprise Mode, using Group Policy or the registry.|
 |[Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) |Guidance about how to use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
+|[Use the Enterprise Mode Site List Portal](use-the-enterprise-mode-portal.md) |Guidance about how to set up and use the Enterprise Mode Site List Manager, including how to add and update sites on your site list. |
 |[Using Enterprise Mode](using-enterprise-mode.md)                           |Guidance about how to turn on either IE7 Enterprise Mode or IE8 Enterprise Mode.    |
 |[Fix web compatibility issues using document modes and the Enterprise Mode Site List](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md) |Guidance about how to decide and test whether to use document modes or Enterprise Mode to help fix compatibility issues. |
 |[Remove sites from a local Enterprise Mode site list](remove-sites-from-a-local-enterprise-mode-site-list.md) |Guidance about how to remove websites from a device's local Enterprise Mode site list. |

browsers/internet-explorer/ie11-deploy-guide/index.md

@@ -33,7 +33,7 @@ Because this content isn't intended to be a step-by-step guide, not all of the s
 |[List of updated features and tools - Internet Explorer 11 (IE11)](updated-features-and-tools-with-ie11.md) |IE11 includes several new features and tools. This topic includes high-level info about the each of them. |
 |[Install and Deploy Internet Explorer 11 (IE11)](install-and-deploy-ie11.md) |Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment. You can also find more info about your virtualization options for legacy apps. |
 |[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md) |Use IE to collect data on computers running Windows Internet Explorer 8 through IE11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. |
-|[Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) |Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company. |
+|[Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md) |Use the topics in this section to learn how to set up and use Enterprise Mode, the Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal in your company. |
 |[Group Policy and Internet Explorer 11 (IE11)](group-policy-and-ie11.md) |Use the topics in this section to learn about Group Policy and how to use it to manage IE. |
 |[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
 |[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |

browsers/internet-explorer/ie11-deploy-guide/schedule-production-change-enterprise-mode-portal.md

@@ -0,0 +1,49 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Schedule approved change requests for production using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+After a change request is approved, the original Requester can schedule the change for the production environment. The change can be immediate or set for a future time.
+
+**To schedule an immediate change**
+1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
+
+2. The Requester clicks the **Approved** status for the change request.
+
+   The **Schedule changes** page appears.
+
+3. The Requester clicks **Now**, and then clicks **Save**.
+
+   The update is scheduled to immediately update the production environment, and an email is sent to the Requester. After the update finishes, the Requester is asked to verify the changes.
+
+
+**To schedule the change for a different day or time**
+1. The Requester logs onto the Enterprise Mode Site List Portal and clicks **In Progress** from the left pane.
+
+2. The Requester clicks the **Approved** status for the change request.
+
+   The **Schedule changes** page appears.
+
+3. The Requester clicks **Schedule**, sets the **Preferred day**, **Preferred start time**, and the **Preferred end time**, and then clicks **Save**.
+
+   The update is scheduled to update the production environment on that day and time and an email is sent to the Requester. After the update finishes, the Requester will be asked to verify the changes.
+
+
+## Next steps
+After the update to the production environment completes, the Requester must again test the change. If the testing succeeds, the Requester can sign off on the change request. If the testing fails, the Requester can contact the Administrator group for more help. For the production environment testing steps, see the [Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md) topic.

browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md

@@ -0,0 +1,231 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
+author: eross-msft
+ms.prod: ie11
+title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Set up the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
+
+Before you can begin using the Enterprise Mode Site List Portal, you must set up your environment.
+
+## Step 1 - Copy the deployment folder to the web server
+You must download the deployment folder (**EMIEWebPortal/**), which includes all of the source code for the website, from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) site to your web server.
+
+**To download the source code**
+1. Download the deployment folder from the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) source code to your web server.
+
+2. Install the Node.js® package manager, [npm](https://www.npmjs.com/).
+
+    >[!Note]   
+    >You need to install the npm package manager to replace all the third-party libraries we removed to make the Enterprise Mode Site List Portal open-source.
+
+3. Open File Explorer and then open the **EMIEWebPortal/** folder.
+
+4. Press and hold **Shift**, right-click the window, then click **Open PowerShell window here**.
+
+5. Type _npm i_ into the command prompt, then press **Enter**.
+
+   Installs the npm package manager and bulk adds all the third-party libraries back into your codebase.
+
+6. Go back up a directory, open the solution file **EMIEWebPortal.sln** in Visual Studio, and then build the entire solution.
+
+7. Copy the contents of the **EMIEWebPortal/** folder to a dedicated folder on your file system. For example, _D:\EMIEWebApp_. In a later step, you'll designate this folder as your website in the IIS Manager.
+
+## Step 2 - Create the Application Pool and website, by using IIS
+Create a new Application Pool and the website, by using the IIS Manager.
+
+**To create a new Application Pool**
+1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Application Pools**, then click **Add Application Pool**.
+   
+   The **Add Application Pool** box appears.
+
+2. In the **Add Application Pool** box, enter the following info:
+    
+    - **Name.** Type the name of your new application pool. For example, _EMIEWebAppPool_.
+
+    - **.NET CLR version.** Pick the version of .NET CLR used by your application pool from the drop-down box. It must be version 4.0 or higher.
+
+    - **Managed pipeline mode.** Pick **Integrated** from the drop-down box. IIS uses the integrated IIS and ASP.NET request-processing pipeline for managed content.
+
+3. Click **OK**.
+
+4. Select your new application pool from the **Application Pool** pane, click **Advanced Settings** from the **Edit Application Pool** area of the **Actions** pane.
+
+   The **Advanced Settings** box appears.
+
+5. Make sure your **Identity** value is **ApplicationPoolIdentity**, click **OK**, and then close the box.
+
+6. Open File Explorer and go to your deployment directory, created in Step 1. For example, _D:\EMIEWebApp_.
+
+7. Right-click on the directory, click **Properties**, and then click the **Security** tab.
+
+8. Add your new application pool to the list (for example, _IIS AppPool\EMIEWebAppPool_) with **Full control access**, making sure the location searches the local computer.
+
+9. Add **Everyone** to the list with **Read & execute access**.
+
+**To create the website**
+1. In IIS Manager, expand your local computer in the **Connections** pane, right-click **Sites**, then click **Add Website**.
+   
+   The **Add Website** box appears.
+
+2. In the **Add Website** box, type the name of your website into the **Site name** box. For example, _EMIEWebApp_, and then click **Select**.
+
+   The **Select Application Pool** box appears.
+
+4. Pick the name of the application pool created earlier in this step, and then click **OK**. For example, _EMIEWebAppPool_.
+
+5. In the **Physical path** box, browse to your folder that contains your deployment directory. For example, _D:\EMIEWebApp_.
+
+6. Set up your **Binding**, including your **Binding Type**, **IP address**, and **Port**, as appropriate for your organization.
+
+7. Clear the **Start Website immediately** check box, and then click **OK**.
+
+8. In IIS Manager, expand your local computer, and then double-click your new website. For example, _EMIEWebApp_.
+
+   The **<<i>website_name</i>> Home** pane appears.
+
+9. Double-click the **Authentication** icon, right-click on **Windows Authentication**, and then click **Enable**. 
+
+    >[!Note]
+    >You must also make sure that **Anonymous Authentication** is marked as **Enabled**.
+
+10. Return to the **<<i>website_name</i>> Home** pane, and double-click the **Connection Strings** icon.
+
+11. Open the **LOBMergedEntities Connection String** to edit: 
+
+    - **Data source.** Type the name of your local computer.
+
+    - **Initial catalog.** The name of your database.
+
+        >[!Note]
+        >Step 3 of this topic provides the steps to create your database.
+
+## Step 3 - Create and prep your database
+Create a SQL Server database and run our custom query to create the Enterprise Mode Site List tables.
+
+**To create and prep your database**
+1. Start SQL Server Management Studio.
+
+2. Open **Object Explorer** and then connect to an instance of the SQL Server Database Engine.
+
+3. Expand the instance, right-click on **Databases**, and then click **New Database**.
+
+4. Type a database name. For example, _EMIEDatabase_.
+
+5. Leave all default values for the database files, and then click **OK**.
+
+6. Open the **DatabaseScripts/Create DB Tables/1_CreateEMIETables.sql** query file, located in the deployment directory.
+
+7. Replace the database name placeholder with the database name you created earlier. For example, _EMIEDatabase_.
+
+8. Run the query.
+
+## Step 4 - Map your Application Pool to a SQL Server role
+Map your ApplicationPoolIdentity to your database, adding the db_owner role.
+
+**To map your ApplicationPoolIdentity to a SQL Server role**
+1. Start SQL Server Management Studio and connect to your database.
+
+2. Expand the database instance and then open the server-level **Security** folder.
+    
+    > [!IMPORTANT]
+    > Make sure you open the **Security** folder at the server level and not for the database.
+
+3. Right-click **Logins**, and then click **New Login**.
+
+   The **Login-New** dialog box appears.  
+
+4. Type the following into the **Login name** box, based on your server instance type:
+
+    - **Local SQL Server instance.** If you have a local SQL Server instance, where IIS and SQL Server are on the same server, type the name of your Application Pool. For example, _IIS AppPool\EMIEWebAppPool_.
+
+    - **Remote SQL Server instance.** If you have a remote SQL Server instance, where IIS and SQL Server are on different servers, type `Domain\ServerName$`.
+
+        > [!IMPORTANT]
+        > Don't click **Search** in the **Login name** box. Login name searches will resolve to a ServerName\AppPool Name account and SQL Server Management Studio won't be able to resolve the account's virtual Security ID (SID).
+
+5. Click **User Mapping** from the **Select a page** pane, click the checkbox for your database (for example, _EMIEDatabase_) from the **Users mapped to this login** pane, and then click **db_owner** from the list of available roles in the **Database role membership** pane. 
+
+6. Click **OK**.
+
+## Step 5 - Restart the Application Pool and website
+Using the IIS Manager, you must restart both your Application Pool and your website.
+
+**To restart your Application Pool and website**
+1. In IIS Manager, expand your local computer in the **Connections** pane, select your website, then click **Restart** from the **Manage Website** pane.
+
+2. In the **Connections** pane, select your Application Pool, and then click **Recycle** from the **Application Pool Tasks** pane.
+
+## Step 6 - Registering as an administrator
+After you've created your database and website, you'll need to register yourself (or another employee) as an administrator for the Enterprise Mode Site List Portal.
+
+**To register as an administrator**
+1. Open Microsoft Edge and type your website URL into the Address bar. For example, http://emieportal:8085.
+
+2. Click **Register now**.
+
+3. Type your name or alias into the **Email** box, making sure it matches the info in the drop-down box.
+
+4. Click **Administrator** from the **Role** box, and then click **Save**.
+
+5. Append your website URL with `/#/EMIEAdminConsole` in the Address bar to go to your administrator console. For example, http://emieportal:8085/#/EMIEAdminConsole.
+
+   A dialog box appears, prompting you for the system user name and password. The default user name is EMIEAdmin and the default password is Admin123. We strongly recommend that you change the password by using the **Change password** link as soon as you're done with your first visit.
+
+6. Select your name from the available list, and then click **Activate**.
+
+7. Go to the Enterprise Mode Site List Portal Home page and sign in.
+
+## Step 7 - Configure the SMTP server and port for email notification
+After you've set up the portal, you need to configure your SMTP server and port for email notifications from the system.
+
+**To set up your SMTP server and port for emails**
+1. Open Visual Studio, and then open the web.config file from your deployment directory.
+
+2. Update the SMTP server and port info with your info, using this format:
+
+    ```
+       <add key="host" value="SMTPHOST.corp.contoso.com"/>
+       <add key="port" value="2500"/>
+    ```
+3. Open the **Settings** page in the Enterprise Mode Site List Portal, and then update the email account and password info.
+
+## Step 8 - Register the scheduler service
+Register the EMIEScheduler tool and service for production site list changes.
+
+**To register the scheduler service**
+
+1. Open File Explorer and go to EMIEWebPortal.SchedulerService\EMIEWebPortal.SchedulerService in your deployment directory, and then copy the **App_Data**, **bin**, and **Logs** folders to a separate folder. For example, C:\EMIEService\.
+ 
+    >[!Important]
+    >If you can't find the **bin** and **Logs** folders, you probably haven't built the Visual Studio solution. Building the solution creates the folders and files.
+
+2. In Visual Studio start the Developer Command Prompt as an administrator, and then change the directory to the location of the InstallUtil.exe file. For example, _C:\Windows\Microsoft.NET\Framework\v4.0.30319_.
+
+3. Run the command, `InstallUtil "<path_to_service>"`. For example, _InstallUtil "C:\EMIEService\bin\Debug\EMIEWebPortal.SchedulerService.exe"._
+ 
+   You'll be asked for your user name and password for the service.
+
+4. Open the **Run** command, type `Services.msc`, and then start the EMIEScheduler service.
+
+## Related topics
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
+
+- [Use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 

browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md

@@ -0,0 +1,79 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
+ms.prod: ie11
+title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Use the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+
+The Enterprise Mode Site List Portal is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management. Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
+
+You can use IE11 and the Enterprise Mode Site List Portal to manage your Enterprise Mode Site List, hosted by the app, with multiple users.
+
+## Minimum system requirements for portal and test machines
+Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
+
+|Item |Description |
+|-----|------------|
+|Operating system |Windows 7 or later |
+|Memory |16 GB RAM |
+|Hard drive space |At least 8 GB of free space, formatted using the NTFS file system for better security |
+|Active Directory (AD) |Devices must be domain-joined |
+|SQL Server |Microsoft SQL Server Enterprise Edition 2012 or later |
+|Visual Studio |Visual Studio 2015 or later |
+|Node.js® package manager |npm Developer version or higher |
+|Additional server infrastructure |Internet Information Service (IIS) 6.0 or later |
+
+## Role assignments and available actions
+Admins can assign roles to employees for the Enterprise Mode Site List Portal, allowing the employees to perform specific actions, as described in this table.
+
+|Role assignment |Available actions |
+|----------------|------------------|
+|Requester |<ul><li>Create a change request</li><br><br><li>Validate changes in the pre-production environment</li><br><br><li>Rollback pre-production and production changes in case of failure</li><br><br><li>Send approval requests</li><br><br><li>View own requests</li><br><br><li>Sign off and close own requests</li></ul> |
+|Approver<br><br>(includes the App Manager and Group Head roles) |<ul><li>All of the Requester actions, plus:</li><br><br><li>Approve requests</li></ul> |
+|Administrator |<ul><li>All of the Requester and Approver actions, plus:</li><br><br><li>Add employees to the portal</li><br><br><li>Assign employee roles</li><br><br><li>Approve registrations to the portal</li><br><br><li>Configure portal settings (for example, determine the freeze schedule, determine the pre-production and production XML paths, and determine the attachment upload location)</li><br><br><li>Use the standalone Enterprise Mode Site List Manager page</li><br><br><li>View reports</li></ul> |
+
+## Enterprise Mode Site List Portal workflow by employee role
+The following workflow describes how to use the Enterprise Mode Site List Portal.
+
+1. [The Requester submits a change request for an app](create-change-request-enterprise-mode-portal.md)
+
+2. [The Requester tests the change request info, verifying its accuracy](verify-changes-preprod-enterprise-mode-portal.md)
+
+3. [The Approver(s) group accepts the change request](approve-change-request-enterprise-mode-portal.md)
+
+4. [The Requester schedules the change for the production environment](schedule-production-change-enterprise-mode-portal.md)
+
+5. [The change is verified against the production site list and signed off](verify-changes-production-enterprise-mode-portal.md)
+
+
+## Related topics
+- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
+
+- [Workflow-based processes for employees using the Enterprise Mode Site List Portal](workflow-processes-enterprise-mode-portal.md)
+
+- [How to use the Enterprise Mode Site List Manager tool or page](use-the-enterprise-mode-site-list-manager.md) 
+
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)
+ 
+
+ 
+
+
+

browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md

@@ -0,0 +1,66 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Verify your changes using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+>[!Important]
+>This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+
+The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
+
+- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List. 
+
+- **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
+
+- **EMIE_Reset**. A batch file that when run, reverts the changes made to the pre-production registry.
+
+## Verify and send the change request to Approvers
+The Requester tests the changes and then goes back into the Enterprise Mode Site List Portal, **Pre-production verification** page to verify whether the testing was successful.
+
+**To verify changes and send to the Approver(s)**
+1. On the **Pre-production verification** page, the Requester clicks **Successful** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
+
+2. The Requester reviews the pre-defined Approver(s), and then clicks **Send for approval**.
+
+   The Requester, the Approver group, and the Administrator group all get an email, stating that the change request is waiting for approval.
+
+
+**To rollback your pre-production changes**
+1. On the **Pre-production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the change request and testing results.
+
+2. Add a description about the issue into the **Issue description** box, and then click **Send failure details**.
+
+   The change request and issue info are sent to the Administrators.
+
+3. The Requester clicks **Roll back** to roll back the changes in the pre-production environment.
+
+    After the Requester rolls back the changes, the request can be updated and re-submitted.
+
+
+## View rolled back change requests
+The original Requester and the Administrator(s) group can view the rolled back change requests.
+
+**To view the rolled back change request**
+
+- In the Enterprise Mode Site List Portal, click **Rolled back** from the left pane.
+
+   All rolled back change requests appear, with role assignment determining which ones are visible.
+
+## Next steps
+If the change request is certified as successful, the Requester must next send it to the Approvers for approval. For the Approver-related steps, see the [Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md) topic.

browsers/internet-explorer/ie11-deploy-guide/verify-changes-production-enterprise-mode-portal.md

@@ -0,0 +1,41 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# Verify the change request update in the production environment using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+## Verify and sign off on the update in the production environment
+The Requester tests the changes in the production environment and then goes back into the Enterprise Mode Site List Portal, **Production verification** page to verify whether the testing was successful.
+
+**To verify the changes and sign off**
+- On the **Production verification** page, the Requester clicks **Successful**, optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results, optionally includes a description of the change, and then clicks **Sign off**.
+
+   The Requester, Approver group, and Administrator group all get an email, stating that the change request has been signed off.
+
+
+**To rollback production changes**
+1. On the **Production verification** page, the Requester clicks **Failed** and optionally includes any attachments (only .jpeg, .png, .jpg and .txt files are allowed) to support the testing results.
+
+2. Add a description about the issue into the **Change description** box, and then click **Send failure details**.
+
+   The info is sent to the Administrators.
+
+3. The Requester clicks **Roll back** to roll back the changes in the production environment.
+
+    After the Requester rolls back the changes, the request is automatically handled in the production and pre-production environment site lists.
+

browsers/internet-explorer/ie11-deploy-guide/view-apps-enterprise-mode-site-list.md

@@ -0,0 +1,37 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Any employee with access to the Enterprise Mode Site List Portal can view the apps included in the current Enterprise Mode Site List.
+
+**To view the active Enterprise Mode Site List**
+1. Open the Enterprise Mode Site List Portal and click the **Production sites list** icon in the upper-right area of the page.
+
+    The **Production sites list** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
+
+2. Click any URL to view the actual site, using the compatibility mode and opening in the correct browser.
+ 
+
+**To export the active Enterprise Mode Site List**
+1. On the **Production sites list** page, click **Export**.
+
+2. Save the ProductionSiteList.xlsx file.
+
+   The Excel file includes all apps in the current Enterprise Mode Site List, including URL, compatibility mode, and assigned browser.

browsers/internet-explorer/ie11-deploy-guide/view-enterprise-mode-reports-for-portal.md

@@ -0,0 +1,49 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Details about how an Administrator can view the available Enterprise Mode reports from the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: View the available Enterprise Mode reports from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+# View the available Enterprise Mode reports from the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Administrators can view the Microsoft-provided Enterprise Mode reports from the Enterprise Mode Site List Portal.
+
+**To view the reports**
+1. Open the Enterprise Mode Site List Portal and click the **Enterprise Mode reports** icon in the upper-right area of the page.
+
+    The **Enterprise Mode reports** page appears, with each app showing its URL, the compatibility mode to use, and the assigned browser to open the site.
+
+2. Use the calendars to provide the **From date** and **To date**, determining the span of time the report covers.
+
+3. Click **Apply**.
+
+    The reports all change to reflect the appropriate timeframe and group, including:
+
+    - **Total number of websites in the site list.** A box at the top of the reports page that tells you the total number of websites included in the Enterprise Mode Sit List.
+
+    - **All websites by docmode.** Shows how many change requests exist, based on the different doc modes included in the **App best viewed in** field.
+
+    - **All websites by browser.** Shows how many apps require which browser, including **IE11**, **MSEdge**, or **None**.
+
+    - **All requests by status.** Shows how many change requests exist, based on each status.
+
+    - **All requests by change type.** Shows how many change requests exist, based on the **Requested change** field.
+
+    - **Request status by group.** Shows how many change requests exist, based on both group and status.
+
+    - **Reasons for request.** Shows how many change request reasons exist, based on the **Reason for request** field.
+
+    - **Requested changes by app name.** Shows what specific apps were **Added to site list**, **Deleted from site list**, or **Updated from site list**.

browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md

@@ -6,12 +6,12 @@ description: Info about the features included in Enterprise Mode with Internet E
 author: eross-msft
 ms.prod: ie11
 ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
-title: What is Enterprise Mode (Internet Explorer 11 for IT Pros)
+title: Enterprise Mode and the Enterprise Mode Site List (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ---
 
 
-# What is Enterprise Mode?
+# Enterprise Mode and the Enterprise Mode Site List
 
 **Applies to:**
 
@@ -21,28 +21,146 @@ ms.sitesec: library
 -   Windows Server 2012 R2
 -   Windows Server 2008 R2 with Service Pack 1 (SP1)
 
-Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 8.1 Update and Windows 7 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
 
-Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to the latest version of IE. In particular, IE11 lets customers benefit from modern web standards, increased performance, improved security, and better reliability.
+## Available dual-browser experiences
+Based on the size of your legacy web app dependency, determined by the data collected with [Windows Upgrade Analytics](https://blogs.windows.com/windowsexperience/2016/09/26/new-windows-10-and-office-365-features-for-the-secure-productive-enterprise/), there are several options from which you can choose to configure your enterprise browsing environment:
 
-## Enterprise Mode features
+- Use Microsoft Edge as your primary browser.
 
+- Use Microsoft Edge as your primary browser and use Enterprise Mode to open sites in Internet Explorer 11 (IE11) that use IE proprietary technologies.
+
+- Use Microsoft Edge as your primary browser and open all intranet sites in IE11.
+
+- Use IE11 as your primary browser and use Enterprise Mode to open sites in Microsoft Edge that use modern web technologies.
+
+For more info about when to use which option, and which option is best for you, see the [Continuing to make it easier for Enterprise customers to upgrade to Internet Explorer 11 — and Windows 10](https://blogs.windows.com/msedgedev/2015/11/23/windows-10-1511-enterprise-improvements) blog.
+
+## What is Enterprise Mode?
+Enterprise Mode, a compatibility mode that runs on Internet Explorer 11 on Windows 10 devices, lets websites render using a modified browser configuration that’s designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
+
+Many customers identify web app compatibility as a significant cost to upgrading because web apps need to be tested and upgraded before adopting a new browser. The improved compatibility provided by Enterprise Mode can help give customers confidence to upgrade to IE11, letting customers benefit from modern web standards, increased performance, improved security, and better reliability.
+
+### Enterprise Mode features
 Enterprise Mode includes the following features:
 
--   **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting a number of site patterns that aren’t currently supported by existing document modes.
+- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that aren’t currently supported by existing document modes.
 
--   **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode. <p>
+- **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode.
 Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
 
--   **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the **Tools** menu and to decide whether the Enterprise browser profile appears on the **Emulation** tab of the F12 developer tools.<p>**Important**<br>All centrally-made decisions override any locally-made choices. 
+- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
 
--   **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
+    >[!Important]
+    >All centrally-made decisions override any locally-made choices. 
 
--   **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
+- **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
 
- 
+- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
 
- 
+## Enterprise Mode and the Enterprise Mode Site List XML file
+The Enterprise Mode Site List is an XML document that specifies a list of sites, their compat mode, and their intended browser. Using [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853), you can automatically start a webpage using a specific browser. In the case of IE11, the webpage can also be launched in a specific compat mode, so it always renders correctly. Your employees can easily view this site list by typing _about:compat_ in either Microsoft Edge or IE11.
 
+Starting with Windows 10, version 1511 (also known as the Anniversary Update), you can also [restrict IE11 to only the legacy web apps that need it](https://blogs.windows.com/msedgedev/2016/05/19/edge14-ie11-better-together/), automatically sending sites not included in the Enterprise Mode Site List to Microsoft Edge.
 
+### Site list xml file
+This is a view of the [raw EMIE v2 schema.xml file](https://gist.github.com/kypflug/9e9961de771d2fcbd86b#file-emie-v2-schema-xml). There are equivalent Enterprise Mode Site List policies for both [Microsoft Edge](https://docs.microsoft.com/en-us/microsoft-edge/deploy/emie-to-improve-compatibility) and [Internet Explorer 11](turn-on-enterprise-mode-and-use-a-site-list.md). The Microsoft Edge list is used to determine which sites should open in IE11; while the IE11 list is used to determine the compat mode for a site, and which sites should open in Microsoft Edge. We recommend using one list for both browsers, where each policy points to the same XML file location.
 
+```xml
+<site-list version="205">
+	<!--- File creation header --->
+	<created-by>
+		<tool>EnterpriseSiteListManager</tool>
+		<version>10586</version>
+		<date-created>20150728.135021</date-created>
+	</created-by>
+  	<!--- Begin Site List ---> 
+	<site url="www.cpandl.com">
+		<compat-mode>IE8Enterprise</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="www.woodgrovebank.com">
+		<compat-mode>default</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="adatum.com">
+		<compat-mode>IE7Enterprise</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="relecloud.com"/>  
+	<!-- default for self-closing XML tag is 
+		<compat-mode>default</compat-mode>
+		<open-in>none</open-in>
+	-->
+	<site url="relecloud.com/products">  
+		<compat-mode>IE8Enterprise"</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="contoso.com/travel">
+		<compat-mode>IE7</compat-mode>
+		<open-in>IE11</open-in>
+	</site>
+	<site url="fabrikam.com">
+		 <compat-mode>IE7</compat-mode>
+		 <open-in>IE11</open-in>
+	</site>
+</site-list>
+
+```
+
+## Enterprise Mode Site List Manager and the Enterprise Mode Site List Portal tools
+You can build and manage your Enterprise Mode Site List is by using any generic text editor. However, we’ve also provided a couple tools that can make that process even easier.
+
+### Enterprise Mode Site List Manager
+This tool helps you create error-free XML documents with simple n+1 versioning and URL verification. We recommend using this tool if your site list is relatively small. For more info about this tool, see the Use the [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md) topics.
+
+There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and Windows 10:
+
+- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
+
+	We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
+
+- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema.
+
+	If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+
+If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal.
+
+### Enterprise Mode Site List Portal
+The [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal) is an open-source web tool on GitHub that allows you to manage your Enterprise Mode Site List, hosted by the app, with multiple users. The portal is designed to use IIS and a SQL Server backend, leveraging Active Directory (AD) for employee management.
+
+In addition to all the functionality of the Enterprise Mode Site List Manager tool, the Enterprise Mode Site List Portal helps you:
+
+- Manage site lists from any device supporting Windows 7 or greater.
+
+- Submit change requests.
+
+- Operate offline through an on-premise solution.
+
+- Provide role-based governance.
+
+- Test configuration settings before releasing to a live environment.
+
+Updates to your site list are made by submitting new change requests, which are then approved by a designated group of people, put into a pre-production environment for testing, and then deployed immediately, or scheduled for deployment later.
+
+Because the tool is open-source, the source code is readily available for examination and experimentation. We encourage you to [fork the code, submit pull requests, and send us your feedback](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)! For more info about the Enterprise Mode Site List Portal, see the [Use the Enterprise Mode Site List Portal](use-the-enterprise-mode-portal.md) topics.
+
+## Related topics
+
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Technical guidance, tools, and resources on Enterprise browsing](https://technet.microsoft.com/ie)
+
+- [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501)
+
+- [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974)
+
+- [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
+
+- [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)
+
+- [Web Application Compatibility Lab Kit](https://technet.microsoft.com/microsoft-edge/mt612809.aspx)
+
+- [Microsoft Services Support](https://www.microsoft.com/en-us/microsoftservices/support.aspx)
+
+- [Find a Microsoft partner on Pinpoint](https://partnercenter.microsoft.com/pcv/search)

browsers/internet-explorer/ie11-deploy-guide/workflow-processes-enterprise-mode-portal.md

@@ -0,0 +1,42 @@
+---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: Use the topics in this section to learn how to perform all of the workflow-related processes in the Enterprise Mode Site List Portal.
+author: eross-msft
+ms.prod: ie11
+title: Workflow-based processes for employees using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
+---
+
+
+# Workflow-based processes for employees using the Enterprise Mode Site List Portal
+
+**Applies to:**
+
+-   Windows 10
+-   Windows 8.1
+-   Windows 7
+-   Windows Server 2012 R2
+-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+
+Use the topics in this section to learn how to perform the available Enterprise Mode Site List Portal processes, based on workflow.
+
+## In this section
+|Topic                                                          |Description                                                                        |
+|---------------------------------------------------------------|-----------------------------------------------------------------------------------|
+|[Create a change request using the Enterprise Mode Site List Portal](create-change-request-enterprise-mode-portal.md)|Details about how the Requester creates a change request in the Enterprise Mode Site List Portal.|
+|[Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md)|Details about how the Requester tests a change request in the pre-production environment of the Enterprise Mode Site List Portal.|
+|[Approve a change request using the Enterprise Mode Site List Portal](approve-change-request-enterprise-mode-portal.md)|Details about how the Approver(s) approve a change request in the Enterprise Mode Site List Portal.|
+|[Schedule approved change requests for production using the Enterprise Mode Site List Portal](schedule-production-change-enterprise-mode-portal.md)|Details about how the Requester schedules the approved change request update in the Enterprise Mode Site List Portal.|
+|[Verify the change request update in the production environment using the Enterprise Mode Site List Portal](verify-changes-production-enterprise-mode-portal.md)|Details about how the Requester tests an update in the production environment of the Enterprise Mode Site List Portal.|
+|[View the apps currently on the Enterprise Mode Site List](view-apps-enterprise-mode-site-list.md)|Details about how anyone with access to the portal can review the apps already on the active Enterprise Mode Site List.|
+|[View the available Enterprise Mode reports from the Enterprise Mode Site List Portal](view-enterprise-mode-reports-for-portal.md) |Details about how the Administrator can view the view the Microsoft-provided Enterprise Mode reports from the Enterprise Mode Site List Portal. |
+
+
+## Related topics
+- [Set up the Enterprise Mode Site List Portal](set-up-enterprise-mode-portal.md)
+
+- [Enterprise Mode Site List Portal source code](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal)
+
+- [Enterprise Mode and the Enterprise Mode Site List](what-is-enterprise-mode.md)

windows/access-protection/credential-guard/credential-guard-considerations.md

@@ -28,9 +28,9 @@ in the Deep Dive into Credential Guard video series.
     -   You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
     - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. 
 
-## NTLM and CHAP Considerations
+## Wi-fi and VPN Considerations
+When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. 
 
-When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections.
 
 ## Kerberos Considerations
 

windows/access-protection/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/access-protection/enterprise-certificate-pinning.md

@@ -6,7 +6,7 @@ author: MikeStephens-MS
 description: Enterprise certificate pinning is a Windows feature for remembering, or “pinning” a root, issuing certificate authority, or end entity certificate to a given domain name.  
 manager: alanth
 ms.prod: w10
-ms.technology: security
+ms.technology: windows
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high

windows/application-management/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/client-management/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/configuration/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/deployment/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/device-security/change-history-for-device-security.md

@@ -15,6 +15,7 @@ This topic lists new and updated topics in the [Device security](index.md) docum
 |New or changed topic |Description |
 |---------------------|------------|
 | [BitLocker Group Policy settings](bitlocker/bitlocker-group-policy-settings.md) | Changed startup PIN minimun length from 4 to 6. |
+| [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md) | New security policy setting. |
 
 ## March 2017
 |New or changed topic |Description |

windows/device-security/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md

@@ -6,7 +6,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
-author: brianlic-msft
+author: justinha
 ---
 
 # Network access: Restrict clients allowed to make remote calls to SAM
@@ -23,23 +23,33 @@ author: brianlic-msft
 -   Windows Server 2008 R2 with [KB 4012218](https://support.microsoft.com/en-us/help/4012218/march-2017-preview-of-monthly-quality-rollup-for-windows-7-sp1-and-windows-server-2008-r2-sp1) installed
 
 
-The **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database. The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the the KB articles listed in **Applies to** section of this topic. 
+The **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database and Active Directory. 
+The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the the KB articles listed in **Applies to** section of this topic. 
 
-This topic describes the default values for this security policy setting in different versions of Windows, related events, and how to enable audit mode before constraining the security principals that are allowed to remotely enumerate users and groups in the SAM so that your environment remains secure without adversely impacting application compatibility. 
+This topic describes the default values for this security policy setting in different versions of Windows.
+By default, computers beginning with Windows 10 version 1607 and Windows Server 2016 are more restrictive than earlier versions of Windows. 
+This means that if you have a mix of computers, such as servers that run both Windows Server 2016 and Windows Server 2012 R2, the servers that run Windows Server 2016 may fail to enumerate accounts by default where the servers that run Windows Server 2012 R2 succeed.
+
+This topic also covers related events, and how to enable audit mode before constraining the security principals that are allowed to remotely enumerate users and groups so that your environment remains secure without impacting application compatibility. 
 
 ## Reference
 
-The SAMRPC protocol makes it possible for a low privileged user to query a machine on a network for data. For example, a user can use SAMRPC to enumerate users, including privileged accounts such as local or domain administrators, or to enumerate groups and group memberships from the local SAM and Active Directory. This information can provide important context and serve as a starting point for an attacker to compromise a domain or networking environment. 
+The SAMRPC protocol makes it possible for a low privileged user to query a machine on a network for data. 
+For example, a user can use SAMRPC to enumerate users, including privileged accounts such as local or domain administrators, or to enumerate groups and group memberships from the local SAM and Active Directory. 
+This information can provide important context and serve as a starting point for an attacker to compromise a domain or networking environment. 
 
-To mitigate this risk, you can configure the **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting to force the security accounts manager (SAM) to do an access check against remote calls. The access check allows or denies remote RPC connections to SAM and Active Directory for users and groups that you define. 
+To mitigate this risk, you can configure the **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting to force the security accounts manager (SAM) to do an access check against remote calls. 
+The access check allows or denies remote RPC connections to SAM and Active Directory for users and groups that you define. 
 
-By default, the **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting is not defined. If you define it, you can edit the default Security Descriptor Definition Language (SDDL) string to explicitly allow or deny users and groups to make remote calls to the SAM. If the policy setting is left blank after the policy is defined, the policy is not enforced.   
+By default, the **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting is not defined. 
+If you define it, you can edit the default Security Descriptor Definition Language (SDDL) string to explicitly allow or deny users and groups to make remote calls to the SAM. 
+If the policy setting is left blank after the policy is defined, the policy is not enforced.   
 
-The default security descriptor on computers beginning with Windows 10 version 1607 and Windows Server 2016 allows only the local (built-in) Administrators group remote access to SAM on non-domain controllers, and allows Everyone access on domain controllers. You can edit the default security descriptor to allow or deny other users and groups, including the built-in Administrators.
+The default security descriptor on computers beginning with Windows 10 version 1607 and Windows Server 2016 allows only the local (built-in) Administrators group remote access to SAM on non-domain controllers, and allows Everyone access on domain controllers. 
+You can edit the default security descriptor to allow or deny other users and groups, including the built-in Administrators.
 
-The default security descriptor on computers that run earlier versions of Windows does not restrict any remote calls to SAM, but an administrator can edit the security descriptor to enforce restrictions. This less restrictive default allows for testing the impact of enabling restrictions on existing applications.
+The default security descriptor on computers that run earlier versions of Windows does not restrict any remote calls to SAM, but an administrator can edit the security descriptor to enforce restrictions. 
-
+This less restrictive default allows for testing the impact of enabling restrictions on existing applications.
-This means that if you have a mix of computers, such as servers that run both Windows Server 2016 and Windows Server 2012 R2, the servers that run Windows Server 2016 may fail to enumerate accounts by default where the servers that run Windows Server 2012 R2 succeed.
 
 ## Possible values
 -  Not defined
@@ -47,36 +57,39 @@ This means that if you have a mix of computers, such as servers that run both Wi
 
 ## Location
 
+On computers that run Windows Server 2016 and Windows 10, version 1607 and later, you can edit this security policy setting in the following location in the Group Policy Management Console:
+
 Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
 
 This policy setting controls a string that will contain the SDDL of the security descriptor to be deployed to the following registry setting:
 
 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictRemoteSam
 
+On computers that run earlier versions of Windows, you need to edit the registry setting directly or use Group Policy Preferences. 
+To avoid setting it manually in this case, you can configure the GPO itself on a computer that runs Windows Server 2016 or Windows 10, version 1607 or later and have it apply to all computers within the scope of the GPO because the same registry key exists on every computer after the corresponding KB is installed. 
+
 > [!NOTE] 
 This policy is implemented similarly to other Network access policies in that there is a single policy element at the registry path listed. There is no notion of a local policy versus an enterprise policy; there is just one policy setting and whichever writes last wins. For example, suppose a local administrator configures this setting as part of a local policy using the Local Security Policy snap-in (Secpol.msc), which edits that same registry path. If an enterprise administrator configures this setting as part of an enterprise GPO, that enterprise GPO will overwrite the same registry path. 
 
 ## Default values
-Beginning with Windows 10, version 1607 and Windows Server 2016, computers have hard-coded and more restrictive default values than earlier versions of Windows. The different default values help strike a balance where recent Windows versions are more secure by default and older versions don’t undergo any disruptive behavior changes. Computers that run earlier versions of Windows do not perform any access check by default. That includes domain controllers and non-domain controllers. This allows administrators to test whether applying the same restriction (that is, granting READ_CONTROL access only to members of the local Administrators group) will cause compatibility problems for existing applications before implementing this security policy setting in a production environment. 
+Beginning with Windows 10, version 1607 and Windows Server 2016, computers have hard-coded and more restrictive default values than earlier versions of Windows. 
+The different default values help strike a balance where recent Windows versions are more secure by default and older versions don’t undergo any disruptive behavior changes. 
+Administrators can test whether applying the same restriction earlier versions of Windows will cause compatibility problems for existing applications before implementing this security policy setting in a production environment. 
 
 In other words, the hotfix in each KB article provides the necessary code and functionality, but you need to configure the restriction after you install the hotfix—no restrictions are enabled by default after the hotfix is installed on earlier versions of Windows.
 
-### Default values beginning with Windows 10 version 1607 and Windows Server 2016 
-The following default values apply to computers beginning with Windows Server 2016 and Windows 10, version 1607. The default security descriptor for non-domain controllers grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group.
-
-
 | |Default SDDL	|Translated SDDL| Comments
 |---|---|---|---|
-|Domain controller (reading Active Directory|“”|-|Everyone has read permissions to preserve compatibility.
+|Windows Server 2016 domain controller (reading Active Directory)|“”|-|Everyone has read permissions to preserve compatibility.|
-|Non-domain controller|(O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>DACL: <br>•	Revision: 0x02 <br>•	Size: 0x0020 <br>•	Ace Count: 0x001 <br>•	Ace[00]------------------------- AceType:0x00 <br> (ACCESS_ALLOWED_ACE_TYPE)<br> AceSize:0x0018 <br> InheritFlags:0x00 <br> Access Mask:0x00020000 <br> AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544) <br><br> SACL: Not present |Only members of the local (built-in) Administrators group get access.|
+|Earlier domain controller |-|-|No access check is performed by default.|
-
+|Windows 10, version 1607 non-domain controller|(O:SYG:SYD:(A;;RC;;;BA)| Owner: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>Primary group: NTAUTHORITY/SYSTEM (WellKnownGroup) (S-1-5-18) <br>DACL: <br>•	Revision: 0x02 <br>•	Size: 0x0020 <br>•	Ace Count: 0x001 <br>•	Ace[00]------------------------- <br> &nbsp;&nbsp;AceType:0x00 <br> &nbsp;&nbsp;(ACCESS_ALLOWED_ACE_TYPE)<br> &nbsp;&nbsp;AceSize:0x0018 <br> &nbsp;&nbsp;InheritFlags:0x00 <br> &nbsp;&nbsp;Access Mask:0x00020000 <br> &nbsp;&nbsp;AceSid: BUILTIN\Administrators (Alias) (S-1-5-32-544) <br><br> &nbsp;&nbsp;SACL: Not present |Grants RC access (READ_CONTROL, also known as STANDARD_RIGHTS_READ) only to members of the local (built-in) Administrators group. |
-### Default values for earlier versions of Windows
+|Earlier non-domain controller |-|-|No access check is performed by default.|
-
-The following sections explain how to enable audit only mode to test the restriction while using applications you plan to run. 
 
 ## Policy management
 
-This section explains how to configure audit-only mode, how to analyze related events that are logged when the Network access: Restrict clients allowed to make remote calls to SAM security policy setting is enabled, and how to configure event throttling to prevent flooding the event log.
+This section explains how to configure audit-only mode, how to analyze related events that are logged when the **Network access: Restrict clients allowed to make remote calls to SAM** security policy setting is enabled, and how to configure event throttling to prevent flooding the event log.
+
+
 
 ### Audit only mode
 
@@ -95,9 +108,7 @@ Audit only mode configures the SAM interface to do the access check against the
 There are corresponding events that indicate when remote calls to the SAM are restricted, what accounts attempted to read from the SAM database, and more. The following workflow is recommended to identify applications that may be affected by restricting remote calls to SAM:
 1.	Dump event logs to a common share. 
 2.	Parse them with the [Events 16962 - 16969 Reader](https://gallery.technet.microsoft.com/Events-16962-16969-Reader-2eae5f1d) script. 
-3.	Look for the following events: <br>
+3.	Review Event IDs 16962 to 16969, as listed in the following table, in the System log with event source Directory-Service-SAM.
-•	For domain controllers, events are logged in the Directory Services log in Event Viewer with event source Directory-Service-SAM (from Event ID 16962 to 16969, as listed in the following table). <br>
-•	For non-domain controllers, the same event IDs are logged in the System log with event source Directory-Service-SAM. 
 4.	Identify which security contexts are enumerating users or groups in the SAM database. 
 5.	Prioritize the callers, determine if they should be allowed or not, then include the allowed callers in the SDDL string.
 

windows/device-security/tpm/trusted-platform-module-services-group-policy-settings.md

@@ -21,29 +21,14 @@ The TPM Services Group Policy settings are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-| Setting         | Windows 10, version 1607 and Windows Server 2016 | Windows 10, version 1511 and Windows 10, version 1507 |
+### Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0
-|-----------------|--------------------------------------------------|-------------------------------------------------------|
-| [Turn on TPM backup to Active Directory Domain Services](#turn-on-tpm-backup-to-active-directory-domain-services) |           | X      |
-| [Configure the list of blocked TPM commands](#configure-the-list-of-blocked-tpm-commands)              | X         | X      |
-| [Ignore the default list of blocked TPM commands](#ignore-the-default-list-of-blocked-tpm-commands)          | X         | X      |
-| [Ignore the local list of blocked TPM commands](#ignore-the-local-list-of-blocked-tpm-commands)            | X         | X      |
-| [Configure the level of TPM owner authorization information available to the operating system](#configure-the-level-of-tpm-owner-authorization-information-available-to-the-operating-system) | X         | X      |
-| [Standard User Lockout Duration](#standard-user-lockout-duration)                           | X         | X      |
-| [Standard User Individual Lockout Threshold](#standard-user-individual-lockout-threshold)               | X         | X      |
-| [Standard User Total Lockout Threshold](#standard-user-total-lockout-threshold)                         | X         | X      |
 
-### Turn on TPM backup to Active Directory Domain Services
+Introduced in Windows 10, version 1703, this policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if: a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607, and b) the System has a TPM 2.0. 
 
-This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of TPM owner information.
+Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to: 
+a) disable it from group policy and b) clear the TPM on the system.
 
-TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands.
+**The following Group Policy settings were introduced in Window 10:**
-
-> [!IMPORTANT]
-> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
-
-If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
-
-If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
 
 ### Configure the list of blocked TPM commands
 
@@ -164,6 +149,13 @@ An administrator with the TPM owner password can fully reset the TPM's hardware
 
 If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
 
+> [!IMPORTANT]
+> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
+
+If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
+
+If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
+
 ## Related topics
 
 - [Trusted Platform Module](trusted-platform-module-top-node.md) (list of topics)

windows/hub/docfx.json

@@ -34,7 +34,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/threat-protection/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],

windows/threat-protection/windows-defender-atp/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md

@@ -26,6 +26,9 @@ localizationpriority: high
 ## Configure endpoints using System Center Configuration Manager (current branch) version 1606
 System Center Configuration Manager (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
 
+>[!NOTE]
+> If you’re using SCCM client version 1606 with server version 1610 or above, you must upgrade the client version to match the server version.
+
 <span id="sccm1602"/>
 ## Configure endpoints using System Center Configuration Manager earlier versions
 You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions:

windows/whats-new/docfx.json

@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],