Merged PR 3106: Merge vsts1001230 to master

windows/device-security/security-policy-settings/password-must-meet-complexity-requirements.md

@@ -30,7 +30,9 @@ The **Passwords must meet complexity requirements** policy setting determines wh
     -   Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
     -   Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
     -   Base 10 digits (0 through 9)
-    -   Non-alphanumeric characters (special characters) (for example, !, $, \#, %)
+    -   Non-alphanumeric characters (special characters): 
+        (~!@#$%^&*_-+=`|\\(){}\[\]:;"'<>,.?/)
+        Currency symbols such as the Euro or British Pound are not counted as special characters for this policy setting.
     -   Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
 
 Complexity requirements are enforced when passwords are changed or created.

windows/device-security/tpm/tpm-recommendations.md

@@ -105,7 +105,6 @@ The following table defines which Windows features require TPM support.
 | Passport: Domain AADJ Join                   | Required                 | Required                 | Supports both versions of TPM, but requires TPM with HMAC and EK certificate for key attestation support.  |
 | Passport: MSA or Local Account               | Required                 | Required                 | TPM 2.0 is required with HMAC and EK certificate for key attestation support.      |
 | Device Encryption                            | Not Applicable           | Required                 | TPM 2.0 is required for all InstantGo devices.                |
-| Device Guard / Configurable Code Integrity   | Not Applicable          | Required              | Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.                   |
 | Credential Guard                             | Required                 | Required                 | For Windows 10, version 1511, TPM 1.2 or 2.0 is highly recommended. If you don't have a TPM installed, Credential Guard will still be enabled, but the keys used to encrypt Credential Guard will not be protected by the TPM.   |
 | Device Health Attestation                    | Required                 | Required                 |                    |
 | Windows Hello / Windows Hello for Business   | Not Required             | Recommended              | Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. [How keys are protected](https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-how-it-works#how-keys-are-protected)                   |