diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 6b56d24b8f..d25e2670b7 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -9,7 +9,7 @@ ms.pagetype: devices
 author: jdeckerms
 ms.localizationpriority: medium
 ms.author: jdecker
-ms.date: 10/17/2017
+ms.date: 11/28/2017
 ---
 
 # Connect to remote Azure Active Directory-joined PC
@@ -19,7 +19,7 @@ ms.date: 10/17/2017
 
 -   Windows 10
 
-From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is joined to Azure Active Directory (Azure AD).
+From its release, Windows 10 has supported remote connections to PCs that are joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/device-management-azuread-joined-devices-setup).
 
 ![Remote Desktop Connection client](images/rdp.png)
 
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 36cb3a412a..495f5b8cb3 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerms
 ms.localizationpriority: high
+ms.date: 11/28/2017
 ---
 
 # Changes to Group Policy settings for Windows 10 Start
@@ -92,10 +93,6 @@ These policy settings are available in **Administrative Templates\\Start Menu an
 <tr class="odd">
 <td align="left">Start Layout</td>
 <td align="left"><p>This applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in <strong>User Configuration</strong> or <strong>Computer Configuration</strong>.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>Start Layout policy setting applies only to Windows 10 Enterprise and Windows 10 Education.</p>
-</div>
 <div>
  
 </div></td>
diff --git a/windows/configuration/windows-diagnostic-data.md b/windows/configuration/windows-diagnostic-data.md
index f540930a40..3cfd6d422a 100644
--- a/windows/configuration/windows-diagnostic-data.md
+++ b/windows/configuration/windows-diagnostic-data.md
@@ -37,7 +37,7 @@ Most diagnostic events contain a header of common data:
 
 | Category Name | Examples |
 | - | - |
-| Common Data | Information that is added to most diagnostic events, if relevant and available:<br><ul><li>OS name, version, build, and [locale](https://msdn.microsoft.com/library/windows/desktop/dd318716.aspx)</li><li>User ID -- a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data</li><li>Xbox UserID</li><li>Environment from which the event was logged -- Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.</li><li>The diagnostic event name, Event ID, [ETW](https://msdn.microsoft.com/library/windows/desktop/bb968803.aspx) opcode, version, schema signature, keywords, and flags</li><li>HTTP header information including IP address. This is not the IP address of the device but the source address in the network packet header received by the diagnostics ingestion service.</li><li>Various IDs that are used to correlate and sequence related events together.</li><li>Device ID. This is not the user provided device name, but an ID that is unique for that device.</li><li>Device class -- Desktop, Server, or Mobile</li><li>Event collection time</li><li>Diagnostic level --  Basic or Full, Sample level -- for sampled data, what sample level is this device opted into</li></ul> |
+| Common Data | Information that is added to most diagnostic events, if relevant and available:<br><ul><li>OS name, version, build, and [locale](https://msdn.microsoft.com/library/windows/desktop/dd318716.aspx)</li><li>User ID -- a unique identifier associated with the user's Microsoft Account (if one is used) or local account. The user's Microsoft Account identifier is not collected from devices configured to send Basic diagnostic data</li><li>Xbox UserID</li><li>Environment from which the event was logged -- Application ID of app or component that logged the event, Session GUID. Used to track events over a given period of time such the period an app is running or between boots of the OS.</li><li>The diagnostic event name, Event ID, [ETW](https://msdn.microsoft.com/library/windows/desktop/bb968803.aspx) opcode, version, schema signature, keywords, and flags</li><li>HTTP header information, including the IP address. This IP address is the source address that’s provided by the network packet header and received by the diagnostics ingestion service.</li><li>Various IDs that are used to correlate and sequence related events together.</li><li>Device ID. This is not the user provided device name, but an ID that is unique for that device.</li><li>Device class -- Desktop, Server, or Mobile</li><li>Event collection time</li><li>Diagnostic level --  Basic or Full, Sample level -- for sampled data, what sample level is this device opted into</li></ul> |
 
 ## ​Device, Connectivity, and Configuration data
 
diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
index 2df8404822..46290126ff 100644
--- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
@@ -16,7 +16,7 @@ ms.date: 11/07/2017
 - Windows 10
 - Windows Server 2016 
 
-Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. 
+Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. 
 Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.  
 
 Some applications, including device drivers, may be incompatible with HVCI. 
@@ -34,7 +34,9 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT
 > You must be an administrator to perform this procedure. 
 
 1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab).
+
 2. Open the cabinet file.
+
 3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: 
 
    C:\Windows\System32\CodeIntegrity
diff --git a/windows/device-security/images/turn-windows-features-on-or-off.png b/windows/device-security/images/turn-windows-features-on-or-off.png
index a2d0763666..8d47a53b51 100644
Binary files a/windows/device-security/images/turn-windows-features-on-or-off.png and b/windows/device-security/images/turn-windows-features-on-or-off.png differ
diff --git a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
index d216067757..8dc6263371 100644
--- a/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -30,6 +30,9 @@ ms.date: 10/17/2017
 
 The Windows Defender Advanced Threat Protection agent depends on Windows Defender Antivirus for some capabilities such as file scanning.
 
+>[!IMPORTANT]
+>Windows Defender ATP does not adhere to the Windows Defender Antivirus Exclusions settings. 
+
 You must configure the signature updates on the Windows Defender ATP endpoints whether Windows Defender Antivirus is the active antimalware or not. For more information, see [Manage Windows Defender Antivirus updates and apply baselines](../windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md).
 
 If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender Antivirus on that endpoint will enter into passive mode.
diff --git a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
index 10f8fbb28c..bf1c9e6d63 100644
--- a/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/troubleshoot-onboarding-error-messages-windows-defender-advanced-threat-protection.md
@@ -69,7 +69,7 @@ If the portal dashboard, and other sections show an error message such as "Data
 
 ![Image of data currently isn't available](images/atp-data-not-available.png)
 
-You'll need to whitelist the `security.windows.com` and all sub-domains under it.
+You'll need to whitelist the `security.windows.com` and all sub-domains under it. For example `*security.windows.com`.
 
 
 ## Related topics