diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index 576b2cc42a..e06f28392e 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -105,4 +105,4 @@ "git_repository_branch_open_to_public_contributors": "master", "skip_source_output_uploading": false, "dependent_repositories": [] -} +} \ No newline at end of file diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md index 60c93b0051..29090e5faa 100644 --- a/browsers/edge/Index.md +++ b/browsers/edge/Index.md @@ -16,6 +16,8 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile +>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare). + Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities. Microsoft Edge lets you stay up-to-date through the Windows Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools. @@ -48,11 +50,11 @@ However, if you're running web apps that continue to use: * legacy document modes -You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md). +You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md). ## Related topics -- [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=290956) -- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760644) -- [Internet Explorer 11 - FAQ for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760645) -- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](http://go.microsoft.com/fwlink/p/?LinkId=760646) +- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956) +- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644) +- [Internet Explorer 11 - FAQ for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760645) +- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646) diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md index 22c69f91b8..c7e1e2fcd2 100644 --- a/browsers/edge/available-policies.md +++ b/browsers/edge/available-policies.md @@ -19,7 +19,7 @@ localizationpriority: high Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. -
**Note**
For more info about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](http://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](http://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](http://go.microsoft.com/fwlink/p/?LinkId=617924).
+
**Note**
For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
## Group Policy settings
Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
@@ -48,7 +48,7 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
|Show message when opening sites in Internet Explorer |Windows 10 Insider Preview |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
If you disable or don’t configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.
**Disabled or not configured (default):** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. | ## Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge -If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( http://go.microsoft.com/fwlink/p/?LinkId=722885) page. +If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
**Note**
The **Supports** column uses these options:
@@ -102,8 +102,8 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
|AllowSyncMySettings |Desktop |
**Note**
If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714).
+
**Note**
If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
## Fix specific websites
@@ -27,7 +27,7 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip
 **To add sites to your list**
-1. In the Enterprise Mode Site List Manager, click **Add**.
If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](http://go.microsoft.com/fwlink/p/?LinkId=618322).
 +1. In the Enterprise Mode Site List Manager, click **Add**.
If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](https://go.microsoft.com/fwlink/p/?LinkId=618322).
 2. Type or paste the URL for the website that’s experiencing compatibility problems, like *<domain>*.com or *<domain>*.com/*<path>* into the **URL** box.
You don’t need to include the `http://` or `https://` designation. The tool will automatically try both versions during validation. @@ -37,11 +37,11 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip 5. Click **Save** to validate your website and to add it to the site list for your enterprise.
If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway. -6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](http://go.microsoft.com/fwlink/p/?LinkId=618952). +6. On the **File** menu, go to where you want to save the file, and then click **Save to XML**.
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](https://go.microsoft.com/fwlink/p/?LinkId=618952). ### Set up Microsoft Edge to use the Enterprise Mode site list -You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](http://go.microsoft.com/fwlink/p/?linkid=618377). +You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).  **To turn on Enterprise Mode using Group Policy** @@ -70,7 +70,7 @@ You must turn on the **Use Enterprise Mode Site List** Group Policy setting befo ## Fix your intranet sites You can add the **Send all intranet traffic over to Internet Explorer** Group Policy setting for Windows 10 so that all of your intranet sites open in IE11. This means that even if your employees are using Microsoft Edge, they will automatically switch to IE11 while viewing the intranet. -
**Note**
If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714).
+
**Note**
If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 **To turn on Sends all intranet traffic over to Internet Explorer using Group Policy**
@@ -81,11 +81,11 @@ You can add the **Send all intranet traffic over to Internet Explorer** Group Po
3. Refresh your policy in your organization and then view the affected sites in Microsoft Edge.
The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is. ## Related topics -* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](http://go.microsoft.com/fwlink/p/?LinkID=624035) -* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](http://go.microsoft.com/fwlink/p/?LinkId=394378) -* [Enterprise Mode Site List Manager for Windows 10 download](http://go.microsoft.com/fwlink/?LinkId=746562) -* [Enterprise Mode for Internet Explorer 11 (IE11)](http://go.microsoft.com/fwlink/p/?linkid=618377) -* [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714) +* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035) +* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](https://go.microsoft.com/fwlink/p/?LinkId=394378) +* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562) +* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377) +* [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714) diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md index 436053d3ec..a3dcf46f40 100644 --- a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md +++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md @@ -21,7 +21,7 @@ localizationpriority: high - Windows 10 ## Enterprise guidance -Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956). +Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10. diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/hardware-and-software-requirements.md index 2c56db269a..d423c37bd4 100644 --- a/browsers/edge/hardware-and-software-requirements.md +++ b/browsers/edge/hardware-and-software-requirements.md @@ -29,7 +29,7 @@ Some of the components in this table might also need additional system resources | Item | Minimum requirements | | ------------------ | -------------------------------------------- | | Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) | -| Operating system |
**Note**
For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](http://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
+| Operating system |
**Note**
For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
| Memory |
**Important**
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](http://go.microsoft.com/fwlink/p/?LinkId=276810).
+
**Important**
Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
## Administrative Templates-related Group Policy settings
When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
@@ -68,11 +68,11 @@ IE11 provides these new policy settings, which are editable in the Local Group P
## Editing Group Policy settings
Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
-- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](http://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
+- **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
-- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](http://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
+- **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
## Related topics
-- [Administrative templates (.admx) for Windows 10 download](http://go.microsoft.com/fwlink/p/?LinkId=746579)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=746580)
+- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
+- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index ede7f497c1..a64b645896 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -32,7 +32,7 @@ If you experience issues while setting up your proxy server, you can try these t
2. Click **Settings** or **LAN Settings**, and then look at your proxy server address.
-3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
**Note**
If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](http://go.microsoft.com/fwlink/p/?LinkId=85652).
+3. If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.
**Note**
If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
 **To check that you've turned on the correct settings**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 9a5efa2a85..c430862513 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -37,7 +37,7 @@ For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry
## Updating your automatic configuration settings
After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-
**Important**
Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514).
+
**Important**
Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
 **To update your settings**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index 4844421fea..b93b60f816 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -29,7 +29,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.
**No 2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md). -3. Open the [DHCP Administrative Tool](http://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](http://go.microsoft.com/fwlink/p/?LinkId=294649). +3. Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).  **To turn on automatic detection for DNS servers** @@ -37,7 +37,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.
**No 2. Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. -3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note**
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](http://go.microsoft.com/fwlink/p/?LinkId=294651).
+3. In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.
**-OR-**
Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
**Note** **Note** **Note** **Note** **Note** This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices. Note This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices. Note Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy preferences, Administrative Templates (.admx), or the IEAK 11. Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the Security settings or Group Policy Preferences within the Internet Zone settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user. |
|[Missing the Compatibility View Button](missing-the-compatibility-view-button.md) |Compatibility View was introduced in Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the IE web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior. Thanks to these changes, using IE11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the Compatibility View button and reducing the number of compatibility options in the F12 developer tools for developers. |
-|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List. The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=398474).
+|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List. The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=398474).
## IE11 naming conventions
@@ -56,5 +56,5 @@ IE11 offers differing experiences in Windows 8.1:
## Related topics
- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index c14130d8c1..37a5a38754 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -11,7 +11,7 @@ ms.sitesec: library
# Install Internet Explorer 11 (IE11) using Microsoft Intune
-Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=301805).
+Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805).
## Adding and deploying the IE11 package
You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune.
@@ -22,7 +22,7 @@ You can add and then deploy the IE11 package to any computer that's managed by M
2. Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi).
-For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](http://go.microsoft.com/fwlink/p/?LinkId=301806).
+For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806).
 **To automatically deploy and install the IE11 package**
@@ -32,7 +32,7 @@ For more info about how to decide which one to use, and how to use it, see [Depl
3. After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard.
-For more info about this, see [Deploy and configure apps](http://go.microsoft.com/fwlink/p/?LinkId=301806).
+For more info about this, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806).
 **To let your employees install the IE11 package**
@@ -40,7 +40,7 @@ For more info about this, see [Deploy and configure apps](http://go.microsoft.co
2. Any employee in the assigned group can now install the package.
-For more info about this, see [Update apps using Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=301808)
+For more info about this, see [Update apps using Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301808)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 10ee844152..88f8a3c2f5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -16,15 +16,15 @@ You can install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit
You'll need to extract the .cab file for each supported operating system and platform combination and the .msu file for each prerequisite update. Download the IE11 update and prerequisites here:
-- [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=279697)
+- [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=279697)
-- [Microsoft Update Catalog](http://go.microsoft.com/fwlink/p/?LinkId=214287)
+- [Microsoft Update Catalog](https://go.microsoft.com/fwlink/p/?LinkId=214287)
After you install the .msu file updates, you'll need to add them to your MDT deployment. You'll also need to extract the IE11 .cab update file from the IE11 installation package, using the `/x` command-line option. For example, `IE11-Windows6.1-x64-en-us.exe /x:c:\ie11cab`.
## Installing IE11 using Microsoft Deployment Toolkit (MDT)
-MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?linkid=331148).
+MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?linkid=331148).
 **To add IE11 to a MDT deployment share**
@@ -43,9 +43,9 @@ You can add the IE11 update while you're performing offline servicing, or slipst
These articles have step-by-step details about adding packages to your Windows images:
-- For Windows 8.1, see [Add or Remove Packages Offline Using DISM](http://go.microsoft.com/fwlink/p/?LinkId=276791).
+- For Windows 8.1, see [Add or Remove Packages Offline Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=276791).
-- For Windows 7 SP1, see [Add or Remove Packages Offline](http://go.microsoft.com/fwlink/p/?LinkId=214490).
+- For Windows 7 SP1, see [Add or Remove Packages Offline](https://go.microsoft.com/fwlink/p/?LinkId=214490).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index e2d8357a13..3e5c532158 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -12,7 +12,7 @@ ms.sitesec: library
# Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager
-You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
+You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
 **To install IE11**
@@ -24,7 +24,7 @@ You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Con
4. Move the installation package to your distribution points, and then advertise the package.
-You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](http://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](http://go.microsoft.com/fwlink/p/?LinkId=214266).
+You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](https://go.microsoft.com/fwlink/p/?LinkId=214266).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 834f2e439a..d3d5a75fb7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -11,7 +11,7 @@ ms.sitesec: library
# Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS)
-Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790).
+Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
 **To import from Windows Update to WSUS**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index 436279ba14..b077e4a853 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -21,7 +21,7 @@ If you do, you can:
- Temporarily turn off your antispyware and antivirus software.
-- Try another IE11 installer. For example from [Windows Update](http://go.microsoft.com/fwlink/p/?LinkId=302315) or from the [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=327753) website.
+- Try another IE11 installer. For example from [Windows Update](https://go.microsoft.com/fwlink/p/?LinkId=302315) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
- Review the `IE11_main.log` file in the `\Windows` folder. This log file has information about each installation and is appended for each subsequent installation.
@@ -38,16 +38,16 @@ If Internet Explorer doesn't finish installing, it might mean that Windows Updat
2. After the uninstall finishes, restart your computer.
-2. Run [Windows Update](http://go.microsoft.com/fwlink/p/?LinkId=302315), clicking **Check for updates**.
+2. Run [Windows Update](https://go.microsoft.com/fwlink/p/?LinkId=302315), clicking **Check for updates**.
3. Check the list for IE11. If it's included in the list of updates for download, exclude it before you update your computer.
-If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](http://go.microsoft.com/fwlink/p/?LinkId=302316).
+If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](https://go.microsoft.com/fwlink/p/?LinkId=302316).
4. Restart your computer, making sure all of your the updates are finished.
-5. Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=327753) website.
+5. Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
-If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](http://go.microsoft.com/fwlink/p/?LinkId=304130).
+If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=304130).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 9b2e1ed634..3964c4c779 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -34,11 +34,11 @@ For more information about all of the new options and Group Policy, see:
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
-- [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=279876)
+- [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876)
-- [Group Policy ADMX Syntax Reference Guide](http://go.microsoft.com/fwlink/p/?LinkId=276830)
+- [Group Policy ADMX Syntax Reference Guide](https://go.microsoft.com/fwlink/p/?LinkId=276830)
-- [Enable and Disable Settings in a Preference Item](http://go.microsoft.com/fwlink/p/?LinkId=282671)
+- [Enable and Disable Settings in a Preference Item](https://go.microsoft.com/fwlink/p/?LinkId=282671)
## IEM replacements
The IEM settings have replacements you can use in either Group Policy Preferences or IEAK 11.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index e958cd4c17..b17d3b59ae 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -19,7 +19,7 @@ If you’re having problems launching your legacy apps while running Internet Ex
2. **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-For more information, see the [Web Applications](http://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
+For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 4f515957e4..d63465dbe0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -95,5 +95,5 @@ After you've finished updating and deploying your Group Policy, you can use the
1. Open and run the Resultant Set of Policy (RSoP) wizard, specifying the information you want to see.
2. Open your wizard results in the Group Policy Management Console (GPMC).
-For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](http://go.microsoft.com/fwlink/p/?LinkId=395201)
+For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](https://go.microsoft.com/fwlink/p/?LinkId=395201)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index d401d44c35..8baab504ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -32,7 +32,7 @@ Out-of-date ActiveX control blocking lets you:
- Update the outdated control, so that it’s up-to-date and safer to use.
-The out-of-date ActiveX control blocking feature works with all [Security Zones](http://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
+The out-of-date ActiveX control blocking feature works with all [Security Zones](https://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
It also works with these operating system and IE combinations:
@@ -46,7 +46,7 @@ It also works with these operating system and IE combinations:
|Windows Server 2008 SP2 |Windows Internet Explorer 9 only |
|Windows Vista SP2 |Windows Internet Explorer 9 only |
-For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](http://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](http://go.microsoft.com/fwlink/p/?LinkId=517023).
+For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=517023).
## What does the out-of-date ActiveX control blocking notification look like?
When IE blocks an outdated ActiveX control, you’ll see a notification bar similar to this, depending on your version of IE:
@@ -89,7 +89,7 @@ IE opens the app’s website.
IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here:
-- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?LinkId=798230)
+- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?LinkId=798230)
- [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
**Security Note:** **Note** **Note**
-If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](http://go.microsoft.com/fwlink/?LinkId=746588).
+If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
-IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Windows Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
+IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Windows Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index e8d5863f27..017f71560c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -33,8 +33,8 @@ This is a permanent removal and erases everything. However, if you determine it
2. Click **Yes** in the warning message. Your sites are all cleared from your list.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 5ac02b4039..98e002f0ea 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -31,8 +31,8 @@ You can save your current Enterprise Mode compatibility site list as an XML file
The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index ebb873545e..b45e7b3744 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -29,8 +29,8 @@ You can search to see if a specific site already appears in your global Enterpri
The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 4857a6af0a..7f11bf5d7f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -17,7 +17,7 @@ You can use the Group Policy setting, **Set a default associations configuration
 **To set the default browser as Internet Explorer 11**
1. Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.
-Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( http://go.microsoft.com/fwlink/p/?LinkId=618268).
+Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).

diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index 7d015c9dbe..7a8ec67cc5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -36,7 +36,7 @@ When you turn logging on, you need a valid URL that points to a server that can
 **To set up an endpoint server**
-1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](http://go.microsoft.com/fwlink/p/?LinkId=507609).
+1. Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
2. Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.
This lets you create an ASP form that accepts the incoming POST messages.
@@ -72,7 +72,7 @@ This is what your log files will look like after you set everything up and at le
## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](http://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.
+Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.
This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
**Note**
-For more information about virtualization options, see [Microsoft Desktop Virtualization](http://go.microsoft.com/fwlink/p/?LinkId=271662).
+- **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](https://go.microsoft.com/fwlink/p/?LinkId=271654).
+For more information about virtualization options, see [Microsoft Desktop Virtualization](https://go.microsoft.com/fwlink/p/?LinkId=271662).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index deb9fe9032..44cf261391 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -32,7 +32,7 @@ Enterprise Mode includes the following features:
- **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting a number of site patterns that aren’t currently supported by existing document modes.
- **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode.
-Download the [Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
+Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
- **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the **Tools** menu and to decide whether the Enterprise browser profile appears on the **Emulation** tab of the F12 developer tools. **Important**
@@ -84,7 +84,7 @@ Enterprise Mode Site List Manager tool gives you a way to add websites to your E
For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
**Q: Are browser plug-ins supported in IE11?**
@@ -116,15 +116,15 @@ For more information, see [New group policy settings for IE11](../ie11-deploy-gu
**Q: Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?** **Examples:** **-OR-**
Create a canonical name (CNAME) alias record, named **WPAD**. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.
-**Note**
-In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](http://go.microsoft.com/fwlink/p/?LinkId=71300)).
+- **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](https://go.microsoft.com/fwlink/p/?LinkId=71298)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](https://go.microsoft.com/fwlink/p/?LinkId=71299)). You should read the documentation included with these tools for more info about all of the signing options.
+In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](https://go.microsoft.com/fwlink/p/?LinkId=71300)).
- **If you plan to distribute your custom packages over an intranet**, sign the custom files or preconfigure the Local intranet zone with a Low security setting, because the default security setting does not allow users to download unsigned programs or code.
diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
index 6b6083ba4b..c82891ed56 100644
--- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
+++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
@@ -612,7 +612,7 @@ catch
{
PrintError "Some dependencies are missing"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366"
- PrintError "Please install the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+ PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
CleanupAndFail
}
@@ -1119,7 +1119,7 @@ if ($fHasOnline)
}
catch
{
- CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+ CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
}
}
@@ -1518,7 +1518,7 @@ if ($online)
{
PrintError "Some dependencies are missing"
PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366"
- PrintError "Please install the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+ PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
CleanupAndFail
}
}
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index ac058c3745..de3aee64d1 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -100,8 +100,8 @@ From here on, you'll need to finish the account creation process using PowerShel
In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console:
-- [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](http://go.microsoft.com/fwlink/?LinkId=718149)
-- [Windows Azure Active Directory Module for Windows PowerShell](http://go.microsoft.com/fwlink/p/?linkid=236297)
+- [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](https://go.microsoft.com/fwlink/?LinkId=718149)
+- [Windows Azure Active Directory Module for Windows PowerShell](https://go.microsoft.com/fwlink/p/?linkid=236297)
- [Skype for Business Online, Windows PowerShell Module](http://www.microsoft.com/download/details.aspx?id=39366)
### Connecting to online services
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index 3083553e68..b28e3e7208 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -16,18 +16,18 @@ localizationpriority: medium
Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
-The [Operations Management Suite (OMS)](http://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. You can use OMS to help you track the health of your Surface Hubs as well as understand how they are being used. Log files are read on the devices and sent to the OMS service. Issues like servers being offline, the calendar not syncing, or the device account being unable to log into Skype are shown in OMS in the Surface Hub dashboard. By using the data in the dashboard, you can identify devices that are not running, or that are having other problems, and potentially apply fixes for the detected issues.
+The [Operations Management Suite (OMS)](https://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. You can use OMS to help you track the health of your Surface Hubs as well as understand how they are being used. Log files are read on the devices and sent to the OMS service. Issues like servers being offline, the calendar not syncing, or the device account being unable to log into Skype are shown in OMS in the Surface Hub dashboard. By using the data in the dashboard, you can identify devices that are not running, or that are having other problems, and potentially apply fixes for the detected issues.
### OMS requirements
In order to manage your Surface Hubs from the Microsoft Operations Management Suite (OMS), you'll need the following:
- A valid [subscription to OMS](http://www.microsoft.com/server-cloud/operations-management-suite/overview.aspx).
-- [Subscription level](http://go.microsoft.com/fwlink/?LinkId=718139) in line with the number of devices. OMS pricing varies depending on how many devices are enrolled, and how much data it processes. You'll want to take this into consideration when planning your Surface Hub rollout.
+- [Subscription level](https://go.microsoft.com/fwlink/?LinkId=718139) in line with the number of devices. OMS pricing varies depending on how many devices are enrolled, and how much data it processes. You'll want to take this into consideration when planning your Surface Hub rollout.
-Next, you will either add an OMS subscription to your existing Microsoft Azure subscription or create a new workspace directly through the OMS portal. Detailed instructions for setting up the account can be found at: [Onboard in minutes](http://go.microsoft.com/fwlink/?LinkId=718141). Once the OMS subscription is set up, there are two ways to enroll your Surface Hub devices:
+Next, you will either add an OMS subscription to your existing Microsoft Azure subscription or create a new workspace directly through the OMS portal. Detailed instructions for setting up the account can be found at: [Onboard in minutes](https://go.microsoft.com/fwlink/?LinkId=718141). Once the OMS subscription is set up, there are two ways to enroll your Surface Hub devices:
-1. Automatically through [InTune](http://go.microsoft.com/fwlink/?LinkId=718150), or
+1. Automatically through [InTune](https://go.microsoft.com/fwlink/?LinkId=718150), or
2. Manually through Settings.
### Setting up monitoring
diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md
index 7c201fd78e..489e6a03a3 100644
--- a/devices/surface-hub/physically-install-your-surface-hub-device.md
+++ b/devices/surface-hub/physically-install-your-surface-hub-device.md
@@ -14,12 +14,12 @@ localizationpriority: medium
# Physically install Microsoft Surface Hub
-The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
+The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
You may also want to check out the Unpacking Guide. It will show you how to unpack the devices efficiently and safely. There are two guides, one for the 55" and one for the 84". A printed version of the Unpacking Guide is attached to the outside front of each unit's shipping crate.
-- Download the 55" Unpacking Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718145).
-- Download the 84" version from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718146).
+- Download the 55" Unpacking Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718145).
+- Download the 84" version from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718146).
diff --git a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
index cbad03aa49..59e451d855 100644
--- a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
+++ b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
@@ -58,7 +58,7 @@ In order to create and deploy provisioning packages, all of the following are re
### Install the Windows Imaging and Configuration Designer
-1. The Windows Imaging and Configuration Designer (ICD) is installed as part of the Windows 10 ADK. The installer for the ADK can be downloaded from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718147).
+1. The Windows Imaging and Configuration Designer (ICD) is installed as part of the Windows 10 ADK. The installer for the ADK can be downloaded from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718147).
>**Note** The ADK must be installed on a separate PC, not on the Surface Hub.
2. Run the installer, and set your preferences for installation. When asked what features you want to install, you will see a checklist like the one in the following figure. Note that **Windows Performance Toolkit** and **Windows Assessment Toolkit** should be unchecked, as they are not needed to run the ICD.
@@ -138,7 +138,7 @@ This example will demonstrate how to create a provisioning package to install a
### Create a provisioning package for apps
-This example will demonstrate how to create a provisioning package to install offline-licensed apps purchased from the Windows Store for Business. For information on offline-licensed apps and what you need to download in order to install them, see [Distribute offline apps](http://go.microsoft.com/fwlink/?LinkId=718148).
+This example will demonstrate how to create a provisioning package to install offline-licensed apps purchased from the Windows Store for Business. For information on offline-licensed apps and what you need to download in order to install them, see [Distribute offline apps](https://go.microsoft.com/fwlink/?LinkId=718148).
For each app you want to install on Surface Hubs, you'll need to download:
diff --git a/devices/surface-hub/surface-hub-administrators-guide.md b/devices/surface-hub/surface-hub-administrators-guide.md
index 6b08e5cb6f..275dd6a33b 100644
--- a/devices/surface-hub/surface-hub-administrators-guide.md
+++ b/devices/surface-hub/surface-hub-administrators-guide.md
@@ -39,7 +39,7 @@ Before you power on Microsoft Surface Hub for the first time, make sure you've [
[Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md) The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box. The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box. [Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md) [Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920) [DHCP Deployment Guide](http://go.microsoft.com/fwlink/p/?LinkId=734021) [Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920) [DHCP Deployment Guide](https://go.microsoft.com/fwlink/p/?LinkId=734021) [Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920) [Deploying Domain Name System (DNS)](http://go.microsoft.com/fwlink/p/?LinkId=734022) [Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920) [Deploying Domain Name System (DNS)](https://go.microsoft.com/fwlink/p/?LinkId=734022) [Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920) [Active Directory Domain Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=733909) [Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920) [Active Directory Domain Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=733909) [Azure Active Directory documentation](http://go.microsoft.com/fwlink/p/?LinkId=690258) [Manage and support Azure Active Directory Premium](http://go.microsoft.com/fwlink/p/?LinkId=690259) [Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](http://go.microsoft.com/fwlink/p/?LinkId=690260) [Azure Active Directory documentation](https://go.microsoft.com/fwlink/p/?LinkId=690258) [Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259) [Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](https://go.microsoft.com/fwlink/p/?LinkId=690260) [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918) [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911) [Step-By-Step: Building Windows 10 Provisioning Packages](http://go.microsoft.com/fwlink/p/?LinkId=690261) [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918) [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911) [Step-By-Step: Building Windows 10 Provisioning Packages](https://go.microsoft.com/fwlink/p/?LinkId=690261) [Core Network Companion Guide: Group Policy Deployment](http://go.microsoft.com/fwlink/p/?LinkId=733915) [Deploying Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=734024) [Core Network Companion Guide: Group Policy Deployment](https://go.microsoft.com/fwlink/p/?LinkId=733915) [Deploying Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=734024) [Site Administration for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733914) [Deploying Clients for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733919) [Site Administration for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733914) [Deploying Clients for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733919) [Set up and manage devices with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=690262) [Smoother Management Of Office 365 Deployments with Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690263) [System Center 2012 R2 Configuration Manager & Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690264) [Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262) [Smoother Management Of Office 365 Deployments with Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690263) [System Center 2012 R2 Configuration Manager & Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690264) [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324) [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265) [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324) [Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265) [Editing an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=734025) [Group Policy Software Deployment Background](http://go.microsoft.com/fwlink/p/?LinkId=734026) [Assigning and Publishing Software](http://go.microsoft.com/fwlink/p/?LinkId=734027) [Editing an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=734025) [Group Policy Software Deployment Background](https://go.microsoft.com/fwlink/p/?LinkId=734026) [Assigning and Publishing Software](https://go.microsoft.com/fwlink/p/?LinkId=734027) [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733917) [Application Management in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733907) [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733917) [Application Management in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733907) [Deploy apps to mobile devices in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733913) [Manage apps with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733910) [Deploy apps to mobile devices in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733913) [Manage apps with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733910) MDOP Videos For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](http://go.microsoft.com/fwlink/?LinkId=234275) (http://go.microsoft.com/fwlink/?LinkId=234275). For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/?LinkId=234275) (https://go.microsoft.com/fwlink/?LinkId=234275). MDOP Virtual Labs For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](http://go.microsoft.com/fwlink/?LinkId=234276) (http://go.microsoft.com/fwlink/?LinkId=234276). For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/?LinkId=234276) (https://go.microsoft.com/fwlink/?LinkId=234276). MDOP TechCenter For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](http://go.microsoft.com/fwlink/?LinkId=225286) (http://go.microsoft.com/fwlink/?LinkId=225286) For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/?LinkId=225286) (https://go.microsoft.com/fwlink/?LinkId=225286) If set to a value of 1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, and SWIUSERDATA. For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([http://go.microsoft.com/fwlink/?LinkId=122939](http://go.microsoft.com/fwlink/?LinkId=122939)). For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([https://go.microsoft.com/fwlink/?LinkId=122939](https://go.microsoft.com/fwlink/?LinkId=122939)). Add-on or Plug-in Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkId=203804) (http://go.microsoft.com/fwlink/?LinkId=203804). Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804). [How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)](how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md) Middleware Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkId=203804) (http://go.microsoft.com/fwlink/?LinkId=203804). Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804). [How to Sequence a New Middleware Application (App-V 4.6 SP1)](how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md) (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784) This prerequisite is only required if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later. [The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (http://go.microsoft.com/fwlink/?LinkId=26999) [The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999) [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638) Download and install [KB2533623](http://go.microsoft.com/fwlink/?LinkId=286102 ) (http://go.microsoft.com/fwlink/?LinkId=286102) Download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102) [Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784) This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later. [The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (http://go.microsoft.com/fwlink/?LinkId=26999) [The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999) [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638) Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623) For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](http://go.microsoft.com/fwlink/?LinkId=286102 ) (http://go.microsoft.com/fwlink/?LinkId=286102) For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](http://www.microsoft.com/download/details.aspx?id=13523) (http://www.microsoft.com/download/details.aspx?id=13523) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110) (http://go.microsoft.com/fwlink/?LinkId=267110) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110) (https://go.microsoft.com/fwlink/?LinkId=267110) 64-bit ASP.NET registration The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management server. [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110) The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database. Custom App-V 5.0 database name (if applicable) – you must specify a unique database name. The default value for the management database is AppVManagement. App-V 5.0 management server location – specifies the machine account on which the management server is deployed. This should be specified in the following format Domain\MachineAccount. App-V 5.0 management server installation administrator - specifies the account that will be used to install the App-V 5.0 management server. You should use the following format: Domain\AdministratorLoginName. Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](http://go.microsoft.com/fwlink/?LinkId=273725) (http://go.microsoft.com/fwlink/?LinkId=273725). Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](https://go.microsoft.com/fwlink/?LinkId=273725) (https://go.microsoft.com/fwlink/?LinkId=273725). Reporting Server [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110) To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy. [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110) The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database. Publishing Server [Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110) [Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110) Windows Web Server with the IIS role with the following features: Common HTTP Features (static content and default document), Application Development (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), Security (Windows Authentication, Request Filtering), Security (Windows Authentication, Request Filtering), Management Tools (IIS Management Console) 64-bit ASP.NET registration Active X Controls: For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361). For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361). Active X Controls: For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361). For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361). Active X Controls: For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361). For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361). Groove.SiteClient Active X Controls: For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361). For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361). Groove.SiteClient (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. Windows Debugging Tools for your platform Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934). Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934). Optional: Windows symbols files for use with Crash Analyzer (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. Windows Debugging Tools for your platform Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934). Required when you run the Crash Analyzer to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934). Optional: Defender definitions AGPM 4.0 - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2 AGPM 3.0- Windows Vista SP1, Windows Server 2008 AGPM 2.5 - Windows Vista, Windows Server 2003 [Overview of Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/p/?LinkId=232980)(http://go.microsoft.com/fwlink/p/?LinkId=232980) [Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=232980)(https://go.microsoft.com/fwlink/p/?LinkId=232980) [AGPM 4.0 SP3](https://technet.microsoft.com/library/mt346468.aspx) (https://technet.microsoft.com/library/mt346468.aspx) [AGPM 4.0 SP2](http://go.microsoft.com/fwlink/p/?LinkId=325035) (http://go.microsoft.com/fwlink/p/?LinkId=325035) [AGPM 4.0 SP1](http://go.microsoft.com/fwlink/p/?LinkId=286715) (http://go.microsoft.com/fwlink/p/?LinkId=286715) [AGPM 4.0](http://go.microsoft.com/fwlink/p/?LinkId=232964) (http://go.microsoft.com/fwlink/p/?LinkId=232964) [AGPM 3.0](http://go.microsoft.com/fwlink/p/?LinkId=232967) (http://go.microsoft.com/fwlink/p/?LinkId=232967) [AGPM 2.5](http://go.microsoft.com/fwlink/p/?LinkId=232969) (http://go.microsoft.com/fwlink/p/?LinkId=232969) [AGPM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232275) (http://go.microsoft.com/fwlink/p/?LinkId=232275) [AGPM 4.0 SP2](https://go.microsoft.com/fwlink/p/?LinkId=325035) (https://go.microsoft.com/fwlink/p/?LinkId=325035) [AGPM 4.0 SP1](https://go.microsoft.com/fwlink/p/?LinkId=286715) (https://go.microsoft.com/fwlink/p/?LinkId=286715) [AGPM 4.0](https://go.microsoft.com/fwlink/p/?LinkId=232964) (https://go.microsoft.com/fwlink/p/?LinkId=232964) [AGPM 3.0](https://go.microsoft.com/fwlink/p/?LinkId=232967) (https://go.microsoft.com/fwlink/p/?LinkId=232967) [AGPM 2.5](https://go.microsoft.com/fwlink/p/?LinkId=232969) (https://go.microsoft.com/fwlink/p/?LinkId=232969) [AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275) (https://go.microsoft.com/fwlink/p/?LinkId=232275) Microsoft Application Virtualization (App-V) lets you make applications available to end user computers without installing the applications directly on those computers. [About Microsoft Application Virtualization 4.6 SP1](appv-v4/about-microsoft-application-virtualization-46-sp1.md) [About Microsoft Application Virtualization 4.6](appv-v4/about-microsoft-application-virtualization-46.md) [About Microsoft Application Virtualization 4.5](appv-v4/about-microsoft-application-virtualization-45.md) [SoftGrid](http://go.microsoft.com/fwlink/p/?LinkId=232981) (http://go.microsoft.com/fwlink/p/?LinkId=232981) [App-V Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231902) (http://go.microsoft.com/fwlink/p/?LinkId=231902) [App-V 5.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309570) (http://go.microsoft.com/fwlink/p/?LinkId=309570) [SoftGrid](https://go.microsoft.com/fwlink/p/?LinkId=232981) (https://go.microsoft.com/fwlink/p/?LinkId=232981) [App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902) (https://go.microsoft.com/fwlink/p/?LinkId=231902) [App-V 5.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309570) (https://go.microsoft.com/fwlink/p/?LinkId=309570) Microsoft BitLocker Administration and Monitoring (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption. [Microsoft BitLocker Administration and Monitoring 2.5](mbam-v25/index.md) [MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](http://go.microsoft.com/fwlink/?LinkId=518206) (http://go.microsoft.com/fwlink/?LinkId=518206) [MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) (https://go.microsoft.com/fwlink/?LinkId=518206) [About MBAM 2.5 SP1](mbam-v25/about-mbam-25-sp1.md) [About MBAM 2.0 SP1](mbam-v2/about-mbam-20-sp1.md) [Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](mbam-v2/index.md) [Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](mbam-v1/index.md) [MBAM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231905) (http://go.microsoft.com/fwlink/p/?LinkId=231905) [MBAM 1.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309571) (http://go.microsoft.com/fwlink/p/?LinkId=309571) [MBAM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231905) (https://go.microsoft.com/fwlink/p/?LinkId=231905) [MBAM 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309571) (https://go.microsoft.com/fwlink/p/?LinkId=309571) Microsoft Diagnostics and Recovery Toolset (DaRT) helps troubleshoot and repair Windows-based computers. [About DaRT 8.0 SP1](dart-v8/about-dart-80-sp1.md) [Diagnostics and Recovery Toolset 8 Administrator's Guide](dart-v8/index.md) [Diagnostics and Recovery Toolset 7 Administrator's Guide](dart-v7/index.md) [DaRT 6.5](http://go.microsoft.com/fwlink/p/?LinkId=232983) (http://go.microsoft.com/fwlink/p/?LinkId=232983) [DaRT Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232274) (http://go.microsoft.com/fwlink/p/?LinkId=232274) [DaRT 8.0 eBook](http://go.microsoft.com/fwlink/p/?LinkId=309573) (http://go.microsoft.com/fwlink/p/?LinkId=309573) [DaRT 7.0 eBook](http://go.microsoft.com/fwlink/p/?LinkId=309572) (http://go.microsoft.com/fwlink/p/?LinkId=309572) [DaRT 6.5](https://go.microsoft.com/fwlink/p/?LinkId=232983) (https://go.microsoft.com/fwlink/p/?LinkId=232983) [DaRT Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232274) (https://go.microsoft.com/fwlink/p/?LinkId=232274) [DaRT 8.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309573) (https://go.microsoft.com/fwlink/p/?LinkId=309573) [DaRT 7.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309572) (https://go.microsoft.com/fwlink/p/?LinkId=309572) Microsoft Desktop Enterprise Monitoring (DEM) monitors and reports enterprise-wide desktop application and system failures. [DEM 3.5](http://go.microsoft.com/fwlink/p/?LinkId=232985) (http://go.microsoft.com/fwlink/p/?LinkId=232985) [DEM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232276) (http://go.microsoft.com/fwlink/p/?LinkId=232276) [DEM 3.5](https://go.microsoft.com/fwlink/p/?LinkId=232985) (https://go.microsoft.com/fwlink/p/?LinkId=232985) [DEM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232276) (https://go.microsoft.com/fwlink/p/?LinkId=232276) Microsoft Enterprise Desktop Virtualization (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. [Microsoft Enterprise Desktop Virtualization 2.0](medv-v2/index.md) [About MED-V 1.0 SP1](medv-v1/about-med-v-10-sp1.md) [Microsoft Enterprise Desktop Virtualization 1.0](medv-v1/index.md) [MED-V Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231903) (http://go.microsoft.com/fwlink/p/?LinkId=231903) [MED-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231903) (https://go.microsoft.com/fwlink/p/?LinkId=231903) Microsoft User Experience Virtualization (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions. [What's New in UE-V 2.0](uev-v2/whats-new-in-ue-v-20-new-uevv2.md) [About User Experience Virtualization 1.0 SP1](uev-v1/about-user-experience-virtualization-10-sp1.md) [Microsoft User Experience Virtualization (UE-V) 1.0](uev-v1/index.md) [UE-V 1.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309574) (http://go.microsoft.com/fwlink/p/?LinkId=309574) [UE-V 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309574) (https://go.microsoft.com/fwlink/p/?LinkId=309574) [MDOP Solutions and Scenarios](solutions/index.md) MDOP Videos For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](http://go.microsoft.com/fwlink/p/?LinkId=234275) (http://go.microsoft.com/fwlink/p/?LinkId=234275). For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/p/?LinkId=234275) (https://go.microsoft.com/fwlink/p/?LinkId=234275). MDOP Virtual Labs For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](http://go.microsoft.com/fwlink/p/?LinkId=234276) (http://go.microsoft.com/fwlink/p/?LinkId=234276). For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/p/?LinkId=234276) (https://go.microsoft.com/fwlink/p/?LinkId=234276). MDOP TechCenter For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=225286) (http://go.microsoft.com/fwlink/p/?LinkId=225286) For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=225286) (https://go.microsoft.com/fwlink/p/?LinkId=225286) MDOP Forums Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](http://go.microsoft.com/fwlink/p/?LinkId=286973) (http://go.microsoft.com/fwlink/p/?LinkId=286973). Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](https://go.microsoft.com/fwlink/p/?LinkId=286973) (https://go.microsoft.com/fwlink/p/?LinkId=286973). (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. [MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md) [Database Encryption in SQL Server 2008 Enterprise Edition](http://go.microsoft.com/fwlink/?LinkId=269703) [Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703) (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. ASP.NET MVC 2.0 [ASP.NET MVC 2 download](http://go.microsoft.com/fwlink/?LinkId=392270) [ASP.NET MVC 2 download](https://go.microsoft.com/fwlink/?LinkId=392270) Web Service IIS Management Tools For more information, see the BIOS documentation. Windows 8 clients only: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](http://go.microsoft.com/fwlink/?LinkId=286468). Windows 8 clients only: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468). TPM auto-provisioning must be turned off. MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](http://go.microsoft.com/fwlink/?LinkId=286468). To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468). Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware. Enable the Hardware Inventory Client Agent on the Configuration Manager Server. For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](http://go.microsoft.com/fwlink/?LinkId=301656). For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301685). For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656). For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685). Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using. For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](http://go.microsoft.com/fwlink/?LinkId=301686). For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301687). For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686). For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687). Define a reporting services point in Configuration Manager. Required for SQL Reporting Services. For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](http://go.microsoft.com/fwlink/?LinkId=301688). For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301689). For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688). For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689). On TechNet as webpages http://go.microsoft.com/fwlink/?LinkId=393498 https://go.microsoft.com/fwlink/?LinkId=393498 On the Download Center as a Word .docx file http://go.microsoft.com/fwlink/?LinkId=393497 https://go.microsoft.com/fwlink/?LinkId=393497 On the Download Center as a .pdf file http://go.microsoft.com/fwlink/?LinkId=393499 https://go.microsoft.com/fwlink/?LinkId=393499 (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites mentioned here. On TechNet as webpages http://go.microsoft.com/fwlink/?LinkId=393498 https://go.microsoft.com/fwlink/?LinkId=393498 On the Download Center as a Word .docx file http://go.microsoft.com/fwlink/?LinkId=393497 https://go.microsoft.com/fwlink/?LinkId=393497 On the Download Center as a .pdf file http://go.microsoft.com/fwlink/?LinkId=393499 https://go.microsoft.com/fwlink/?LinkId=393499 This user account must be a part of the local administrators group or the Backup Operators group to register the MBAM Volume Shadow Copy Service (VSS) Writer. By default, the database administrator or system administrator has the required "create any database" permissions. For more information about VSS Writer, see [Volume Shadow Copy Service](http://go.microsoft.com/fwlink/?LinkId=392814). For more information about VSS Writer, see [Volume Shadow Copy Service](https://go.microsoft.com/fwlink/?LinkId=392814). For the System Center Configuration Manager Integration feature only: Ensure that the MBAM 2.5 Server software has been installed on the remote computer. Use the Credential Security Support Provider (CredSSP) Protocol to open the Windows PowerShell session. Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the New-PSSession cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](http://go.microsoft.com/fwlink/?LinkId=393064). Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the New-PSSession cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](https://go.microsoft.com/fwlink/?LinkId=393064). Use the To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](http://go.microsoft.com/fwlink/?LinkId=393567) command before using it. To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567) command before using it. .NET Framework 4.5 Windows Server 2012 or Windows Server 2012 R2 - .NET Framework 4.5 is already installed for these versions of Windows Server, but you must enable it. Windows Server 2008 R2 - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](http://go.microsoft.com/fwlink/?LinkId=392318) and install it separately. Windows Server 2008 R2 - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](https://go.microsoft.com/fwlink/?LinkId=392318) and install it separately. If you are upgrading from MBAM 2.0 or MBAM 2.0 SP1 and need to install .NET Framework 4.5, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) for an additional required step to make the websites work. ASP.NET MVC 4.0 [ASP.NET MVC 4 download](http://go.microsoft.com/fwlink/?LinkId=392271) [ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271) Web Service IIS Management Tools Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption. Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption. Before installing the MBAM Client, do the following: (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here. (609) 987-8116 [http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239) [http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239) Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here. Everyone No permissions Security group of UE-V Full control Creator/Owner No permissions No permissions Domain Admins Full control This folder, subfolders, and files Security group of UE-V users List folder/read data, create folders/append data This folder only Everyone Remove all permissions No permissions Everyone No permissions Domain computers Read permission Levels Administrators Read/write permission levels Creator/Owner Full control This folder, subfolders, and files Domain Computers List folder contents and Read permissions This folder, subfolders, and files Everyone No permissions No permissions Administrators Full Control This folder, subfolders, and files
+- Follow the steps in the "To build an image for Windows 10 Mobile or Windows 10 IoT Core (IoT Core)" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).
The provisioning package is placed in the FFU image and is flashed or sector written to the device. During device setup time, the provisioning engine starts and consumes the packages.
## Learn more
-- [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+- [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
-- [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+- [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-- [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+- [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
## Related topics
- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-architecture.md b/windows/deploy/upgrade-analytics-architecture.md
index bdd9d88b62..cd153c1420 100644
--- a/windows/deploy/upgrade-analytics-architecture.md
+++ b/windows/deploy/upgrade-analytics-architecture.md
@@ -23,7 +23,7 @@ For more information about what telemetry data Microsoft collects and how that d
[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](http://go.microsoft.com/fwlink/?LinkID=822965)
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
##**Related topics**
diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md
index 3e691ab5e1..d80f83c9d3 100644
--- a/windows/deploy/upgrade-analytics-get-started.md
+++ b/windows/deploy/upgrade-analytics-get-started.md
@@ -15,7 +15,7 @@ For system, application, and driver data to be shared with Microsoft, you must c
- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](http://go.microsoft.com/fwlink/?LinkID=822965)
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
This topic explains how to obtain and set up Upgrade Analytics components. If you haven’t done so already, see [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements) for information about requirements for using Upgrade Analytics.
@@ -37,7 +37,7 @@ If you are already using OMS, you’ll find Upgrade Analytics in the Solutions G
If you are not using OMS:
-1. Go to the [Upgrade Analytics page on Microsoft.com](http://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
+1. Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
@@ -85,7 +85,7 @@ Note: The compatibility update KB runs under the computer’s system account and
|---------------------------------------------------------|-----------|
| `https://v10.vortex-win.data.microsoft.com/collect/v1` | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint. |
| `https://settings-win.data.microsoft.com/settings` | Enables the compatibility update KB to send data to Microsoft. |
-| `http://go.microsoft.com/fwlink/?LinkID=544713` urlid Yes UrlID is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](http://go.microsoft.com/fwlink/p/?LinkId=220938). UrlID is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](https://go.microsoft.com/fwlink/p/?LinkId=220938). Name After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.|
@@ -423,7 +423,7 @@ There are no default locations included with WIP, you must add each of your netw
After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
- For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+ For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
### Choose your optional WIP-related settings
After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
index 3fcee10aba..c66c433c22 100644
--- a/windows/keep-secure/create-wip-policy-using-sccm.md
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -92,7 +92,7 @@ If you don't know the publisher or product name, you can find them for both desk
**To find the Publisher and Product Name values for Store apps without installing them**
-1. Go to the [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
+1. Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
>**Note** After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.|
@@ -446,7 +446,7 @@ There are no default locations included with WIP, you must add each of your netw
After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
- For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+ For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
### Choose your optional WIP-related settings
After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
@@ -495,11 +495,11 @@ After you've finished configuring your policy, you can review all of your info o
## Deploy the WIP policy
After you’ve created your WIP policy, you'll need to deploy it to your organization's devices. For info about your deployment options, see these topics:
-- [Operations and Maintenance for Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=708224)
-- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( http://go.microsoft.com/fwlink/p/?LinkId=708225)
-- [How to Deploy Configuration Baselines in Configuration Manager]( http://go.microsoft.com/fwlink/p/?LinkId=708226)
+- [Operations and Maintenance for Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=708224)
+- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708225)
+- [How to Deploy Configuration Baselines in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708226)
## Related topics
-- [System Center Configuration Manager and Endpoint Protection (Version 1606)](http://go.microsoft.com/fwlink/p/?LinkId=717372)
-- [TechNet documentation for Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=691623)
-- [Manage mobile devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=691624)
\ No newline at end of file
+- [System Center Configuration Manager and Endpoint Protection (Version 1606)](https://go.microsoft.com/fwlink/p/?LinkId=717372)
+- [TechNet documentation for Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=691623)
+- [Manage mobile devices with Configuration Manager and Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=691624)
\ No newline at end of file
diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index dda79a977f..16ffd75334 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -15,7 +15,7 @@ author: brianlic-msft
- Windows 10
- Windows Server 2016
-Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
+Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
Credential Guard offers the following features and solutions:
@@ -91,7 +91,7 @@ The PC must meet the following hardware and software requirements to use Credent
Virtual machine For PCs running Windows 10, version 1607, you can run Credential Guard on a Generation 2 virtual machine. For PCs running Windows 10, version 1607 or Windows Server 2016, you can run Credential Guard on a Generation 2 virtual machine. Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](http://go.microsoft.com/fwlink/p/?LinkId=626933). Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](https://go.microsoft.com/fwlink/p/?LinkId=626933). Azure AD subscription Intune After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives. **Note** To troubleshoot this event:
If this event persists: Or, Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Or, Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. To troubleshoot this event:
Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. User action: The real-time protection feature has restarted. If this event happens again, contact Microsoft Technical Support. The real-time protection feature has restarted. If this event happens again, contact Microsoft Technical Support. To troubleshoot this event:
Or, Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Or, Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions. Note: The size of the definitions file downloaded from the Microsoft Malware Protection Center can exceed 60 MB and should not be used as a long-term solution for updating definitions.
For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
4. After the database file propagates to the server, the DNS name, `wpad.
Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `http://wpad.
Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Windows Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](http://go.microsoft.com/fwlink/p/?LinkId=401545).
+You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.
Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Windows Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
To get the best results while using roaming profiles, we strongly recommend the following:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index da141bbcc1..cf90d5c6b3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -17,13 +17,13 @@ Before you install Internet Explorer 11, you should:
- **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
-- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](http://go.microsoft.com/fwlink/p/?LinkId=214251) site.
+- **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
- **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
- - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](http://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](http://go.microsoft.com/fwlink/p/?linkid=276667).
+ - **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://go.microsoft.com/fwlink/p/?linkid=276667).
- - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](http://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](http://go.microsoft.com/fwlink/p/?LinkId=276669).
+ - **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index ab5a60cbce..22d411f58d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -24,7 +24,7 @@ Before you start, you need to make sure you have the following:
- Latest cumulative security update (for all supported versions of Internet Explorer):
- 1. Go to the [Microsoft Security Bulletin](http://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
+ 1. Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.

@@ -34,7 +34,7 @@ Before you start, you need to make sure you have the following:
3. Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
-- [Setup and configuration package](http://go.microsoft.com/fwlink/p/?LinkId=517719), including:
+- [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
- Configuration-related PowerShell scripts
@@ -138,7 +138,7 @@ You need to set up your computers for data collection by running the provided Po
**To set up Enterprise Site Discovery**
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
@@ -465,7 +465,7 @@ You can completely remove the data stored on your employee’s computers.
- `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](http://go.microsoft.com/fwlink/?LinkId=746562)
+* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
* [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index 59d5f7b349..7a8162ee05 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -28,7 +28,7 @@ In addition, you can configure IE before, during, or after deployment, using the
- **Group Policy**. Configures and enforces IE11 settings. For more information about settings and configuration options, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
- **Unattend.xml**. Customizes some of the IE settings during your Windows installation. This option only applies if you're updating a Windows image with IE11.
-You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkId=276788). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=276789).
+You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkId=276788). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=276789).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 16af47ddd2..360620938d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -34,8 +34,8 @@ If you delete a site by mistake, you’ll need to manually add it back using the
- [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index cc8ef4ae26..6654729ec6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -13,13 +13,13 @@ ms.sitesec: library
# Deploy Internet Explorer 11 using software distribution tools
If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
-- **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=276664).
+- **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664).
-- **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790).
+- **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
-- **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](http://go.microsoft.com/fwlink/p/?LinkId=296365).
+- **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](https://go.microsoft.com/fwlink/p/?LinkId=296365).
-- **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkID=331148).
+- **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkID=331148).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index bfea483922..affd42d162 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -22,10 +22,10 @@ ms.sitesec: library
You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.
-The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=398474).
+The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=398474).
## Deploying pinned websites in MDT 2013
-This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=398475) in the TechNet library.
+This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=398475) in the TechNet library.
Deploying pinned websites in MDT 2013 is a 4-step process:
@@ -101,13 +101,13 @@ With the .website files ready to copy to the **Public Links** folder on target c
## Updating intranet websites for pinning
The MDT 2013 deployment share and task sequences are now ready to pin websites to the taskbar during deployment. This pinning feature can include intranet sites important in your organization.
-You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](http://go.microsoft.com/fwlink/p/?LinkId=398484) on MSDN. For more ideas about what to pin, see [Add-ons](http://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
+You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](https://go.microsoft.com/fwlink/p/?LinkId=398484) on MSDN. For more ideas about what to pin, see [Add-ons](https://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
## Related topics
-- [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkId=276788)
-- [Windows System Image Manager Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=276789)
-- [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=331148)
-- [Windows ADK Overview](http://go.microsoft.com/fwlink/p/?LinkId=276669)
+- [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkId=276788)
+- [Windows System Image Manager Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=276789)
+- [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148)
+- [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 4b0660cb93..0be45f20c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -26,7 +26,7 @@ Windows Internet Explorer 8 introduced document modes as a way to move from the
This means that while Internet Explorer 11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.
**Note**
-For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](http://go.microsoft.com/fwlink/p/?LinkId=615953).
+For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953).
## What is document mode?
Each release after Internet Explorer 8 has helped with the transition by introducing additional document modes that emulated previously supported versions, while also introducing support for features defined by industry standards. During this time, numerous websites and apps were updated to the latest and greatest industry standards, while many other sites and apps continued to simply rely on document modes to work properly.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 602456e9d1..7ebacccb8b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -38,8 +38,8 @@ If your change passes validation, it’s added to the global site list. If the u
You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index 0e467ceb7e..971612c41b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -16,7 +16,7 @@ Enhanced Protected Mode further restricts Protected Mode to deny potential attac
You can use your company’s Group Policy to turn Enhanced Protected Mode on or off for all users. For more information, see the [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md) information in this guide.
-For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=282662) and the [Enhanced Protected Mode and Local Files](http://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
+For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=282662) and the [Enhanced Protected Mode and Local Files](https://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 0e139e5c9e..b45f274bcc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -34,8 +34,8 @@ This file is not intended for distribution to your managed devices. Instead, it
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 7fec74ed4e..94e5e4a1da 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -18,7 +18,7 @@ The Internet Explorer 11 Enterprise Mode site list lets you specify document mo
Enterprises can have critical apps that are coded explicitly for a specific browser version and that might not be in their direct control, making it very difficult and expensive to update to modern standards or newer browser versions. Because you can decide which URLs should open using specific document modes, this update helps ensure better compatibility, faster upgrades, and reduced testing and fixing costs.
## How does this fix work?
-You can continue to use your legacy and orphaned web apps, by specifying a document mode in the centralized Enterprise Mode site list. Then, when IE11 goes to a site on your list, the browser loads the page in the specified document mode just as it would if it were specified through an X-UA-Compatible meta tag on the site. For more information about document modes and X-UA-compatible headers, see [Defining document compatibility](http://go.microsoft.com/fwlink/p/?LinkId=518412).
+You can continue to use your legacy and orphaned web apps, by specifying a document mode in the centralized Enterprise Mode site list. Then, when IE11 goes to a site on your list, the browser loads the page in the specified document mode just as it would if it were specified through an X-UA-Compatible meta tag on the site. For more information about document modes and X-UA-compatible headers, see [Defining document compatibility](https://go.microsoft.com/fwlink/p/?LinkId=518412).
**Important**
Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual.
@@ -40,7 +40,7 @@ To see if this fix might help you, run through this process one step at a time,

2. Starting with the **11 (Default)** option, test your broken scenario.
-If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](http://go.microsoft.com/fwlink/p/?LinkId=518417).
+If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](https://go.microsoft.com/fwlink/p/?LinkId=518417).
3. If none of the document modes fix your issue, change the **Browser Profile** to **Enterprise**, pick the mode you want to test with starting with **8** (IE8 Enterprise Mode), and then test your broken scenario.
@@ -94,8 +94,8 @@ By default, IE11 uses the **Display intranet sites in Compatibility View** setti
To help you move forward, you can now use the Enterprise Mode site list to specify sites or web paths to use the IE7 document mode, which goes down to IE5 “Quirks” mode if the page doesn’t have an explicit `DOCTYPE` tag. Using this document mode effectively helps you provide the Compatibility View functionality for single sites or a group of sites, which after thorough testing, can help you turn off Compatibility View as the default setting for your intranet sites.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index bbe1126304..cb34e15ac9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -33,8 +33,8 @@ There are typically 3 types of errors you’ll see:
Another possibility is that redirection happens multiple times, with an intermediary site experiencing compatibility issues. For example, an employee types a short URL that then redirects multiple times, finally ending up on a non-intranet site. In this situation, you might want to add the intermediary URLs to your Enterprise Mode site list, in case there’s logic in one of them that has compatibility issues.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index c790100b59..3ae9e11aab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -29,7 +29,7 @@ From AGPM you can:
- **Manage your GPO lifecycle with change control features.** You can use the available version-control, history, and auditing features to help you manage your GPOs while moving through your archive, to your editing process, and finally to your GPO deployment.
**Note**
-For more information about AGPM, and to get the license, see [Microsoft Advanced Group Policy Management 4.0 SP1 Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=294916).
+For more information about AGPM, and to get the license, see [Microsoft Advanced Group Policy Management 4.0 SP1 Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=294916).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index f084039195..2a7f645030 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -31,10 +31,10 @@ The GPMC lets you:
- Create scriptable interfaces to support all of the operations available within the GPMC. You can't use scripts to edit individual policy settings in a GPO.
-For more information about the GPMC, see [Group Policy Management Console](http://go.microsoft.com/fwlink/p/?LinkId=214515) on TechNet.
+For more information about the GPMC, see [Group Policy Management Console](https://go.microsoft.com/fwlink/p/?LinkId=214515) on TechNet.
## Searching for Group Policy settings
-To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](http://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
+To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](https://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index 82b8c15411..4e9b26b3fc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -14,7 +14,7 @@ ms.sitesec: library
# Group Policy, the Local Group Policy Editor, and Internet Explorer 11
A Microsoft Management Console (MMC)-based tool that manages both computer and user-related configurations for an individual computer policy. This tool is included with Windows® 7 Service Pack 1 (SP1) and Windows 8.1.
-Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=294912).
+Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=294912).
|Computer configuration |User configuration |
|-----------------------|-------------------|
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index fe85ee8a60..37e54ed67e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -17,7 +17,7 @@ Group Policy, based on Microsoft Active Directory Domain Services (AD DS), lets
By using Group Policy, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple Internet Explorer 11 security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
**Note**
-For more information about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
+For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
## Managing settings with GPOs
After deploying IE11 to your organization, you can continue to manage the browser settings by using Active Directory Domain Services (AD DS) together with the following Group Policy-related setting management groups:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index 7a83784eb4..4d460e76ab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -24,7 +24,7 @@ Group Policy preferences are less strict than Group Policy settings, based on:
|Targeting and filtering |
|
|
-For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=279876).
+For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index eae262566b..037d8a5da7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -12,10 +12,10 @@ ms.sitesec: library
# Group Policy problems with Internet Explorer 11
-If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](http://go.microsoft.com/fwlink/p/?LinkId=279872).
+If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872).
## Group Policy Object-related Log Files
-You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](http://go.microsoft.com/fwlink/p/?LinkId=294917).
+You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](https://go.microsoft.com/fwlink/p/?LinkId=294917).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index c22a9b343e..a5c8385649 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -35,7 +35,7 @@ You can create and configure shortcuts for any domain-based Group Policy Object
5. Type the required shortcut settings and your comments into the **Description** box, and click **OK**.
-For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](http://go.microsoft.com/fwlink/p/?LinkId=214525) and [Configure a Shortcut Item](http://go.microsoft.com/fwlink/p/?LinkId=301837).
+For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](https://go.microsoft.com/fwlink/p/?LinkId=214525) and [Configure a Shortcut Item](https://go.microsoft.com/fwlink/p/?LinkId=301837).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index 3a4e3a12ec..c44db29784 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -24,7 +24,7 @@ Each cmdlet is a single-function command-line tool that can:
- Configure registry-based policy settings and registry settings for Group Policy preferences.
-For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=276828).
+For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=276828).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index d75450f2f7..a52315fec5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -35,8 +35,8 @@ Importing your file overwrites everything that’s currently in the tool, so mak
3. Review the alert message about all of your entries being overwritten. If you still want to import the file, click **Yes**.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 7b5cae11db..b1b9d3ce0b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -37,11 +37,11 @@ Because this content isn't intended to be a step-by-step guide, not all of the s
|[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
|[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |
|[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called out-of-date ActiveX control blocking. |
-|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](http://go.microsoft.com/fwlink/p/?LinkId=615953). |
+|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.
For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953). |
|[What is the Internet Explorer 11 Blocker Toolkit?](what-is-the-internet-explorer-11-blocker-toolkit.md) |The IE11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update. |
|[Missing Internet Explorer Maintenance (IEM) settings for Internet Explorer 11](missing-internet-explorer-maintenance-settings-for-ie11.md) |The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).
Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
@@ -100,7 +100,7 @@ reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVe
Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.
## Out-of-date ActiveX control blocking on managed devices
-Out-of-date ActiveX control blocking includes 4 new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
+Out-of-date ActiveX control blocking includes 4 new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
### Group Policy settings
Here’s a list of the new Group Policy info, including the settings, location, requirements, and Help text strings. All of these settings can be set in either the Computer Configuration or User Configuration scope, but Computer Configuration takes precedence over User Configuration.
@@ -156,7 +156,7 @@ Here’s a detailed example and description of what’s included in the VersionA
- **Allowed/Blocked** Whether IE blocked the ActiveX control.
-- **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=403865).
Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
+- **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=403865).
Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
- **Reason.** The ActiveX control can be blocked or allowed for any of these reasons:
@@ -176,7 +176,7 @@ Here’s a detailed example and description of what’s included in the VersionA
For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
#### Before you begin
-Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](http://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
+Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](https://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
- **ConfigureWMILogging.ps1**. A Windows PowerShell script.
@@ -192,7 +192,7 @@ Before running the PowerShell script, you must copy both the .ps1 and .mof file
```
powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
```
-For more info, see [about_Execution_Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
3. **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index 65ac8b88b0..544daf207b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -34,7 +34,7 @@ RIES does not:
- Affect the applied Administrative Template Group Policy settings.
-RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](http://go.microsoft.com/fwlink/p/?LinkId=214528).
+RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://go.microsoft.com/fwlink/p/?LinkId=214528).
## IE is crashing or seems slow
If you notice that CPU usage is running higher than normal, or that IE is frequently crashing or slowing down, you should check your browser add-ons and video card. By default, IE11 uses graphics processing unit (GPU) rendering mode. However, some outdated video cards and video drivers don't support GPU hardware acceleration. If IE11 determines that your current video card or video driver doesn't support GPU hardware acceleration, it'll use Software Rendering mode.
@@ -56,10 +56,10 @@ After you turn each item back on, see if IE crashes or slows down. Doing it this
1. Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
2. On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.
If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
@@ -84,7 +84,7 @@ For logging, you’re going to need a valid URL that points to a server that can
1. Set up a server to collect your Enterprise Mode information from your users.
-2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](http://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
+2. Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
3. Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
@@ -143,8 +143,8 @@ If you have errors while you’re publishing your project, you should try to upd
You may need to do some additional package cleanup to remove older package versions.
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [What is Enterprise Mode?](what-is-enterprise-mode.md)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
- [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 5725a55e97..752fb6e58a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -45,7 +45,7 @@ Some of the components in this table might also need additional system resources
You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
## Support for multiple languages
-IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](http://go.microsoft.com/fwlink/p/?LinkId=281818).
+IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](https://go.microsoft.com/fwlink/p/?LinkId=281818).
Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index b468dcd7ac..abdbbc4db2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -54,8 +54,8 @@ Turning this setting on also requires you to create and store a site list. For m
All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. For information about how to create and use an Enterprise Mode site list, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
- [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index e1ef9cf2e4..af1ea520b4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -36,7 +36,7 @@ Internet Explorer 11 includes several new features and tools. This topic includ
- **IE Administration Kit (IEAK).** Lets you create custom, branded versions of IE11. For more info and to download the tool, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
-- **Unattend Settings.** Lets you update the Unattend.xml file, to customize the home page, favorites, search providers, feeds, Accelerators, Web Slices, and settings for top result searches. For more info, see the [Unattend Settings: Microsoft-Windows-IE-InternetExplorer](http://go.microsoft.com/fwlink/p/?LinkId=263709).
+- **Unattend Settings.** Lets you update the Unattend.xml file, to customize the home page, favorites, search providers, feeds, Accelerators, Web Slices, and settings for top result searches. For more info, see the [Unattend Settings: Microsoft-Windows-IE-InternetExplorer](https://go.microsoft.com/fwlink/p/?LinkId=263709).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 3a69ea0490..06a50bf079 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -26,7 +26,7 @@ Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, lett
You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
+There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
|Operating system |Schema version |Enterprise Site List Manager version |
|-----------------|---------------|------------------------------------|
@@ -54,8 +54,8 @@ The following topics give you more information about the things that you can do
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
- [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index ebce77b430..2a51d2abad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -45,8 +45,8 @@ For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to
For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index 31a9c2207f..aeeb37ff4b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -11,7 +11,7 @@ ms.sitesec: library
# Using Setup Information (.inf) files to create install packages
-IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](http://go.microsoft.com/fwlink/p/?LinkId=327959).
+IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](https://go.microsoft.com/fwlink/p/?LinkId=327959).
 **To add uninstallation instructions to the .inf files**
@@ -29,9 +29,9 @@ Make sure your script removes the uninstallation registry key, too. Otherwise, t
- You can't delete directories.
-- You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](http://go.microsoft.com/fwlink/p/?LinkId=298508).
+- You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298508).
-- You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](http://go.microsoft.com/fwlink/p/?LinkId=298510).
+- You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298510).
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index 3ead82e3b6..bcf1dc7226 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -15,14 +15,14 @@ ms.sitesec: library
If your company is considering upgrading to the latest version of Internet Explorer, but is hesitant because of a large number of web apps that need to be tested and moved, we recommend that you consider virtualization. Virtualization lets you set up a virtual environment where you can run earlier versions of IE.
**Important**
-We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](http://go.microsoft.com/fwlink/p/?LinkId=279707) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
+We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](https://go.microsoft.com/fwlink/p/?LinkId=279707) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
The Microsoft-supported options for virtualizing web apps are:
-- **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](http://go.microsoft.com/fwlink/p/?LinkId=271653).
+- **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](https://go.microsoft.com/fwlink/p/?LinkId=271653).
-- **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](http://go.microsoft.com/fwlink/p/?LinkId=271654).
All centrally-made decisions override any locally-made choices.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index 28b690e5d6..5fb6495a74 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -24,11 +24,11 @@ ms.sitesec: library
The Internet Explorer 11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the **Automatic Updates** feature of Windows Update.
**Important**
-The IE11 Blocker Toolkit doesn't stop users from manually installing IE11 from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you've installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
+The IE11 Blocker Toolkit doesn't stop users from manually installing IE11 from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you've installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
 **To install the toolkit**
-1. Download the IE11 Blocker Toolkit from [Toolkit to Disable Automatic Delivery of Internet Explorer 11](http://go.microsoft.com/fwlink/p/?LinkId=327745).
+1. Download the IE11 Blocker Toolkit from [Toolkit to Disable Automatic Delivery of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=327745).
2. Accept the license agreement and store the included 4 files on your local computer.
@@ -41,7 +41,7 @@ Wait for the message, **Blocking deployment of IE11 on the local machine. The op
6. Close the Command Prompt.
-For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](http://go.microsoft.com/fwlink/p/?LinkId=314063).
+For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](https://go.microsoft.com/fwlink/p/?LinkId=314063).
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index f8a608179f..384f432713 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -32,7 +32,7 @@ Answering frequently asked questions about Internet Explorer 11 (IE11) features
IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
**Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**
-You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](http://go.microsoft.com/fwlink/p/?LinkId=290956).
+You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
**Q: How does IE11 integrate with Windows 8.1?**
IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
@@ -58,10 +58,10 @@ Supported web standards include:
- And mutation observers like DOM4 and 5.3
-For more information about specific changes and additions, see the [IE11 guide for developers](http://go.microsoft.com/fwlink/p/?LinkId=313188).
+For more information about specific changes and additions, see the [IE11 guide for developers](https://go.microsoft.com/fwlink/p/?LinkId=313188).
**Q: What test tools exist to test for potential application compatibility issues?**
-The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](http://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](http://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](http://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
+The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
**Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?
It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
@@ -70,10 +70,10 @@ It’s most likely because IE no longer starts apps that use managed browser hos
- **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
-For more information, see the [Web Applications](http://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
+For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
**Q: Is there a compatibility list for IE?**
-Yes. You can review the XML-based [compatibility version list](http://go.microsoft.com/fwlink/p/?LinkId=403864).
+Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
**Q: What is Enterprise Mode?**
Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.
-The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](http://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
+The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
**Q: Is Adobe Flash supported on IE11?**
Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.
Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
-- [Internet Explorer Administration Kit Information and Downloads](http://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
+- [Internet Explorer Administration Kit Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
**Q: Where can I get more information about IE11 for IT pros?**
-Visit the [Springboard Series for Microsoft Browsers](http://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
+Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
**Q: Is there a version of the Internet Explorer Blocker Toolkit that will prevent automatic installation of IE11?**
-Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](http://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
+Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
**Q: Can I customize settings for IE on Windows 8.1?**
Settings can be customized in the following ways:
@@ -145,7 +145,7 @@ Group Policy settings can be set to open either IE or Internet Explorer for the
|Always in Internet Explorer for the desktop |Links always open in Internet Explorer for the desktop. |
## Related topics
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index 54459ebc13..cf7ec51045 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -32,7 +32,7 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
 **To set up automatic detection for DHCP servers**
-- Open the [DHCP Administrative Tool](http://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](http://go.microsoft.com/fwlink/p/?LinkId=294649).
+- Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
http://www.microsoft.com/webproxy.pac
http://marketing/config.ins
@@ -48,7 +48,7 @@ For more detailed info about how to set up your DHCP server, see your server doc
`mailserver1 IN A 192.55.200.51`
For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](http://go.microsoft.com/fwlink/p/?LinkId=294651).
+**Note**
For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651).
2. After the database file propagates to the server, the DNS name, `wpad.
You should sign any custom code that’s being downloaded over the Internet. The default settings of Internet Explorer 11 will automatically reject any unsigned code. For more info about digitally signing custom components, see [Security features and IEAK 11](security-and-ieak11.md).
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index 7bb21bf9bd..ba2b7e4076 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -11,7 +11,7 @@ ms.sitesec: library
# Customize Automatic Search for Internet Explorer using IEAK 11
-Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](http://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
+Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](https://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
Using the **Administrative Templates** section of Group Policy, you can prevent the search box from appearing, you can add a list of acceptable search providers, or you can restrict your employee’s ability to add or remove search providers.
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index 249c01e34c..13fff054c3 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -31,7 +31,7 @@ These command-line options work with IExpress:
|`/r:a` |Always restarts the computer after installation. |
|`/r:s` |Restarts the computer after installation without prompting the employee. |
-For more information, see [Command-line switches for IExpress software update packages](http://go.microsoft.com/fwlink/p/?LinkId=317973).
+For more information, see [Command-line switches for IExpress software update packages](https://go.microsoft.com/fwlink/p/?LinkId=317973).
## Related topics
- [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
index de8d960649..b0c1e0c9fe 100644
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@@ -33,5 +33,5 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
## Related topics
- [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index e1c2731a4b..0760b36184 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -11,7 +11,7 @@ ms.sitesec: library
# Using the Resultant Set of Policy (RSoP) snap-in to review policy settings
-After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](http://go.microsoft.com/fwlink/p/?LinkId=259479).
+After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](https://go.microsoft.com/fwlink/p/?LinkId=259479).
 **To add the RSoP snap-in**
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index 1464b71931..61e6caf344 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -30,21 +30,21 @@ Because of this, the custom .cab files created by the Internet Explorer Customiz
### Understanding digital certificates
To sign your package and custom programs digitally, you must first obtain a digital certificate. You can obtain a certificate from a certification authority or a privately-controlled certificate server. For more info about obtaining certificates or setting up a certificate server, see the following:
-- Microsoft-trusted certification authorities ([Windows root certificate program requirements](http://go.microsoft.com/fwlink/p/?LinkId=759697)).
+- Microsoft-trusted certification authorities ([Windows root certificate program requirements](https://go.microsoft.com/fwlink/p/?LinkId=759697)).
-- Certificates overview documentation ([Certificates](http://go.microsoft.com/fwlink/p/?LinkId=759698)).
+- Certificates overview documentation ([Certificates](https://go.microsoft.com/fwlink/p/?LinkId=759698)).
-- Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](http://go.microsoft.com/fwlink/p/?LinkId=259521)).
+- Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](https://go.microsoft.com/fwlink/p/?LinkId=259521)).
-- Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](http://go.microsoft.com/fwlink/p/?LinkId=259526)).
+- Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](https://go.microsoft.com/fwlink/p/?LinkId=259526)).
After you get a certificate, you should note the public and private keys, which are a matched set of keys that are created by the software publisher for encryption and decryption. They are generated on your device at the time the certificate is requested, and your private key is never sent to the certification authority or any other party.
### Understanding code signing
Code signing varies, depening on how you plan to distribute your custom install package.
-- **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](http://go.microsoft.com/fwlink/p/?LinkId=71298)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](http://go.microsoft.com/fwlink/p/?LinkId=71299)). You should read the documentation included with these tools for more info about all of the signing options.
-
+
diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
index 7a4c04dabc..7b231f3562 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
@@ -21,7 +21,7 @@ To address more granular control over the security of Surface devices, the v3.11
## Manually install the UEFI update
-Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030).
+Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( https://go.microsoft.com/fwlink/p/?LinkID=618030).
To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
@@ -49,13 +49,13 @@ After the v3.11.760.0 UEFI update is installed on a Surface device, an additiona
## Automate additional security settings
-As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](http://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script.
+As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](https://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script.
**Prerequisites**
- The sample scripts below leverage the previously mentioned extension and therefore assume that the tool has been installed on the device being managed.
- The scripts must be run with administrative privilege.
-- The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](http://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed.
+- The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](https://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed.
**Sample scripts**
diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md
index 9160b9b3f5..8532617b50 100644
--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@@ -22,9 +22,9 @@ It is common practice in a Windows deployment to customize the user experience f
In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.
-This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](http://go.microsoft.com/fwlink/p/?LinkID=618042).
+This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://go.microsoft.com/fwlink/p/?LinkID=618042).
->**Note:** Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
+>**Note:** Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
@@ -36,7 +36,7 @@ This article provides a summary of the scenarios where a deployment might requir
When a wireless network adapter is present during OOBE, the **Join a wireless network** page is displayed, which prompts a user to connect to a wireless network. This page is not automatically hidden by deployment technologies, including MDT 2013, and therefore will be displayed even when a deployment is configured for complete automation.
-To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkID=618044).
+To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkID=618044).
## Scenario 2: Surface Pen pairing in OOBE
@@ -54,7 +54,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
-The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](http://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click.
+The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](https://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click.
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index 6ee5c0b6f6..2df6fdcd7f 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -33,14 +33,14 @@ Installation files for administrative tools, drivers for accessories, and update
Recent additions to the downloads for Surface devices provide you with options to install Windows 10 on your Surface devices and update LTE devices with the latest Windows 10 drivers and firmware.
->**Note:** A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](http://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
+>**Note:** A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
## Surface Book
-Download the following updates [for Surface Book from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691691).
+Download the following updates [for Surface Book from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=691691).
- SurfaceBook\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
@@ -49,7 +49,7 @@ Download the following updates [for Surface Book from the Microsoft Download Cen
## Surface Pro 4
-Download the following updates for [Surface Pro 4 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691692).
+Download the following updates for [Surface Pro 4 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=691692).
- SurfacePro4\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
@@ -58,7 +58,7 @@ Download the following updates for [Surface Pro 4 from the Microsoft Download Ce
## Surface Pro 3
-Download the following updates [for Surface Pro 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690288).
+Download the following updates [for Surface Pro 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690288).
- SurfacePro3\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
@@ -85,7 +85,7 @@ Download the following updates [for Surface Pro 3 from the Microsoft Download Ce
## Surface 3
-Download the following updates [for Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690289).
+Download the following updates [for Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690289).
- Surface3\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
@@ -102,7 +102,7 @@ Download the following updates [for Surface 3 from the Microsoft Download Center
## Surface 3 LTE
-Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690290).
+Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690290).
- Surface3\_US1\_Win10\_xxxxxx.msi – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 10
@@ -118,7 +118,7 @@ Download the following updates [for AT&T 4G LTE versions of Surface 3 from the M
- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1
-Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690291).
+Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690291).
- Surface3\_NAG\_Win10\_xxxxxx.msi – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 10
@@ -134,7 +134,7 @@ Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from t
- Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1
-Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690292).
+Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690292).
- Surface3\_ROW\_Win10\_xxxxxx.msi – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 10
@@ -153,7 +153,7 @@ Download the following updates [for 4G LTE Surface 3 versions for regions outsid
## Surface Pro 2
-Download the following updates [for Surface Pro 2 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690293).
+Download the following updates [for Surface Pro 2 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690293).
- SurfacePro2\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
@@ -168,7 +168,7 @@ Download the following updates [for Surface Pro 2 from the Microsoft Download Ce
## Surface Pro
-Download the following updates [for Surface Pro from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690294).
+Download the following updates [for Surface Pro from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690294).
- SurfacePro\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
@@ -185,7 +185,7 @@ Download the following updates [for Surface Pro from the Microsoft Download Cent
There are no downloadable firmware or driver updates available for Surface RT. Updates can only be applied using Windows Update.
-If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](http://go.microsoft.com/fwlink/p/?LinkId=618107).
+If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](https://go.microsoft.com/fwlink/p/?LinkId=618107).
diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
index 03c803cc5c..dfda75ad0f 100644
--- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
+++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
@@ -16,14 +16,14 @@ author: miladCA
Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
-If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](http://go.microsoft.com/fwlink/p/?LinkId=716899).
+If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](https://go.microsoft.com/fwlink/p/?LinkId=716899).
You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
## Download PEAP, EAP-FAST, or Cisco LEAP installation files
-You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file.
+You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file.
## Deploy PEAP, EAP-FAST, or Cisco LEAP with MDT
@@ -79,7 +79,7 @@ To specify the protocol(s) explicitly, follow these steps:
For organizations that manage Surface devices with Configuration Manager, it is even easier to deploy PEAP, EAP-FAST, or Cisco LEAP support to Surface devices. Simply import each MSI file as an application from the Software Library and configure a deployment to your Surface device collection.
-For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761080).
+For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=761080).
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index b7dd253652..1babe7d7c6 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -25,7 +25,7 @@ Before you can address the concerns of how you will boot to your deployment envi
The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using System Center Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
-Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](http://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware.
+Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware.
The following Ethernet devices are supported for network boot with Surface devices:
@@ -67,7 +67,7 @@ Another consideration for administrators performing Windows deployment over the
The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks.
-Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section.
+Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section.
When you use a shared adapter for deployment, the solution for affected deployment technologies is to use another means to identify unique systems. For Configuration Manager and WDS, both of which can be affected by this issue, the solution is to use the System Universal Unique Identifier (System UUID) that is embedded in the computer firmware by the computer manufacturer. For Surface devices, you can see this entry in the computer firmware under **Device Information**.
@@ -78,9 +78,9 @@ To access the firmware of a Surface device, follow these steps:
3. Press and release the **Power** button.
4. After the device begins to boot, release the **Volume Up** button.
-When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](http://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](http://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**.
+When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](https://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](https://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**.
-The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](http://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
+The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md
index 21c8a0d24f..f2d71be1b0 100644
--- a/devices/surface/manage-surface-dock-firmware-updates.md
+++ b/devices/surface/manage-surface-dock-firmware-updates.md
@@ -22,7 +22,7 @@ Like the firmware for Surface devices, firmware for Surface Dock is also contain
>**Note:** You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:
- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/mt697551) from Microsoft Mechanics
-- [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
+- [Windows Update Makes Surface Better](https://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
@@ -79,7 +79,7 @@ Windows Update is the method that most users will use. The drivers for the Surfa
This method is used mostly in environments where Surface device drivers and firmware are managed separately from Windows Update. See [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) for more information about the different methods to manage Surface device driver and firmware updates. Updating the Surface Dock firmware through this method involves downloading and deploying an MSI package to the Surface device that contains the updated Surface Dock drivers and firmware. This is the same method recommended for updating all other Surface drivers and firmware. The two-phase firmware update process occurs in the background each time the Surface Dock is disconnected, just like it does with the Windows Update method.
-For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=785355).
+For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=785355).
>**Note:** When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in:
**HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters**
@@ -103,7 +103,7 @@ Firmware status is displayed for both the main chipset (displayed as **Component
The manual method using the Microsoft Surface Dock Updater tool to update the Surface Dock is used mostly in environments where IT prepares Surface Docks prior to delivery to the end user, or for troubleshooting of a Surface Dock. Microsoft Surface Dock Updater is a tool that you can run from any Surface device that is compatible with the Surface Dock, and will walk you through the process of performing the Surface Dock firmware update in the least possible amount of time. You can also use this tool to verify the firmware status of a connected Surface Dock.
-For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
+For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](https://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
index 4c308a017a..521f6e38a2 100644
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ b/devices/surface/manage-surface-pro-3-firmware-updates.md
@@ -31,26 +31,26 @@ The simplest solution to ensure that firmware on Surface devices in your organiz
Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators.
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](http://go.microsoft.com/fwlink/p/?LinkId=618172).
+For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](https://go.microsoft.com/fwlink/p/?LinkId=618172).
**Windows Installer Package**
-The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](http://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
+The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](https://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
-For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](http://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
+For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](https://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
**Provisioning packages**
-New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](http://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
+New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
**Windows PowerShell**
-Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](http://go.microsoft.com/fwlink/p/?LinkId=618177) blog post.
+Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](https://go.microsoft.com/fwlink/p/?LinkId=618177) blog post.
## Operating system deployment considerations
-The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](http://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center.
+The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](https://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center.
The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device.
@@ -60,7 +60,7 @@ A best practice for deployment with any solution that uses the Windows Preinstal
**Update Surface Pro 3 firmware offline through USB**
-In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](http://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
+In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](https://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index b379604c7c..d885af5dd9 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -16,7 +16,7 @@ author: miladCA
Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
-[Microsoft Surface Data Eraser](http://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](http://go.microsoft.com/fwlink/p/?LinkId=691222).
+[Microsoft Surface Data Eraser](https://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://go.microsoft.com/fwlink/p/?LinkId=691222).
Compatible Surface devices include:
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index 28bbfd35f7..169358ad9a 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -20,13 +20,13 @@ SDA includes a wizard that automates the creation and configuration of a Microso
SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
-You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=691693).
+You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=691693).
**Download Microsoft Surface Deployment Accelerator**
You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
-1. Go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center.
+1. Go to the [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center.
2. Click the **Download** button, select the **Surface\_Deployment\_Accelerator\_xxxx.msi** file, and then click **Next**.
@@ -60,7 +60,7 @@ As you progress through the SDA wizard, you will be asked some basic questions a
When the SDA completes, you can use the deployment share to deploy over the network immediately. Simply boot your Surface device from the network using a Surface Ethernet Adapter and select the Surface deployment share you created with the SDA wizard. Select the **1- Deploy Microsoft Surface** task sequence and the wizard will walk you through an automated deployment of Windows to your Surface device.
-You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](http://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](http://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
+You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](https://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](https://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
>**Note:** With SDA v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index 3e6df89af7..2024ee1ca9 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -21,7 +21,7 @@ This article shows you how to install Microsoft Surface Deployment Accelerator (
For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
-1. Download SDA, which is included in [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
+1. Download SDA, which is included in [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
2. Run the SDA installation file, named **Surface\_Deployment\_Accelerator\_*xxxx*.msi**, where *xxxx* is the current version number.
@@ -77,7 +77,7 @@ The following steps show you how to create a deployment share for Windows 10 th
- **Windows 10 Deployment Services**
- - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](http://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot.
+ - Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot.
- **Windows 10 Source Files**
@@ -147,7 +147,7 @@ You can use USB media to perform an SDA deployment if your Surface device is una
-Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](http://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
+Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
1. **diskpart** – Opens DiskPart to manage disks and partitions.
diff --git a/devices/surface/surface-diagnostic-toolkit.md b/devices/surface/surface-diagnostic-toolkit.md
index 283a22273c..fcf3eb8f6b 100644
--- a/devices/surface/surface-diagnostic-toolkit.md
+++ b/devices/surface/surface-diagnostic-toolkit.md
@@ -16,7 +16,7 @@ author: miladCA
Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.
-The [Microsoft Surface Diagnostic Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.
+The [Microsoft Surface Diagnostic Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.
>**Note:** A Surface device must boot into Windows to run the Microsoft Surface Diagnostic Toolkit. The Microsoft Surface Diagnostic Toolkit will run only on the following Surface devices:
@@ -123,7 +123,7 @@ This test checks for any outstanding Windows updates and will prompt you to inst
#### Device information
-This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](http://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](http://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:
+This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](https://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](https://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:
- Output of **Get-WindowsUpdateLog** if the operating system is Windows 10
@@ -350,11 +350,11 @@ The Windows System Assessment Tool (WinSAT) runs a series of benchmarks against
#### Performance Monitor test
-Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](http://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.
+Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](https://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.
#### Crash dump collection
-If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](http://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](http://go.microsoft.com/fwlink/p/?LinkId=746489).
+If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](https://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](https://go.microsoft.com/fwlink/p/?LinkId=746489).
#### Connected standby text
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index f9e106cf2d..91d4411699 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -16,7 +16,7 @@ author: jobotto
This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
-The [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
+The [Microsoft Surface Dock Updater](https://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA).
@@ -25,7 +25,7 @@ When you run the Microsoft Surface Dock Updater installer you will be prompted t
## Update a Surface Dock with Microsoft Surface Dock Updater
-After you install the [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
+After you install the [Microsoft Surface Dock Updater](https://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps:
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 428efd3e77..81002929b2 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -260,7 +260,7 @@ Assign the setting-migration priority based on how critical the setting is to th
Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
**Identify the list of user mailboxes to migrate**
@@ -268,7 +268,7 @@ In regards to creating the list of users you will migrate, it might seem that th
Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
-Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](http://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
+Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](https://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
**Identify companion devices that access Google Apps Gmail**
@@ -276,7 +276,7 @@ In addition to Chromebook devices, users may have companion devices (smartphones
After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
**Identify the optimal timing for the migration**
@@ -630,11 +630,11 @@ Examine each of the following network infrastructure technologies and services a
For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
- - [Chromebook vs. Windows Notebook Network Traffic Analysis](http://go.microsoft.com/fwlink/p/?LinkId=690255)
+ - [Chromebook vs. Windows Notebook Network Traffic Analysis](https://go.microsoft.com/fwlink/p/?LinkId=690255)
- - [Hidden Cost of Chromebook Deployments](http://go.microsoft.com/fwlink/p/?LinkId=690256)
+ - [Hidden Cost of Chromebook Deployments](https://go.microsoft.com/fwlink/p/?LinkId=690256)
- - [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](http://go.microsoft.com/fwlink/p/?LinkId=690257)
+ - [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
- **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
@@ -675,15 +675,15 @@ Table 7. Network infrastructure products and technologies and deployment resourc
DHCP
-
@@ -717,16 +717,16 @@ Table 8. AD DS, Azure AD and deployment resources
DNS
-
AD DS
-
@@ -760,38 +760,38 @@ Table 9. Management systems and deployment resources
Azure AD
-
Windows provisioning packages
-
Group Policy
-
Configuration Manager
-
Intune
-
@@ -825,23 +825,23 @@ Table 10. Management systems and app deployment resources
MDT
-
Group Policy
-
Configuration Manager
-
@@ -873,17 +873,17 @@ If you do no want to migrate any user or device settings from the Chromebook dev
In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
Alternatively, if you want to migrate to Office 365 from:
- **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
- - [Cutover Exchange Migration and Single Sign-On](http://go.microsoft.com/fwlink/p/?LinkId=690266)
+ - [Cutover Exchange Migration and Single Sign-On](https://go.microsoft.com/fwlink/p/?LinkId=690266)
- - [Step-By-Step: Migration of Exchange 2003 Server to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690267)
+ - [Step-By-Step: Migration of Exchange 2003 Server to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690267)
- - [Step-By-Step: Migrating from Exchange 2007 to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690268)
+ - [Step-By-Step: Migrating from Exchange 2007 to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690268)
- **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
@@ -924,15 +924,15 @@ For example, if you selected to deploy Windows devices by each classroom, start
In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy Windows 10 images to the devices, see the following resources:
-- [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
+- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
-- [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)
+- [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)
-- [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)
+- [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)
-- [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)
+- [Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)
-- [Operating System Deployment in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733916)
+- [Operating System Deployment in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733916)
In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
@@ -949,9 +949,9 @@ After you complete these steps, your management system should take over the day-
## Related topics
-[Try it out: Windows 10 deployment (for education)](http://go.microsoft.com/fwlink/p/?LinkId=623254)
+[Try it out: Windows 10 deployment (for education)](https://go.microsoft.com/fwlink/p/?LinkId=623254)
-[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)
+[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 53a866f3b8..b819adf9a0 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1257,8 +1257,8 @@ Now, you have identified the tasks you need to perform monthly, at the end of an
##Related resources
Intune
-
-
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index 28792bb055..20539db158 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -13,7 +13,7 @@ author: CelesteDG
- Windows 10
-Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, as well as some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](http://go.microsoft.com/fwlink/?LinkId=809305).
+Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, as well as some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
Here are some best practices and specific privacy settings we’d like you to be aware of.
@@ -28,8 +28,8 @@ Keep these best practices in mind when deploying any edition of Windows 10 in sc
## Windows 10 Contacts privacy settings
If you’re an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
-* [Configure Windows telemetry in your organization](http://go.microsoft.com/fwlink/?LinkId=817241) - Describes the types of telemetry we gather and the ways you can manage this data.
-* [Manage connections from Windows operating system components to Microsoft services](http://go.microsoft.com/fwlink/?LinkId=817240) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
+* [Configure Windows telemetry in your organization](https://go.microsoft.com/fwlink/?LinkId=817241) - Describes the types of telemetry we gather and the ways you can manage this data.
+* [Manage connections from Windows operating system components to Microsoft services](https://go.microsoft.com/fwlink/?LinkId=817240) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student’s contacts list. By default, this setting is turned on.
@@ -70,7 +70,7 @@ To allow only certain apps to have access to contacts, you can:
Skype Preview (a Universal Windows Platform [UWP] preview app) and Xbox are preinstalled as part of Windows 10.
-The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see this [FAQ](http://go.microsoft.com/fwlink/?LinkId=821441).
+The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see this [FAQ](https://go.microsoft.com/fwlink/?LinkId=821441).
With the Xbox app, students can use their Xbox profiles to play and make progress on their games using their Windows-based device. They can also unlock achievements and show off to their friends with game clips and screenshots. The Xbox app requires a Microsoft account, which is a personal account.
@@ -104,16 +104,16 @@ The profile page includes these sections:
#### Xbox
A user’s Xbox friends and their friends’ friends can see their real name and profile. By default, the Xbox privacy settings enforce that no personal identifying information of a minor is shared on the Xbox Live network, although adults in the child’s family can change these default settings to allow it to be more permissive.
-To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](http://go.microsoft.com/fwlink/?LinkId=821445).
+To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](https://go.microsoft.com/fwlink/?LinkId=821445).
### Delete an account if username is identifying
If you want to delete either (or both) the Skype and the Xbox accounts, here’s how to do it.
#### Skype
-To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](http://go.microsoft.com/fwlink/?LinkId=816515)
+To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](https://go.microsoft.com/fwlink/?LinkId=816515)
-If you need help deleting the account, you can contact Skype customer service by going to the [Skype support request page](http://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
+If you need help deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
1. Select a help topic (**Account and Password**)
2. Select a related problem (**Deleting an account**)
3. Click **Next**.
@@ -121,7 +121,7 @@ If you need help deleting the account, you can contact Skype customer service by
#### Xbox
-To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](http://go.microsoft.com/fwlink/?LinkId=816521).
+To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](https://go.microsoft.com/fwlink/?LinkId=816521).
## Related topics
[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
diff --git a/education/windows/images/wsfb-minecraft-vl.png b/education/windows/images/wsfb-minecraft-vl.png
new file mode 100644
index 0000000000..e3fe6de6d7
Binary files /dev/null and b/education/windows/images/wsfb-minecraft-vl.png differ
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 5c18b9e201..e1d8f75c0d 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -20,6 +20,12 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
## Add Minecraft to your Windows Store for Business
+You can start with the Minecraft: Education Edition trial to get individual copies of the app. For more information, see [Minecraft: Education Edition - individual copies](#individual-copies).
+
+If you’ve been approved and are part of the Enrollment for Education Solutions program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license)
+
+### Minecraft: Education Edition - individual copies
+
1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **Get the app**.

@@ -42,15 +48,33 @@ When you sign up for early access to [Minecraft Education Edition](http://educat

-## Distribute Minecraft
+Now that the app is in your Store for Business inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
+
+### Minecraft: Education Edition - volume license
+
+Qualified education institutions can purchase Minecraft: Education Edition volume licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this:
+
+- Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the copies will be available in [Windows Store for Business](https://www.microsoft.com/business-store) inventory.
+- You’ll receive an email with a link to Windows Store for Business.
+- Sign in to [Windows Store for Business](https://www.microsoft.com/business-store) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
+
+## Distribute Minecraft
After Minecraft Education Edition is added to your Windows Store for Business, you have three options:
- You can install the app on your PC.
-- You can assign the app to others.
-- You can download the app to distribute.
+- You can assign the app to others.
+- You can download the app to distribute.
-
+Admins can also add Minecraft: Education Edition to the private store. This allows people in your organization to install the app from the private store. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store).
+
+Here's the page you'll see for individual copies of **Minecraft: Education Edition**.
+
+
+
+Here's the page you'll see for volume licensed copies of of **Minecraft: Education Edition**.
+
+
### Install for me
You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.
@@ -81,22 +105,22 @@ Enter email addresses for your students, and each student will get an email with
**To finish Minecraft install (for students)**
-Students will receive an email with a link that will install the app on their PC.
+1. Students will receive an email with a link that will install the app on their PC.
-
+ 
-1. Click **Get the app** to start the app install in Windows Store app.
-2. In Windows Store app, click **Install**.
+2. Click **Get the app** to start the app install in Windows Store app.
+3. In Windows Store app, click **Install**.
- 
+ 
-After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
+ After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
-
+ 
-When students click **My Libarary** they'll find apps assigned to them.
+ When students click **My Libarary** they'll find apps assigned to them.
-
+ 
### Download for others
Download for others allows teachers or IT admins to download a packages that they can install on student PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for younger students, and for shared computers. Choose this option when:
@@ -157,7 +181,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
- Acquire and manage the app
- Info on Support page (including links to documentation and access to support through customer service)
-
+ 
**To assign Basic Purchaser role**
@@ -178,7 +202,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.

-## Private store
+## Private store
When you create you Windows Store for Business account, you'll have a set of apps included for free in your private store. Apps in your private store are available for all people in your organization to install and use.
@@ -191,7 +215,12 @@ These apps will automatically be in your private store:
- Fresh Paint
- Minecraft: Education Edition
-As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed.
+As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed.
+
+## Need more copies of Minecraft: Education Edition?
+You can purchase more licenses by working with your channel partner. Licenses are available at a lower rate than the price for individual copies that are available through Windows Store for Business. Individual copies are also available through Windows Store for Business.
+
+If you’ve purchased a volume license, be sure to let other basic purchasers in your organization know about the volume license. That should help prevent unnecessary purchases of individual copies.
## Learn more
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 9d3f8be882..04e110de10 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -208,10 +208,10 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
- [Develop Universal Windows Education apps](https://msdn.microsoft.com/windows/uwp/apps-for-education/index)
-- [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+- [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
-- Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+- Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
-- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+- Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 0110e7d52c..7d5f5d6c0e 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -131,7 +131,7 @@ On the **File** menu, select **Save.**
After you allow the package to be installed, the settings will be applied to the device
-[Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+[Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
### Set up test account in Group Policy
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index c9c386545b..7c7eda6f8e 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -148,7 +148,7 @@ If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edi
| App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app will not be available.| Restart PC. Run **InstallMinecraftEducationEdition.bat** again. If a restart doesn't work, contact your IT Admin. |
-If you are still having trouble installing the app, you can get more help on our [Support page](http://go.microsoft.com/fwlink/?LinkID=799757).
+If you are still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
## Related topics
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index adb0625f1e..539c4da7fb 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -15,15 +15,15 @@ localizationpriority: high
- Windows 10
-Windows 10 Anniversary Update (Windows 10, version 1607) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](http://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](http://go.microsoft.com/fwlink/?LinkId=822620).
+Windows 10 Anniversary Update (Windows 10, version 1607) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
-Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](http://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](http://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/).
+Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/).
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
## Windows 10 Pro Education
-Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings, including the removal of Cortana1. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627).
+Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings, including the removal of Cortana1. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
@@ -31,23 +31,23 @@ Existing devices running Windows 10 Pro, currently activated with the original O
Customers with Academic Volume Licensing agreements with rights for Windows can get Windows 10 Pro Education through the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), available at a later date.
-Customers that deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](http://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
+Customers that deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
## Windows 10 Education
-Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings, including the removal of Cortana1. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627).
+Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings, including the removal of Cortana1. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
-Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](http://go.microsoft.com/fwlink/?LinkId=822628).
+Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
-Customers that deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](http://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](http://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
+Customers that deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
## Related topics
* [Windows deployment for education](http://aka.ms/edudeploy)
-* [Windows 10 upgrade paths](http://go.microsoft.com/fwlink/?LinkId=822787)
-* [Volume Activation for Windows 10](http://go.microsoft.com/fwlink/?LinkId=822788)
-* [Plan for volume activation](http://go.microsoft.com/fwlink/?LinkId=822789)
+* [Windows 10 upgrade paths](https://go.microsoft.com/fwlink/?LinkId=822787)
+* [Volume Activation for Windows 10](https://go.microsoft.com/fwlink/?LinkId=822788)
+* [Plan for volume activation](https://go.microsoft.com/fwlink/?LinkId=822789)
diff --git a/license.md b/license.md
index 8e1a232216..0e5cb57b99 100644
--- a/license.md
+++ b/license.md
@@ -2,6 +2,6 @@ Copyright (c) Microsoft Corporation. Distributed under the following terms:
1. Microsoft and any contributors to this project each grants you a license, under its respective copyrights, to the documentation under the [Creative Commons Attribution 3.0 United States License](http://creativecommons.org/licenses/by/3.0/us/legalcode). In addition, with respect to any sample code contained in the documentation, Microsoft and any such contributors grants you an additional license, under its respective intellectual property rights, to use the code to develop or design your software for Microsoft Windows.
-2. Microsoft, Windows, and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. This license does not grant you rights to use any names, logos, or trademarks. For Microsoft’s general trademark guidelines, go to [http://go.microsoft.com/fwlink/?LinkID=254653](http://go.microsoft.com/fwlink/?LinkID=254653).
+2. Microsoft, Windows, and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. This license does not grant you rights to use any names, logos, or trademarks. For Microsoft’s general trademark guidelines, go to [https://go.microsoft.com/fwlink/?LinkID=254653](https://go.microsoft.com/fwlink/?LinkID=254653).
3. Microsoft and any contributors reserves all others rights, whether under copyrights, patents, or trademarks, or by implication, estoppel or otherwise.
diff --git a/mdop/agpm/choosing-which-version-of-agpm-to-install.md b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
index 0c96e2b93c..aa282a3033 100644
--- a/mdop/agpm/choosing-which-version-of-agpm-to-install.md
+++ b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
@@ -19,7 +19,7 @@ We recommend that you install the AGPM Server on the most recent version of the
All versions of AGPM can manage only the policy settings that were introduced in the same version or an earlier version of the operating system on which AGPM is running. For example, if you install AGPM 4.0 SP2 on Windows Server 2012, you can manage policy settings that were introduced in Windows Server 2012 or earlier, but you cannot manage policy settings that were introduced later, in Windows 8.1 or Windows Server 2012 R2.
-If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For information about which policy settings are available with which operating systems, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/?LinkId=157345).
+If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For information about which policy settings are available with which operating systems, see the [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/?LinkId=157345).
## AGPM 4.0 SP3
@@ -282,7 +282,7 @@ Table 4 lists the operating systems on which you can install the versions of AGP
## How to Get MDOP Technologies
-AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
## Related topics
diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md
index 1439565b2c..7d17648258 100644
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@@ -43,15 +43,15 @@ In addition to the product documentation available online, supplemental product
-
+
-
+
@@ -68,7 +68,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
**Download MDOP**
-MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](http://go.microsoft.com/fwlink/?LinkId=166331).
+MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/?LinkId=166331).
**Purchase MDOP**
Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
index 4857c10d22..ac902a9785 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
@@ -32,7 +32,7 @@ A user account that is a member of the Domain Admins group and has access to the
1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md).
- 2. Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkId=153505) (http://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkId=156883) (http://go.microsoft.com/fwlink/?LinkId=156883).
+ 2. Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883).
3. Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md).
@@ -62,9 +62,9 @@ A user account that is a member of the Domain Admins group and has access to the
- [Modify the AGPM Service](modify-the-agpm-service-agpm40.md)
-- [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkId=153505) (http://go.microsoft.com/fwlink/?LinkId=153505)
+- [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505)
-- [Planning Guide for Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkId=156883) (http://go.microsoft.com/fwlink/?LinkId=156883)
+- [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883)
- [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive.md b/mdop/agpm/move-the-agpm-server-and-the-archive.md
index b3386feba0..b2ff901507 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive.md
@@ -32,7 +32,7 @@ A user account that is a member of the Domain Admins group and has access to the
1. Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md).
- 2. Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (
-
-
+
diff --git a/mdop/appv-v4/how-to-install-a-database.md b/mdop/appv-v4/how-to-install-a-database.md
index ed8d0ddb38..392f11afda 100644
--- a/mdop/appv-v4/how-to-install-a-database.md
+++ b/mdop/appv-v4/how-to-install-a-database.md
@@ -44,7 +44,7 @@ To install the database, you must use a network account with the appropriate per
8. Select a name for the database, and then click **Next**.
**Note**
- If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see
-
+
-
@@ -132,7 +132,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For More Information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/appv-v5/accessibility-for-app-v-51.md b/mdop/appv-v5/accessibility-for-app-v-51.md
index 1d53ac7b5d..6dd47f7bf3 100644
--- a/mdop/appv-v5/accessibility-for-app-v-51.md
+++ b/mdop/appv-v5/accessibility-for-app-v-51.md
@@ -131,7 +131,7 @@ For information about the availability of Microsoft product documentation and bo
+
-
@@ -153,7 +153,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For More Information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/appv-v5/app-v-50-prerequisites.md b/mdop/appv-v5/app-v-50-prerequisites.md
index 29c64a87d8..92befd0ba0 100644
--- a/mdop/appv-v5/app-v-50-prerequisites.md
+++ b/mdop/appv-v5/app-v-50-prerequisites.md
@@ -121,7 +121,7 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
+
@@ -354,14 +354,14 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
@@ -404,7 +404,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
diff --git a/mdop/appv-v5/app-v-50-security-considerations.md b/mdop/appv-v5/app-v-50-security-considerations.md
index 80465b3f69..3ab2c1e27b 100644
--- a/mdop/appv-v5/app-v-50-security-considerations.md
+++ b/mdop/appv-v5/app-v-50-security-considerations.md
@@ -32,9 +32,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.0 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.0 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.0, subscribe to the Security Notification service (
-
+
@@ -276,19 +276,19 @@ The following table provides a full list of supported integration points for Off
**Office 2013 App-V 5.0 Packages 5.0 Additional Resources**
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
**Office 2010 App-V 5.0 Packages**
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
**Connection Groups**
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
[Managing Connection Groups](managing-connection-groups.md)
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
index 8423b1637e..e48ac4f848 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
@@ -74,16 +74,16 @@ The following table shows the App-V versions, methods of Office package creation
Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.1. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.1, refer to the following link for detailed instructions:
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
## Creating Office 2010 App-V 5.1 packages using package accelerators
Office 2010 App-V 5.1 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
-- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677)
+- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677)
-- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678)
+- [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678)
For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md).
@@ -179,7 +179,7 @@ The following table provides a full list of supported integration points for Off
-
+
@@ -277,19 +277,19 @@ The following table provides a full list of supported integration points for Off
**Office 2013 App-V Packages Additional Resources**
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
**Office 2010 App-V Packages**
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
**Connection Groups**
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
[Managing Connection Groups](managing-connection-groups51.md)
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
index d6f50efe56..a0615d5921 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
@@ -859,21 +859,21 @@ The following table describes the requirements and options for deploying Visio 2
**Office 2013 App-V 5.0 Packages 5.0 Additional Resources**
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672)
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
**Office 2010 App-V 5.0 Packages**
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
**Connection Groups**
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
[Managing Connection Groups](managing-connection-groups.md)
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
index 4004b3a502..cc8b0e0899 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
@@ -859,21 +859,21 @@ The following table describes the requirements and options for deploying Visio 2
**Office 2013 App-V Packages Additional Resources**
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672)
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
**Office 2010 App-V Packages**
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
**Connection Groups**
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
[Managing Connection Groups](managing-connection-groups51.md)
diff --git a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
index 3840ca02e8..368114618a 100644
--- a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
+++ b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
@@ -78,10 +78,10 @@ App-V consists of the following elements:
For more information about these elements, see [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md).
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at
-
+
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office51.md b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
index 031528c7a8..c6edab05da 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
@@ -296,7 +296,7 @@ The Office 2013 App-V package supports the following integration points with the
-
+
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
index cad59aab8b..e5cdaf09d2 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Planning to Deploy App-V 5.0 with an Electronic Software Distribution System
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816).
Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
index 63025c63a7..28262e158a 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Planning to Deploy App-V 5.1 with an Electronic Software Distribution System
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816).
Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
index 5de0457e2e..6d617d34bd 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
## Known Issues with App-V 5.0 SP1
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
index f3f88d512f..98cda38565 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
## Known Issues with Hotfix Package 4 for Application Virtualization 5.0 SP2
@@ -125,7 +125,7 @@ The first time that end users start an application in the package after they log
### App-V 5.0 Service Pack 2 (App-V 5.0 SP2) does not include a new version of the App-V Server
-App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](http://go.microsoft.com/fwlink/?LinkId=386634). (http://go.microsoft.com/fwlink/?LinkId=386634)
+App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](https://go.microsoft.com/fwlink/?LinkId=386634). (https://go.microsoft.com/fwlink/?LinkId=386634)
If you are running and managing App-V 5.0 SP2 clients using any of the following methods no client update is required:
diff --git a/mdop/appv-v5/release-notes-for-app-v-50.md b/mdop/appv-v5/release-notes-for-app-v-50.md
index 2df214ccdb..7ee8552e81 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
## Known Issues with App-V 5.0
diff --git a/mdop/appv-v5/troubleshooting-app-v-50.md b/mdop/appv-v5/troubleshooting-app-v-50.md
index 8bffb9304f..9a76a66e8f 100644
--- a/mdop/appv-v5/troubleshooting-app-v-50.md
+++ b/mdop/appv-v5/troubleshooting-app-v-50.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Troubleshooting App-V 5.0
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
## How to Find Troubleshooting Content
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
**To search the MDOP product documentation**
-1. Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
**To search the TechNet Wiki**
-1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
**To create a TechNet Wiki troubleshooting or best practices article**
-1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Log in with your Windows Live ID.
diff --git a/mdop/appv-v5/troubleshooting-app-v-51.md b/mdop/appv-v5/troubleshooting-app-v-51.md
index 734f0b8ff5..b44a3b27b5 100644
--- a/mdop/appv-v5/troubleshooting-app-v-51.md
+++ b/mdop/appv-v5/troubleshooting-app-v-51.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Troubleshooting App-V 5.1
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
## How to Find Troubleshooting Content
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
**To search the MDOP product documentation**
-1. Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
**To search the TechNet Wiki**
-1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
**To create a TechNet Wiki troubleshooting or best practices article**
-1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Log in with your Windows Live ID.
diff --git a/mdop/dart-v10/about-dart-10.md b/mdop/dart-v10/about-dart-10.md
index 109f623a7a..0640700499 100644
--- a/mdop/dart-v10/about-dart-10.md
+++ b/mdop/dart-v10/about-dart-10.md
@@ -77,7 +77,7 @@ DaRT 10 is available in the following languages:
## How to Get MDOP Technologies
-DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
## Related topics
diff --git a/mdop/dart-v10/accessibility-for-dart-10.md b/mdop/dart-v10/accessibility-for-dart-10.md
index 7e3a6e4cc2..fd48e49ce5 100644
--- a/mdop/dart-v10/accessibility-for-dart-10.md
+++ b/mdop/dart-v10/accessibility-for-dart-10.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
-
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For more information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/dart-v10/creating-the-dart-10-recovery-image.md b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
index 6ec9e53ef1..8256160e22 100644
--- a/mdop/dart-v10/creating-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
@@ -131,7 +131,7 @@ If you include the Crash Analyzer tool in the ISO image, you must also include t
If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 10 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 10 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
-To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
+To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
**Note**
The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
diff --git a/mdop/dart-v10/dart-10-privacy-statement.md b/mdop/dart-v10/dart-10-privacy-statement.md
index 4a652b3b2e..86cfb6143e 100644
--- a/mdop/dart-v10/dart-10-privacy-statement.md
+++ b/mdop/dart-v10/dart-10-privacy-statement.md
@@ -52,7 +52,7 @@ We will occasionally update this privacy statement to reflect changes in our pro
## For More Information
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](http://go.microsoft.com/fwlink/?LinkID=245853).
+Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853).
Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA
@@ -68,15 +68,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
**Information Collected, Processed, or Transmitted:**
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at
+
-
+
diff --git a/mdop/dart-v10/security-considerations-for-dart-10.md b/mdop/dart-v10/security-considerations-for-dart-10.md
index 9735070a44..709e51c264 100644
--- a/mdop/dart-v10/security-considerations-for-dart-10.md
+++ b/mdop/dart-v10/security-considerations-for-dart-10.md
@@ -22,7 +22,7 @@ This topic contains a brief overview about the accounts and groups, log files, a
**Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver.
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (
-
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For More Information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
index 544162e5da..6642ad1b4b 100644
--- a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
+++ b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
@@ -31,7 +31,7 @@ The **DaRT Recovery Image Wizard** only provides the option to burn a CD or DVD.
## Deploy the DaRT Recovery Image Using a USB Flash Drive
-After you have finished running the DaRT Recovery Image Wizard, you can use the tool at
+
-
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For more information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
index f28f338047..b0f7f20fd2 100644
--- a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
@@ -131,7 +131,7 @@ If you include the Crash Analyzer tool in the ISO image, you must also include t
If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 8 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 8 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
-To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
+To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
**Note**
The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
diff --git a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
index 3108fce152..fe2208a231 100644
--- a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
+++ b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
@@ -52,7 +52,7 @@ We will occasionally update this privacy statement to reflect changes in our pro
## For More Information
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](http://go.microsoft.com/fwlink/?LinkID=245853).
+Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853).
Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA
@@ -68,15 +68,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
**Information Collected, Processed, or Transmitted:**
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at
+
-
+
diff --git a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
index afe0bcba01..99d7be85b7 100644
--- a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
+++ b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
@@ -19,14 +19,14 @@ Read these release notes thoroughly before you install Microsoft Diagnostics and
These release notes contain information that is required to successfully install DaRT 8.0. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product.
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
## About the product documentation
-For information about documentation for DaRT, see the [DaRT home page](http://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
+For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
-To obtain a downloadable copy of DaRT documentation, see
+
@@ -52,20 +52,20 @@ The following table provides links to the product documentation for the MDOP pro
+
+
-
+
+
@@ -110,7 +110,7 @@ The following table provides links to the product documentation for the MDOP pro
@@ -138,20 +138,20 @@ In addition to the product documentation available online, supplemental product
-
+
-
+
-
@@ -167,7 +167,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
**Download MDOP**
-MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](http://go.microsoft.com/fwlink/p/?LinkId=166331).
+MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331).
**Purchase MDOP**
Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
diff --git a/mdop/mbam-v1/about-mbam-10.md b/mdop/mbam-v1/about-mbam-10.md
index f4c118ca23..e2ef22c1fb 100644
--- a/mdop/mbam-v1/about-mbam-10.md
+++ b/mdop/mbam-v1/about-mbam-10.md
@@ -18,7 +18,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified a
With Microsoft BitLocker Administration and Monitoring, you can select the BitLocker encryption policy options that are appropriate for your enterprise so that you can monitor the client compliance with those policies and then report the encryption status of both the enterprise and individual computers. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.
**Note**
-BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
diff --git a/mdop/mbam-v1/accessibility-for-mbam-10.md b/mdop/mbam-v1/accessibility-for-mbam-10.md
index 4f7f4dbc5b..8b435e8c20 100644
--- a/mdop/mbam-v1/accessibility-for-mbam-10.md
+++ b/mdop/mbam-v1/accessibility-for-mbam-10.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
-
+
-
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For More Information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
index f125457210..69969978ba 100644
--- a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
+++ b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
@@ -13,7 +13,7 @@ ms.prod: w8
# Deploying the MBAM 1.0 Server Infrastructure
-You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](http://go.microsoft.com/fwlink/p/?LinkId=258314).
+You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](https://go.microsoft.com/fwlink/p/?LinkId=258314).
## Deploy all MBAM 1.0 on a single server
diff --git a/mdop/mbam-v1/evaluating-mbam-10.md b/mdop/mbam-v1/evaluating-mbam-10.md
index b78e64d267..0b462a18f1 100644
--- a/mdop/mbam-v1/evaluating-mbam-10.md
+++ b/mdop/mbam-v1/evaluating-mbam-10.md
@@ -69,7 +69,7 @@ BACKUP CERTIFICATE tdeCert TO FILE = 'C:\Backup\TDECertificate.cer'
ENCRYPTION BY PASSWORD = 'P@55w0rd');
GO
+
+
diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md
index 628a1b8928..ac95a2fb22 100644
--- a/mdop/mbam-v1/getting-started-with-mbam-10.md
+++ b/mdop/mbam-v1/getting-started-with-mbam-10.md
@@ -15,14 +15,14 @@ ms.prod: w8
Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership.
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at
-
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For More Information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Related topics
diff --git a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
index 67727acd97..d4c943d507 100644
--- a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
+++ b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
@@ -17,7 +17,7 @@ The following procedures describe how to deploy Microsoft BitLocker Administrati
Before you start the installation, ensure that you have met the prerequisites and hardware and software requirements for installing MBAM with Configuration Manager by reviewing [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md).
-If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](http://go.microsoft.com/fwlink/?LinkId=286306) for more information.
+If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](https://go.microsoft.com/fwlink/?LinkId=286306) for more information.
The steps to install MBAM with Configuration Manager are grouped into the following categories. Complete the steps for each category to complete the installation.
diff --git a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
index 8f6e2c1019..87b442cc09 100644
--- a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
@@ -15,9 +15,9 @@ ms.prod: w8
Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business requirements, BitLocker Administration and Monitoring 2.0 can help reduce your administrative overhead and total cost of ownership.
-If you are new to this product, we recommend that you read the documentation carefully. To get the MBAM software, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/p/?LinkId=322049). Before you deploy MBAM to a production environment, we also recommend that you validate your deployment plan in a test environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at
+
-
+
@@ -310,12 +310,12 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
-
-
-
+
-
+
diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
index efd62a6169..911a162764 100644
--- a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
+++ b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
@@ -67,7 +67,7 @@ If you are using MBAM with Configuration Manager, and you want to upgrade to MBA
When you use Internet Explorer 10 to access the Administration and Monitoring Website, the **Submit** button on the website does not work.
-**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](http://go.microsoft.com/fwlink/?LinkId=317798).
+**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](https://go.microsoft.com/fwlink/?LinkId=317798).
### International domain names are not supported
diff --git a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
index 33672448b9..6eda8b11ab 100644
--- a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
@@ -13,7 +13,7 @@ ms.prod: w8
# Troubleshooting MBAM 2.0
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
## How to Find Troubleshooting Content
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
**To search the MDOP product documentation**
-1. Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1. Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
2. Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
**To search the TechNet Wiki**
-1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
**To create a TechNet Wiki troubleshooting or best practices article**
-1. Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Log in with your Windows Live ID.
diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md
index 4f19a1527d..96df87e28a 100644
--- a/mdop/mbam-v25/about-mbam-25-sp1.md
+++ b/mdop/mbam-v25/about-mbam-25-sp1.md
@@ -45,7 +45,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
- Administrators who are responsible for client computers that are running Windows
**Note**
-BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
@@ -123,11 +123,11 @@ In MBAM 2.5, support was added for Federal Information Processing Standard (FIP
The Windows team has backported FIPS-compliant recovery keys with a hotfix, and MBAM 2.5 SP1 has added support for them as well.
**Note**
-Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](http://go.microsoft.com/fwlink/?LinkId=393557).
+Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
-To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](http://go.microsoft.com/fwlink/?LinkId=393560).
+To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
### Customize pre-boot recovery message and URL with new Group Policy setting
@@ -220,7 +220,7 @@ The compliance calculation logic for "Locked Fixed Data" volumes has been change
## How to Get MDOP Technologies
-MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049).
## MBAM 2.5 SP1 Release Notes
diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md
index b9d9a8e8d4..89e69dbb3c 100644
--- a/mdop/mbam-v25/about-mbam-25.md
+++ b/mdop/mbam-v25/about-mbam-25.md
@@ -45,7 +45,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
- Administrators who are responsible for client computers that are running Windows
**Note**
-BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
@@ -60,7 +60,7 @@ MBAM adds support for Microsoft SQL Server 2014, in addition to the same softwar
### MBAM Group Policy Templates downloaded separately
-The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system.
+The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system.
**Important**
Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the BitLocker Drive Encryption settings for you.
@@ -133,7 +133,7 @@ Copy the template files to the location that best meets your needs. For the lang
-For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=392818).
+For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=392818).
### Ability to enforce encryption policies on operating system and fixed data drives
@@ -189,9 +189,9 @@ The new Group Policy setting is located in the following GPO node: **Computer Co
MBAM 2.5 supports Federal Information Processing Standard (FIPS)-compliant BitLocker recovery keys on devices that are running the Windows 8.1 operating system. The recovery key was not FIPS compliant in earlier versions of Windows. This enhancement improves the drive recovery process in organizations that require FIPS compliance because it enables end users to use the Self-Service Portal or Administration and Monitoring Website (Help Desk) to recover their drives if they forget their PIN or password or get locked out of their computers. The new FIPS compliance feature does not extend to password protectors.
-To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](http://go.microsoft.com/fwlink/?LinkId=393560).
+To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
-For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](http://go.microsoft.com/fwlink/?LinkId=393557).
+For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers.
@@ -282,15 +282,15 @@ Windows PowerShell Help for MBAM is available in the following formats:
-
+
-
+
-
+
@@ -346,7 +346,7 @@ MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification req
## How to Get MDOP Technologies
-MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049).
## MBAM 2.5 Release Notes
diff --git a/mdop/mbam-v25/accessibility-for-mbam-25.md b/mdop/mbam-v25/accessibility-for-mbam-25.md
index c9526f1eee..9f43694659 100644
--- a/mdop/mbam-v25/accessibility-for-mbam-25.md
+++ b/mdop/mbam-v25/accessibility-for-mbam-25.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
-
+
-
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For more information
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
## Got a suggestion for MBAM?
diff --git a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
index d50cde850a..ebc86f347e 100644
--- a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
+++ b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
@@ -37,7 +37,7 @@ For information about the **Get-MbamBitLockerRecoveryKey** and **Get-MbamTPMOwne
## How to load Windows PowerShell Help for MBAM 2.5
-For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://go.microsoft.com/fwlink/?LinkId=392816).
+For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=392816).
**To load the MBAM 2.5 Help for Windows PowerShell cmdlets after installing the MBAM Server software**
@@ -68,15 +68,15 @@ Windows PowerShell Help for MBAM is available in the following formats:
+
-
+
-
+
@@ -193,7 +193,7 @@ Before starting the configuration, complete the following prerequisites.
-
+
+
diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
index 087b44ec4b..9c4d42d879 100644
--- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
+++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
@@ -22,7 +22,7 @@ MDOP Group Policy templates are available for download in a self-extracting, com
**How to download and deploy the MDOP Group Policy templates**
-1. Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) .
+1. Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) .
2. Run the downloaded file to extract the template folders.
diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md
index ce79fb2767..d917998cbf 100644
--- a/mdop/mbam-v25/getting-started-with-mbam-25.md
+++ b/mdop/mbam-v25/getting-started-with-mbam-25.md
@@ -17,9 +17,9 @@ This topic provides a list of links to help you learn about Microsoft BitLocker
See the following resources for additional MBAM documentation:
-- [Microsoft BitLocker Administration and Monitoring Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=396653)
+- [Microsoft BitLocker Administration and Monitoring Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=396653)
-- [Microsoft Training Overview](http://go.microsoft.com/fwlink/p/?LinkId=80347)
+- [Microsoft Training Overview](https://go.microsoft.com/fwlink/p/?LinkId=80347)
Before you deploy MBAM to a production environment, we recommend that you validate your deployment plan in a test environment.
@@ -72,7 +72,7 @@ Before you start planning your MBAM deployment, review the following topics.
## How to get MDOP technologies
-MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
## Other resources for this product
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
index 6a47917431..78d2526dde 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
@@ -139,7 +139,7 @@ MBAM Group Policy Templates
- The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption.
-- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
+- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
**Note**
The workstation does not have to be a dedicated computer.
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
index 6cced98084..c0d16c3f7a 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
@@ -118,7 +118,7 @@ MBAM Group Policy Templates
- The MBAM Group Policy Templates are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker Drive Encryption.
-- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
+- Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
- The workstation does not have to be a dedicated computer.
diff --git a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
index 11443abd41..75c1e1ac11 100644
--- a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
+++ b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
@@ -28,11 +28,11 @@ In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do no
1. Download the following JavaScript files from the CDN:
- - [jQuery-1.10.2.min.js](http://go.microsoft.com/fwlink/?LinkID=390515)
+ - [jQuery-1.10.2.min.js](https://go.microsoft.com/fwlink/?LinkID=390515)
- - [jQuery.validate.min.js](http://go.microsoft.com/fwlink/?LinkID=390516)
+ - [jQuery.validate.min.js](https://go.microsoft.com/fwlink/?LinkID=390516)
- - [jQuery.validate.unobtrusive.min.js](http://go.microsoft.com/fwlink/?LinkID=390517)
+ - [jQuery.validate.unobtrusive.min.js](https://go.microsoft.com/fwlink/?LinkID=390517)
2. Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *<MBAM Self-Service Install Directory>\\*Self Service Website\\Scripts.
diff --git a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
index 47933f4215..806f8c1fe6 100644
--- a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
+++ b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
@@ -32,7 +32,7 @@ In the following instructions, *SelfService* is the default virtual directory na
The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to <MBAM Self-Service Install Directory>\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
- For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+ For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
4. In the **Value** field, type the localized text that you want to display to end users.
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
index 2c6f87f506..9142469468 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
@@ -34,7 +34,7 @@ In the following instructions, *SelfService* is the default virtual directory na
The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to <MBAM Self-Service Install Directory>\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
- For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+ For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
4. In the **Value** field, type the localized version of the `HelpdeskURL` value that you want to display to end users.
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
index a718bcc0c5..99d5d15e63 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
@@ -48,7 +48,7 @@ If an end user’s browser is set to a language that does not have a correspondi
<*MBAM Self-Service Install Directory*>\\Self Service Website\\
**Note**
- Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the <*Language*> folder.
+ Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the <*Language*> folder.
diff --git a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
index a648d9fe0c..1828c9e862 100644
--- a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
@@ -37,7 +37,7 @@ You can use this procedure with the Administration and Monitoring Website (also
diff --git a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
index ceb184dd8f..609ec18b52 100644
--- a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
@@ -37,7 +37,7 @@ You may have given these roles different names when you created them. For more i
If the moved drive was configured to use a TPM chip on the original computer, complete the following additional steps. Otherwise, the recovery process is complete.
-4. After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](http://go.microsoft.com/fwlink/?LinkId=393567).
+4. After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567).
5. When the removal is completed, start the computer normally. The MBAM agent will now enforce the policy to encrypt the drive with the new computer’s TPM plus the PIN.
diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md
index 897bb62a41..fd60429382 100644
--- a/mdop/mbam-v25/index.md
+++ b/mdop/mbam-v25/index.md
@@ -15,7 +15,7 @@ ms.prod: w10
Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md).
-To get the MBAM software, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)
@@ -45,13 +45,13 @@ To get the MBAM software, see [How Do I Get MDOP](http://go.microsoft.com/fwlink
View updated product information and known issues for MBAM 2.5.
-- [MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)
+- [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
Learn about the latest MDOP information and resources.
-- [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)
+- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
- Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+ Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
- [MBAM Deployment Guide](http://www.microsoft.com/download/details.aspx?id=38398)
diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md
index 5da2d97409..533102fb68 100644
--- a/mdop/mbam-v25/mbam-25-security-considerations.md
+++ b/mdop/mbam-v25/mbam-25-security-considerations.md
@@ -104,7 +104,7 @@ The Read-AD\* cmdlets read information from Active Directory. The Write-Mbam\* c
**Create user-to-computer associations:** The MBAM Active Directory Data Import cmdlets gather information from Active Directory and insert the data into MBAM database. However, they do not associate users to volumes. You can download the Add-ComputerUser.ps1 PowerShell script to create user-to-machine associations, which let users regain access to a computer through the Administration and Monitoring Website or by using the Self-Service Portal for recovery. The Add-ComputerUser.ps1 script gathers data from the **Managed By** attribute in Active Directory (AD), the object owner in AD, or from a custom CSV file. The script then adds the discovered users to the recovery information pipeline object, which must be passed to Write-MbamRecoveryInformation to insert the data into the recovery database.
-Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=613122).
+Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=613122).
You can specify **help Add-ComputerUser.ps1** to get help for the script, including examples of how to use the cmdlets and the script.
@@ -287,7 +287,7 @@ For an example of how to enable TDE for MBAM database instances, see [Understand
**Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM Servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
-**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](http://go.microsoft.com/fwlink/?LinkId=28819).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](https://go.microsoft.com/fwlink/?LinkId=28819).
**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](http://technet.microsoft.com/library/hh994572.aspx).
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
index dbbd704e9b..21e84dabb1 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
@@ -260,7 +260,7 @@ The following table lists the installation prerequisites for the MBAM Administra
-repair-bde
command to complete the recovery process.
+
-
+
@@ -371,7 +371,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser
-
+
-
@@ -83,7 +83,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For more information
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/p/?linkid=8431).
+For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431).
## Related topics
diff --git a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
index 3f08b69f5b..d99aea03bd 100644
--- a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
+++ b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
@@ -15,7 +15,7 @@ ms.prod: w8
The Microsoft User Experience Virtualization (UE-V) Agent installer, AgentSetup.exe, creates two scheduled tasks during the UE-V Agent installation. The two tasks are the **Template Auto Update** task and the **Setting Storage Location Status** task. These scheduled tasks are not configurable with the UE-V tools. Administrators who wish to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
-For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](http://go.microsoft.com/fwlink/?LinkID=264854).
+For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854).
## Template Auto-Update
diff --git a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
index 6651234e46..79324f056c 100644
--- a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
+++ b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
@@ -33,10 +33,10 @@ User Experience Virtualization delivers an enhanced user state virtualization ex
This product requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, this product can help reduce your administrative overhead and total cost of ownership.
-If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at
+
-
@@ -78,7 +78,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
## For more information
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/p/?linkid=8431).
+For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431).
## Got a suggestion for UE-V?
diff --git a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
index 5493bfd1dd..c5486d033d 100644
--- a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
@@ -16,7 +16,7 @@ ms.prod: w10
Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 provide Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V.
**Note**
-Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495).
+Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495).
diff --git a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
index 2971a05834..da5caca883 100644
--- a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
+++ b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
@@ -34,7 +34,7 @@ With the exception of Collect CEIP Data, these tasks must remain enabled as UE-V
These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
-For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](http://go.microsoft.com/fwlink/?LinkID=264854).
+For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854).
For more information about
diff --git a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
index 778b479ca2..239e324e35 100644
--- a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
@@ -48,7 +48,7 @@ The Company Settings Center can include a hyperlink that users can click to get
1. Open your preferred management tool:
- - **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941).
+ - **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941).
- **Windows PowerShell** – On a computer with the UE-V Agent installed, open **Windows PowerShell**. For more information about administering UE-V by using Windows PowerShell, see [Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md).
diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
index 0476446f14..036cada1cc 100644
--- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
+++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
@@ -226,7 +226,7 @@ To distribute a new Notepad template, you would perform these steps:
## Get the UE-V Configuration Pack
-The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](http://go.microsoft.com/fwlink/?LinkId=317263).
+The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](https://go.microsoft.com/fwlink/?LinkId=317263).
## Got a suggestion for UE-V?
diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
index ccc160080f..4ec1527347 100644
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@@ -98,7 +98,7 @@ Before you proceed, make sure your environment includes these requirements for r
Also…
-- **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+- **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049).
- **Administrative Credentials** for any computer on which you’ll be installing
diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md
index 4875f0d7c9..6eeef89ebe 100644
--- a/mdop/uev-v2/index.md
+++ b/mdop/uev-v2/index.md
@@ -300,11 +300,11 @@ For more information, and for late-breaking news that did not make it into the d
### More information
-[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)
+[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
Learn about the latest MDOP information and resources.
-[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
## Got a suggestion for UE-V?
diff --git a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
index fe8bb33a9e..a903b15af8 100644
--- a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI
-You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/?LinkId=393495) (http://go.microsoft.com/fwlink/?LinkId=393495).
+You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/?LinkId=393495) (https://go.microsoft.com/fwlink/?LinkId=393495).
**To deploy the UE-V Agent by using Windows PowerShell**
diff --git a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
index daf1ff7f20..784a05752c 100644
--- a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI
-Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495) (http://go.microsoft.com/fwlink/p/?LinkId=393495).
+Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495) (https://go.microsoft.com/fwlink/p/?LinkId=393495).
## Manage UE-V 2 settings location templates by using Windows PowerShell
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
index ce504d629b..3225fa1cbe 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
@@ -59,7 +59,7 @@ WORKAROUND: None.
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
index dc3d01fbc5..f8ee54fd82 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
@@ -86,7 +86,7 @@ WORKAROUND: None.
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
index b2d83bf32b..b4759fe68c 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
@@ -86,7 +86,7 @@ WORKAROUND: None.
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None
diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
index 0916c46201..a97b55540e 100644
--- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
+++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
@@ -83,7 +83,7 @@ See [User Experience Virtualization (UE-V) settings templates for Microsoft Offi
When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
**Tip**
-**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589).
@@ -172,7 +172,7 @@ UE-V 2.1 SP1 does not synchronize settings between the Microsoft Calculator in W
When you install the UE-V 2.0 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
**Tip**
-**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](http://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
+**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
@@ -517,7 +517,7 @@ This PowerShell cmdlet disables credential synchronization:
Disable-UevTemplate RoamingCredentialSettings
```
-[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](http://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy.
+[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](https://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy.
1. Open Group Policy Editor and navigate to **User Configuration – Administrative Templates – Windows Components – Microsoft User Experience Virtualization**.
@@ -597,7 +597,7 @@ The UE-V settings storage location and settings template catalog support storing
- Format the storage volume with an NTFS file system.
-- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](http://go.microsoft.com/fwlink/p/?LinkId=313991).
+- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991).
In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
@@ -692,12 +692,12 @@ Before you proceed, make sure your environment includes these requirements for r
Also…
-- **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+- **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049).
- **Administrative Credentials** for any computer on which you’ll be installing
**Note**
-- The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](http://go.microsoft.com/fwlink/?LinkId=309609).
+- The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
- Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
- The “Delete Roaming Cache” policy for Mandatory profiles is not supported with UE-V and should not be used.
diff --git a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
index ef418d7c0c..7aa983fc6e 100644
--- a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
@@ -33,143 +33,36 @@ Because settings packages might contain personal information, you should take ca
1. Set the following share-level SMB permissions for the setting storage location folder.
-
+
-
-
-
+ | User account | Recommended permissions |
+ | - | - |
+ | Everyone | No permissions |
+ |Security group of UE-V | Full control |
2. Set the following NTFS file system permissions for the settings storage location folder.
-
-
-
-
- User account
- Recommended permissions
-
-
-
-
-
-
-
-
-
-
-
-
-
+ | User account | Recommended permissions | Folder |
+ | - | - | - |
+ | Creator/Owner | No permissions | No permissions |
+ | Domain Admins | Full control | This folder, subfolders, and files |
+ | Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
+ | Everyone | Remove all permissions | No permissions |
3. Set the following share-level SMB permissions for the settings template catalog folder.
-
-
-
-
- User account
- Recommended permissions
- Folder
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ | User account | Recommend permissions |
+ | - | - |
+ | Everyone | No permissions |
+ | Domain computers | Read permission Levels |
+ | Administrators | Read/write permission levels |
-
4. Set the following NTFS permissions for the settings template catalog folder.
-
-
-
-
- User account
- Recommend permissions
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ | User account | Recommended permissions | Apply to |
+ | - | - | - |
+ | Creator/Owner | Full control | This folder, subfolders, and files |
+ | Domain Computers | List folder contents and Read permissions | This folder, subfolders, and files|
+ | Everyone| No permissions| No permissions|
+ | Administrators| Full Control| This folder, subfolders, and files|
### Use Windows Server as of Windows Server 2003 to host redirected file shares
diff --git a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
index fbba2bc34c..4b20fbb7a1 100644
--- a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
+++ b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
@@ -15,12 +15,12 @@ ms.prod: w10
Microsoft User Experience Virtualization (UE-V) 2.0 supports the synchronization of Microsoft Office 2013 application setting using a template available from the UE-V template gallery. The combination of UE-V 2 and App-V 5.0 SP2 support of Office 2013 Professional Plus enables the same experience on virtualized instance of Office 2013 from any UE-V-enabled device or virtualized desktop.
-To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](http://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
+To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](https://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
## Microsoft Office support in UE-V
-UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkId=391220).
+UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=391220).
## Synchronized Office 2013 Settings
@@ -112,7 +112,7 @@ You can deploy UE-V settings location template with the following methods:
- **Registering template via Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office 2013 template into the folder defined in the UE-V Agent. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploying the Settings Template Catalog for UE-V 2](http://technet.microsoft.com/library/dn458942.aspx#deploycatalogue).
-- **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](http://go.microsoft.com/fwlink/?LinkId=317263).
+- **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](https://go.microsoft.com/fwlink/?LinkId=317263).
## Got a suggestion for UE-V?
diff --git a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
index b46669f1a7..54488ba947 100644
--- a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
# Troubleshooting UE-V 2.x
-Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
## Find troubleshooting information
@@ -26,7 +26,7 @@ The first step to find help content in the Administrator’s Guide is to search
**To search the MDOP product documentation**
-1. Open a web browser and browse to the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
+1. Open a web browser and browse to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
2. Locate the **Search TechNet with Bing** search box and enter your search term.
@@ -34,7 +34,7 @@ The first step to find help content in the Administrator’s Guide is to search
**To search the TechNet Wiki**
-1. Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Locate the **Search TechNet Wiki** search box and enter your search term.
@@ -47,7 +47,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
**To create a TechNet Wiki troubleshooting or best practices article**
-1. Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1. Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
2. Sign in with your Microsoft account.
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
index a601d3e4a6..b0ac82f317 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
@@ -25,7 +25,7 @@ An Outlook profile must be created for any device on which a user wants to sync
-Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
+Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
To enable settings synchronization using UE-V 2.1, do one of the following:
@@ -33,7 +33,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following:
- Do not enable the Office 365 synchronization experience during Office 2013 installation
-UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589).
## Fix for Distributed File System Namespace Users
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
index d8950b0ead..017b35478b 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
@@ -64,7 +64,7 @@ An Outlook profile must be created for any device on which a user wants to sync
-Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
+Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
To enable settings synchronization using UE-V 2.1, do one of the following:
@@ -72,7 +72,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following:
- Do not enable the Office 365 synchronization experience during Office 2013 installation
-UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589).
## Got a suggestion for UE-V?
diff --git a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
index d0fe551e08..115cb8405c 100644
--- a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
+++ b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
@@ -139,7 +139,7 @@ It is possible to create or edit settings location templates in an XML editor wi
## Share Settings Location Templates with the Template Gallery
-The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](http://go.microsoft.com/fwlink/p/?LinkId=246589).
+The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](https://go.microsoft.com/fwlink/p/?LinkId=246589).
Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md
index 9c8f4c7fa1..2ccfe946be 100644
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@@ -22,7 +22,7 @@ localizationpriority: high
- Windows Server 2008 R2
**Looking for retail activation?**
-- [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 R2 or Windows Server 2012, but after the schema is updated, older domain controllers can still activate clients.
Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
diff --git a/windows/deploy/activate-using-key-management-service-vamt.md b/windows/deploy/activate-using-key-management-service-vamt.md
index 2bb06acd4e..0e20177f45 100644
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@@ -24,7 +24,7 @@ localizationpriority: high
**Looking for retail activation?**
-- [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
- Host KMS on a computer running Windows 10
@@ -48,7 +48,7 @@ To enable KMS functionality, a KMS key is installed on a KMS host; then, the hos
- To activate by using the telephone, type **slui.exe 4**.
3. After activating the KMS key, restart the Software Protection Service.
-For more information, see the information for Windows 7 in [Deploy KMS Activation](http://go.microsoft.com/fwlink/p/?LinkId=717032).
+For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
## Key Management Service in Windows Server 2012 R2
Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Sever 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
@@ -60,7 +60,7 @@ This scenario is commonly used in larger organizations that do not find the over
**Note**
-If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](http://go.microsoft.com/fwlink/p/?LinkId=620687).
+If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687).
**Configure KMS in Windows Server 2012 R2**
@@ -122,7 +122,7 @@ The **/ato** command causes the operating system to attempt activation by using
The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
-For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](http://go.microsoft.com/fwlink/p/?LinkId=733639).
+For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639).
## Key Management Service in earlier versions of Windows
@@ -133,7 +133,7 @@ If you have already established a KMS infrastructure in your organization for an
3. Install the new KMS host key on your KMS host.
4. Activate the new KMS host key by running the slmrg.vbs script.
-For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](http://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=626590).
+For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
## See also
- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deploy/activate-windows-10-clients-vamt.md b/windows/deploy/activate-windows-10-clients-vamt.md
index 478ceda691..30cea0c7ff 100644
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@@ -24,7 +24,7 @@ localizationpriority: high
**Looking for retail activation?**
-- [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
@@ -84,7 +84,7 @@ KMS hosts on the network need to install a KMS key, and then be activated with M
### Activating subsequent Key Management Service hosts
-Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](http://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
+Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
## How Multiple Activation Key works
diff --git a/windows/deploy/active-directory-based-activation-overview.md b/windows/deploy/active-directory-based-activation-overview.md
index 9a64d7572a..7eced02f55 100644
--- a/windows/deploy/active-directory-based-activation-overview.md
+++ b/windows/deploy/active-directory-based-activation-overview.md
@@ -21,7 +21,7 @@ VAMT enables IT Professionals to manage and activate the Active Directory-Based
## Related topics
-- [How to Activate an Active Directory Forest Online](http://go.microsoft.com/fwlink/p/?LinkId=246565)
-- [How to Proxy Activate an Active Directory Forest](http://go.microsoft.com/fwlink/p/?LinkId=246566)
+- [How to Activate an Active Directory Forest Online](https://go.microsoft.com/fwlink/p/?LinkId=246565)
+- [How to Proxy Activate an Active Directory Forest](https://go.microsoft.com/fwlink/p/?LinkId=246566)
diff --git a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
index bcf9e7aa13..c8b4b71449 100644
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -22,7 +22,7 @@ localizationpriority: medium
**Looking for retail activation?**
-- [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
When you activate a computer running Windows 10, the following information is sent to Microsoft:
@@ -56,7 +56,7 @@ Standard computer information is also sent, but your computer’s IP address is
## Use of information
Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
-For additional details, see [Windows 10 Privacy Statement](http://go.microsoft.com/fwlink/p/?LinkId=619879).
+For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
## See also
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index 3d0e742f97..f7b9f06baf 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -19,6 +19,13 @@ The topics in this library have been updated for Windows 10, version 1607 (also
- [Provision PCs with apps and certificates for initial deployment](provision-pcs-with-apps-and-certificates.md)
- [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
+=======
+
+## August 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Windows 10 edition upgrade](windows-10-edition-upgrades.md) | Updated with reboot requirements |
+
## July 2016
| New or changed topic | Description |
|----------------------|-------------|
diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index 61bc2e47c8..c1f827f3a7 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -21,7 +21,7 @@ This walkthrough describes how to configure a PXE server to load Windows PE by
## Prerequisites
-- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed.
+- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed.
- A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
- A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
- A file server: A server hosting a network file share.
diff --git a/windows/deploy/configure-client-computers-vamt.md b/windows/deploy/configure-client-computers-vamt.md
index 704c8d01f9..c5334ea193 100644
--- a/windows/deploy/configure-client-computers-vamt.md
+++ b/windows/deploy/configure-client-computers-vamt.md
@@ -19,7 +19,7 @@ To enable the Volume Activation Management Tool (VAMT) to function correctly, ce
Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
**Important**
-This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](http://go.microsoft.com/fwlink/p/?LinkId=182933).
+This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
## Configuring the Windows Firewall to allow VAMT access
@@ -56,12 +56,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W
- On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
-For more info, see [How to configure RPC dynamic port allocation to work with firewalls](http://go.microsoft.com/fwlink/p/?LinkId=182911).
+For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
## Create a registry value for the VAMT to access workgroup-joined computer
**Caution**
-This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](http://go.microsoft.com/fwlink/p/?LinkId=182912).
+This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
On the client computer, create the following registry key using regedit.exe.
diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md
index 50ec7f2fcf..1f91fff47c 100644
--- a/windows/deploy/create-a-windows-10-reference-image.md
+++ b/windows/deploy/create-a-windows-10-reference-image.md
@@ -115,7 +115,7 @@ By storing configuration items as MDT applications, it is easy to move these obj
In these examples, we assume that you downloaded the software in this list to the E:\\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell.
**Note**
-All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](http://go.microsoft.com/fwlink/p/?LinkId=619523).
+All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523).
### Create the install: Microsoft Office Professional Plus 2013 x86
diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
index 7f92cbc0d8..62ff5ee44b 100644
--- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
@@ -28,7 +28,7 @@ Figure 1. The machines used in this topic.
## Step 1: Configure Active Directory permissions
-These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
+These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
1. On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
2. Select the **Service Accounts** organizational unit (OU) and create the MDT\_JD account using the following settings:
1. Name: MDT\_JD
@@ -177,7 +177,7 @@ Or, you can use this command in a normal command prompt:
wmic csproduct get name
```
-If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](http://go.microsoft.com/fwlink/p/?LinkId=619536).
+If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](https://go.microsoft.com/fwlink/p/?LinkId=619536).

@@ -217,7 +217,7 @@ In these steps, we assume you have downloaded PROWinx64.exe from Intel.com and s
For the Lenovo T420 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo T420 model has the 4178B9G model name, meaning the Machine Type is 4178.
-To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](http://go.microsoft.com/fwlink/p/?LinkId=619543).
+To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
In these steps, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever v5.0 to the E:\\Drivers\\Lenovo\\ThinkPad T420 (4178) folder.
@@ -227,7 +227,7 @@ In these steps, we assume you have downloaded and extracted the drivers using Th
### For the Latitude E6440
-For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](http://go.microsoft.com/fwlink/p/?LinkId=619544).
+For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E6440 model to the E:\\Drivers\\Dell\\Latitude E6440 folder.
@@ -237,7 +237,7 @@ In these steps, we assume you have downloaded and extracted the CAB file for the
### For the HP EliteBook 8560w
-For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](http://go.microsoft.com/fwlink/p/?LinkId=619545).
+For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](https://go.microsoft.com/fwlink/p/?LinkId=619545).
In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the E:\\Drivers\\Windows 10 x64\\HP\\HP EliteBook 8560w folder.
@@ -630,7 +630,7 @@ Follow these steps to create a bootable USB stick from the offline media content
## Unified Extensible Firmware Interface (UEFI)-based deployments
-As referenced in [Windows 10 deployment tools](http://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.
+As referenced in [Windows 10 deployment tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.

diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
index e3e558c24b..b9624a46b9 100644
--- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@@ -81,7 +81,7 @@ Operating system deployment with Configuration Manager is part of the normal sof
## See also
-- [Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+- [Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
- [Windows deployment tools](windows-deployment-scenarios-and-tools.md)
@@ -93,7 +93,7 @@ Operating system deployment with Configuration Manager is part of the normal sof
- [Sideload Windows Store apps](http://technet.microsoft.com/library/dn613831.aspx)
-- [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803)
+- [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803)
diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
index 93028930c5..3fc7913c52 100644
--- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -20,7 +20,7 @@ This guide will walk you through the process of deploying Windows 10 in an ente
The Microsoft Deployment Toolkit is a unified collection of tools, processes, and guidance for automating desktop and server deployment. In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the Windows Assessment and Deployment Kit (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
MDT 2013 Update 2 supports the deployment of Windows 10, as well as Windows 7, Windows 8, Windows 8.1, and Windows Server 2012 R2. It also includes support for zero-touch installation (ZTI) with Microsoft System Center 2012 R2 Configuration Manager.
-To download the latest version of MDT, visit the [MDT resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+To download the latest version of MDT, visit the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
## In this section
@@ -71,13 +71,13 @@ Figure 2. The organizational unit (OU) structure used in this guide.
## Sample files
The information in this guide is designed to help you deploy Windows 10. In order to help you put the information you learn into practice more quickly, we recommend that you download a small set of sample files for the fictitious Contoso Corporation:
-- [Gather.ps1](http://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
-- [Set-OUPermissions.ps1](http://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
-- [MDTSample.zip](http://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
+- [Gather.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
+- [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
+- [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
## Related topics
-[Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
diff --git a/windows/deploy/deploy-windows-to-go.md b/windows/deploy/deploy-windows-to-go.md
index b4e13c5b8c..4b8717343e 100644
--- a/windows/deploy/deploy-windows-to-go.md
+++ b/windows/deploy/deploy-windows-to-go.md
@@ -19,156 +19,139 @@ author: mtniehaus
This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
-**Note**
-This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](http://go.microsoft.com/fwlink/p/?linkid=230693).
-
-
+>[!NOTE]
+>This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](http://go.microsoft.com/fwlink/p/?linkid=230693).
## Deployment tips
-
The following is a list of items that you should be aware of before you start the deployment process:
-- Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](../plan/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
+* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](../plan/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
-- After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
+* After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
-- When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
+* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
-- System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](http://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=619148).
+- System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=619148).
-- If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
+* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
## Basic deployment steps
-
Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
-Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](http://go.microsoft.com/fwlink/p/?LinkId=619149).
+Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](https://go.microsoft.com/fwlink/p/?LinkId=619149).
-**Warning**
-If you are planning to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
-
-
+>[!WARNING]
+>If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
### Create the Windows To Go workspace
-In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](http://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools.
+In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](https://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools.
-**Warning**
-The preferred method for creating a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
+>[!WARNING]
+>The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
-
+#### To create a Windows To Go workspace with the Windows To Go Creator Wizard
-**To create a Windows To Go workspace with the Windows To Go Creator Wizard**
+1. Sign into your Windows PC using an account with Administrator privileges.
-1. Sign into your Windows PC using an account with Administrator privileges.
+2. Insert the USB drive that you want to use as your Windows To Go drive into your PC.
-2. Insert the USB drive that you want to use as your Windows To Go drive into your PC.
+3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
-3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
+ >[!NOTE]
+ >For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](http://go.microsoft.com/fwlink/p/?LinkId=619151).
- **Note**
- For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](http://go.microsoft.com/fwlink/p/?LinkId=619151).
+4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
-
+5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
-4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
+6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
+7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions.
+r
-6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-
-7. (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions.
-
- **Warning**
- If you are planning to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated.
-
-
+ >[!WARNING]
+ >If you plan to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated.
If you choose to encrypt the Windows To Go drive now:
- - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
+ - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
- - Retype the password, and then click Next.
- **Important**
- The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](http://go.microsoft.com/fwlink/p/?LinkId=619157).
+ >[!IMPORTANT]
+ >The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](https://go.microsoft.com/fwlink/p/?LinkId=619157).
-
+8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
-8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
+ >[!WARNING]
+ >The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.
- **Warning**
- The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.
+9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
-
+Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](https://go.microsoft.com/fwlink/p/?LinkId=619159) using the Windows To Go startup options and boot your Windows To Go drive.
-9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
-
-Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](http://go.microsoft.com/fwlink/p/?LinkId=619159) using the Windows To Go startup options and boot your Windows To Go drive.
-
-**Windows PowerShell equivalent commands**
+#### Windows PowerShell equivalent commands
The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints. This procedure can only be used on PCs that are running Windows 10. Before starting, ensure that only the USB drive that you want to provision as a Windows To Go drive is connected to the PC.
-1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
+1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
-2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
+2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+ # The following command will set $Disk to all USB drives with >20 GB of storage
$Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-#
-# To skip the confirmation prompt, append –confirm:$False
+ #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+ #
+ # To skip the confirmation prompt, append –confirm:$False
Clear-Disk –InputObject $Disk[0] -RemoveData
-# This command initializes a new MBR disk
+ # This command initializes a new MBR disk
Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
-# This command creates a 350 MB system partition
+ # This command creates a 350 MB system partition
$SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+ # This formats the volume with a FAT32 Filesystem
+ # To skip the confirmation dialog, append –Confirm:$False
Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
-Partition $SystemPartition
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+ # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
$OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
-Partition $OSPartition
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+ # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
-# This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+ # This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
```
-3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
-
- **Tip**
- The index number must be set correctly to a valid Enterprise image in the .WIM file.
-
-
+3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+ >[!TIP]
+ >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+
``` syntax
-#The WIM file must contain a sysprep generalized image.
+ #The WIM file must contain a sysprep generalized image.
dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\
```
-4. Now use the [bcdboot](http://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
+4. Now use the [bcdboot](https://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
+
``` syntax
W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
```
-5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
+5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
``` syntax
@@ -200,13 +183,13 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
```
-6. Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
+6. Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
``` syntax
Dism.exe /Image:W:\ /Apply-Unattend:W:\san_policy.xml
```
-7. Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
+7. Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
``` syntax
@@ -232,38 +215,38 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
```
- Once the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\)
+ After the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\)
- **Important**
- Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
+ >[!IMPORTANT]
+ >Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
If you do not wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
-
-Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](http://go.microsoft.com/fwlink/p/?LinkId=619165) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](http://go.microsoft.com/fwlink/p/?LinkId=619166), or [enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619167).
+Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](https://go.microsoft.com/fwlink/p/?LinkId=619165) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](https://go.microsoft.com/fwlink/p/?LinkId=619166), or [enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619167).
+
### To prepare a host computer
Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
-**Tip**
-If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
+>[!TIP]
+>If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
-
If you want to use the Windows To Go workspace, simply shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
To set the Windows To Go Startup options for host computers running Windows 10:
-1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
+1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
-2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
For host computers running Windows 8 or Windows 8.1:
-1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
-2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
+1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
+
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
You can configure your organization's computers to automatically start from the USB drive by enabling the following Group Policy setting:
@@ -271,7 +254,7 @@ You can configure your organization's computers to automatically start from the
After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it is started. Users will not be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected will not occur unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
-Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](http://go.microsoft.com/fwlink/p/?LinkId=619169) and [Enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619152).
+Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](https://go.microsoft.com/fwlink/p/?LinkId=619169) and [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152).
### Booting your Windows To Go workspace
@@ -302,80 +285,77 @@ Making sure that Windows To Go workspaces are effective when used off premises i
- A domain user account with rights to add computer accounts to the domain and is a member of the Administrator group on the Windows To Go host computer
-- [DirectAccess](http://go.microsoft.com/fwlink/p/?LinkId=619170) configured on the domain
+- [DirectAccess](https://go.microsoft.com/fwlink/p/?LinkId=619170) configured on the domain
**To configure your Windows To Go workspace for remote access**
-1. Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by <>) with the ones applicable for your environment:
+1. Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by <>) with the ones applicable for your environment:
``` syntax
djoin /provision /domain
-
-
-
- User account
- Recommended permissions
- Apply to
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
+| `https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended` | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
| `https://vortex.data.microsoft.com/health/keepalive`
`https://settings.data.microsoft.com/qos`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | These endpoints are used to validate that user computers are sharing data with Microsoft. |
## Deploy the compatibility update and related KBs
@@ -131,7 +131,7 @@ The Upgrade Analytics deployment script does the following:
To run the Upgrade Analytics deployment script:
-1. Download the [Upgrade Analytics deployment script](http://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. The files in the Diagnostics folder are necessary only if you plan to run the script in troubleshooting mode.
+1. Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. The files in the Diagnostics folder are necessary only if you plan to run the script in troubleshooting mode.
2. Edit the following parameters in RunConfig.bat:
diff --git a/windows/deploy/upgrade-analytics-requirements.md b/windows/deploy/upgrade-analytics-requirements.md
index 1d48d9a363..3d55cd49a6 100644
--- a/windows/deploy/upgrade-analytics-requirements.md
+++ b/windows/deploy/upgrade-analytics-requirements.md
@@ -37,7 +37,7 @@ Important: You can use either a Microsoft Account or a Work or School account to
After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
-See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](http://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
+See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
@@ -49,7 +49,7 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields
`https://settings.data.microsoft.com/qos`
-`http://go.microsoft.com/fwlink/?LinkID=544713`
+`https://go.microsoft.com/fwlink/?LinkID=544713`
`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 0f66363610..2a854e9a3b 100644
--- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -34,9 +34,9 @@ System Center 2012 R2 Configuration Manager SP1 adds support to manage and dep
## Create the task sequence
-To help with this process, the Configuration Manager team has published [a blog](http://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](http://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
+To help with this process, the Configuration Manager team has published [a blog](https://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](https://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
-1. Download the [Windows10Upgrade1506.zip](http://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
+1. Download the [Windows10Upgrade1506.zip](https://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
2. Copy the Windows 10 Enterprise RTM x64 media into the extracted but empty **Windows vNext Upgrade Media** folder.
3. Using the Configuration Manager Console, right-click the **Task Sequences** node, and then choose **Import Task Sequence**. Select the **Windows-vNextUpgradeExport.zip** file that you extracted in Step 1.
4. Distribute the two created packages (one contains the Windows 10 Enterprise x64 media, the other contains the related scripts) to the Configuration Manager distribution point.
@@ -111,7 +111,7 @@ After the task sequence finishes, the computer will be fully upgraded to Windows
With the next release of System Center Configuration Manager (currently planned for Q4 of 2015), new built-in functionality will be provided to make it even easier to upgrade existing Windows 7, Windows 8, and Windows 8.1 PCs to Windows 10.
**Note**
-For more details about the next version of Configuration Manager, see the [Configuration Manager Team blog](http://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](http://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
+For more details about the next version of Configuration Manager, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
@@ -199,7 +199,7 @@ After the task sequence completes, the computer will be fully upgraded to Window
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-[Configuration Manager Team blog](http://go.microsoft.com/fwlink/p/?LinkId=620109)
+[Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620109)
diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 18dfaf7fdf..feaabb3fa4 100644
--- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -100,5 +100,5 @@ After the task sequence completes, the computer will be fully upgraded to Window
[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-[Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
\ No newline at end of file
diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
index 64e70ced04..da3cbd9940 100644
--- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
+++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
@@ -16,7 +16,7 @@ This topic will show you how to integrate Microsoft System Center 2012 R2 Orches
MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
**Note**
-If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
## Orchestrator terminology
@@ -30,7 +30,7 @@ Before diving into the core details, here is a quick course in Orchestrator term
- **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
**Note**
-To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](http://go.microsoft.com/fwlink/p/?LinkId=619554).
+To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
## Create a sample runbook
@@ -135,7 +135,7 @@ Figure 31. The ready-made task sequence.
Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
**Note**
-Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](http://go.microsoft.com/fwlink/p/?LinkId=619555).
+Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
1. On PC0001, log on as **CONTOSO\\MDT\_BA**.
2. Using an elevated command prompt (run as Administrator), type the following command:
diff --git a/windows/deploy/use-the-volume-activation-management-tool-client.md b/windows/deploy/use-the-volume-activation-management-tool-client.md
index 7efe6a23a3..e6b415238b 100644
--- a/windows/deploy/use-the-volume-activation-management-tool-client.md
+++ b/windows/deploy/use-the-volume-activation-management-tool-client.md
@@ -23,14 +23,14 @@ localizationpriority: high
- Windows Server 2008 R2
**Looking for retail activation?**
-- [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be
installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.
-The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740).
+The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740).
In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature.
@@ -65,8 +65,8 @@ The VAMT stores information in a Microsoft SQL Server database for performance
- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive.
For more information, see:
-- [Volume Activation Management Tool (VAMT) Overview](http://go.microsoft.com/fwlink/p/?LinkId=618266)
-- [VAMT Step-by-Step Scenarios](http://go.microsoft.com/fwlink/p/?LinkId=618267)
+- [Volume Activation Management Tool (VAMT) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618266)
+- [VAMT Step-by-Step Scenarios](https://go.microsoft.com/fwlink/p/?LinkId=618267)
## See also
- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deploy/use-vamt-in-windows-powershell.md b/windows/deploy/use-vamt-in-windows-powershell.md
index 01de72d0a6..3d285f1e56 100644
--- a/windows/deploy/use-vamt-in-windows-powershell.md
+++ b/windows/deploy/use-vamt-in-windows-powershell.md
@@ -13,7 +13,7 @@ author: jdeckerMS
The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool.
**To install PowerShell 3.0**
-- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=218356).
+- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356).
**To install the Windows Assessment and Deployment Kit**
- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK).
**To prepare the VAMT PowerShell environment**
@@ -48,7 +48,7 @@ get-help get-VamtProduct -all
```
**Warning**
-The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](http://go.microsoft.com/fwlink/p/?LinkId=242278).
+The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278).
**To view VAMT PowerShell Help sections**
diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md
index 1d8755df14..2f6f9bf239 100644
--- a/windows/deploy/use-web-services-in-mdt-2013.md
+++ b/windows/deploy/use-web-services-in-mdt-2013.md
@@ -17,7 +17,7 @@ Using a web service in MDT is straightforward, but it does require that you have
## Create a sample web service
-In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](http://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
+In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
1. On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
2. On the ribbon bar, verify that Release is selected.
3. In the **Debug** menu, select the **Build MDTSample** action.
diff --git a/windows/deploy/usmt-best-practices.md b/windows/deploy/usmt-best-practices.md
index 8da6b08353..6e06f8c3d9 100644
--- a/windows/deploy/usmt-best-practices.md
+++ b/windows/deploy/usmt-best-practices.md
@@ -42,7 +42,7 @@ This topic discusses general and security-related best practices when using User
- **Chkdsk.exe**
- We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](http://go.microsoft.com/fwlink/p/?LinkId=140244).
+ We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](https://go.microsoft.com/fwlink/p/?LinkId=140244).
- **Migrate in groups**
@@ -55,7 +55,7 @@ As the authorized administrator, it is your responsibility to protect the privac
- **Encrypting File System (EFS)**
- Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](http://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
+ Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](https://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
**Important**
If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
@@ -72,7 +72,7 @@ As the authorized administrator, it is your responsibility to protect the privac
- **Maintain security of the file server and the deployment server**
- We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](http://go.microsoft.com/fwlink/p/?LinkId=215657).
+ We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
- **Password Migration**
diff --git a/windows/deploy/usmt-common-issues.md b/windows/deploy/usmt-common-issues.md
index 88980d6d7b..118d52b056 100644
--- a/windows/deploy/usmt-common-issues.md
+++ b/windows/deploy/usmt-common-issues.md
@@ -165,7 +165,7 @@ The following sections describe common XML file problems. Expand the section to
### I am having problems with a custom .xml file that I authored, and I cannot verify that the syntax is correct.
-**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](http://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
+**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
### I am using a MigXML helper function, but the migration isn’t working the way I expected it to. How do I troubleshoot this issue?
@@ -251,7 +251,7 @@ Scanstate /ui:S1-5-21-124525095-708259637-1543119021*
The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well.
-You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=190277).
+You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=190277).
### My script to wipe the disk fails after running the ScanState tool on a 64-bit system.
diff --git a/windows/deploy/usmt-hard-link-migration-store.md b/windows/deploy/usmt-hard-link-migration-store.md
index e65487a0bd..699fe76632 100644
--- a/windows/deploy/usmt-hard-link-migration-store.md
+++ b/windows/deploy/usmt-hard-link-migration-store.md
@@ -67,7 +67,7 @@ A hard link can only be created for a file on the same volume. If you copy a har
-For more information about hard links, please see [Hard Links and Junctions](http://go.microsoft.com/fwlink/p/?LinkId=132934)
+For more information about hard links, please see [Hard Links and Junctions](https://go.microsoft.com/fwlink/p/?LinkId=132934)
In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place.
diff --git a/windows/deploy/usmt-overview.md b/windows/deploy/usmt-overview.md
index 928044a3cf..9f6a18384a 100644
--- a/windows/deploy/usmt-overview.md
+++ b/windows/deploy/usmt-overview.md
@@ -35,7 +35,7 @@ USMT provides the following benefits to businesses that are deploying Windows op
- Increases employee satisfaction with the migration experience.
## Limitations
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](http://go.microsoft.com/fwlink/p/?LinkId=140248).
+USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](https://go.microsoft.com/fwlink/p/?LinkId=140248).
There are some scenarios in which the use of USMT is not recommended. These include:
diff --git a/windows/deploy/usmt-resources.md b/windows/deploy/usmt-resources.md
index cc268ff816..e77c799af7 100644
--- a/windows/deploy/usmt-resources.md
+++ b/windows/deploy/usmt-resources.md
@@ -22,13 +22,13 @@ author: greg-lindsay
For more information about how to use the schema with your XML authoring environment, see the environment’s documentation.
-- [Ask the Directory Services Team blog](http://go.microsoft.com/fwlink/p/?LinkId=226365)
+- [Ask the Directory Services Team blog](https://go.microsoft.com/fwlink/p/?LinkId=226365)
- Forums:
- - [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=226386)
+ - [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386)
- - [Configuration Manager Operating System Deployment](http://go.microsoft.com/fwlink/p/?LinkId=226388)
+ - [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388)
## Related topics
diff --git a/windows/deploy/usmt-return-codes.md b/windows/deploy/usmt-return-codes.md
index 365b49b5c7..001654314d 100644
--- a/windows/deploy/usmt-return-codes.md
+++ b/windows/deploy/usmt-return-codes.md
@@ -48,7 +48,7 @@ As a best practice, we recommend that you set verbosity level to 5, **/v***:5*,
Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received.
-You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=147060).
+You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=147060).
## Troubleshooting Return Codes and Error Messages
diff --git a/windows/deploy/usmt-technical-reference.md b/windows/deploy/usmt-technical-reference.md
index 6414a4386a..c3d796217c 100644
--- a/windows/deploy/usmt-technical-reference.md
+++ b/windows/deploy/usmt-technical-reference.md
@@ -11,7 +11,7 @@ author: greg-lindsay
# User State Migration Tool (USMT) Technical Reference
The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
-Download the Windows ADK [from this website](http://go.microsoft.com/fwlink/p/?LinkID=526803).
+Download the Windows ADK [from this website](https://go.microsoft.com/fwlink/p/?LinkID=526803).
**USMT support for Microsoft Office**
>USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.
@@ -31,7 +31,7 @@ USMT also includes a set of three modifiable .xml files:
Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
-USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](http://go.microsoft.com/fwlink/p/?LinkId=246564).
+USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](https://go.microsoft.com/fwlink/p/?LinkId=246564).
## In This Section
|Topic |Description|
diff --git a/windows/deploy/usmt-test-your-migration.md b/windows/deploy/usmt-test-your-migration.md
index e460f17de8..39297b3207 100644
--- a/windows/deploy/usmt-test-your-migration.md
+++ b/windows/deploy/usmt-test-your-migration.md
@@ -24,7 +24,7 @@ Running the ScanState and LoadState tools with the **/v***:5* option creates a d
-After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=140246).
+After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=140246).
**Note**
For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
diff --git a/windows/deploy/usmt-xml-elements-library.md b/windows/deploy/usmt-xml-elements-library.md
index f4f412fc2a..4257b3e9d6 100644
--- a/windows/deploy/usmt-xml-elements-library.md
+++ b/windows/deploy/usmt-xml-elements-library.md
@@ -3056,7 +3056,7 @@ Syntax:
-
+
@@ -3945,7 +3945,7 @@ The following scripts have no return value. You can use the following errors wit
```
-- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=267898).
+- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=267898).
- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service.
diff --git a/windows/deploy/vamt-known-issues.md b/windows/deploy/vamt-known-issues.md
index 4aa2185e8f..2e9ac12d08 100644
--- a/windows/deploy/vamt-known-issues.md
+++ b/windows/deploy/vamt-known-issues.md
@@ -13,7 +13,7 @@ author: jdeckerMS
The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0.
- The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state.
-- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](http://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](http://go.microsoft.com/fwlink/p/?linkid=184668).
+- Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668).
- When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information.
- The remaining activation count can only be retrieved for MAKs.
diff --git a/windows/deploy/vamt-requirements.md b/windows/deploy/vamt-requirements.md
index 06a8615669..99379424ef 100644
--- a/windows/deploy/vamt-requirements.md
+++ b/windows/deploy/vamt-requirements.md
@@ -19,7 +19,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations
|Product key type |Where to obtain |
|-----------------|----------------|
-|
|Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](http://go.microsoft.com/fwlink/p/?LinkId=227282). |
+|
|Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
|Retail product keys |Obtained at time of product purchase. |
## System Requirements
@@ -36,7 +36,7 @@ The following table lists the system requirements for the VAMT host computer.
|Network |Connectivity to remote computers via Windows® Management Instrumentation (TCP/IP) and Microsoft® Activation Web Service on the Internet via HTTPS |
|Operating System |Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, or Windows Server 2012. |
|Additional Requirements |
|
+Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](https://go.microsoft.com/fwlink/p/?LinkId=218356).
>**Note**: Each desktop edition in the table also has an N and KN edition. These editions have had media-related functionality removed. Devices with N or KN editions installed can be upgraded to corresponding N or KN editions using the same methods.
## Upgrade using mobile device management (MDM)
-- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkID=690907).
+- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
-- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkID=690907).
+- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
## Upgrade using a provisioning package
-The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
- To use Windows ICD to create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
- To use Windows ICD to create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
-For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=533700).
+For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=533700).
## Upgrade using a command-line tool
You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md
index 456d2786a0..19c048877c 100644
--- a/windows/deploy/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md
@@ -11,7 +11,7 @@ author: greg-lindsay
# Windows ADK for Windows 10 scenarios for IT Pros
-The [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](http://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
+The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](http://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](http://msdn.microsoft.com/library/windows/hardware/dn938361.aspx).
diff --git a/windows/deploy/windows-deployment-scenarios-and-tools.md b/windows/deploy/windows-deployment-scenarios-and-tools.md
index a970f1b56f..1a431a3040 100644
--- a/windows/deploy/windows-deployment-scenarios-and-tools.md
+++ b/windows/deploy/windows-deployment-scenarios-and-tools.md
@@ -21,7 +21,7 @@ In this topic, you also learn about different types of reference images that you
## Windows Assessment and Deployment Kit
-Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803 ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803 ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).

@@ -48,7 +48,7 @@ Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All
Figure 2. Using DISM functions in PowerShell.
-For more information on DISM, see [DISM technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619161).
+For more information on DISM, see [DISM technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619161).
### User State Migration Tool (USMT)
@@ -96,7 +96,7 @@ By default USMT migrates many settings, most of which are related to the user pr
- Application settings
-These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](http://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619228).
+These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](https://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619228).
### Windows Imaging and Configuration Designer
@@ -106,7 +106,7 @@ Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to a
Figure 4. Windows Imaging and Configuration Designer.
-For more information, see [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkID=525483).
+For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkID=525483).
### Windows System Image Manager (Windows SIM)
@@ -116,7 +116,7 @@ Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or C
Figure 5. Windows answer file opened in Windows SIM.
-For more information, see [Windows System Image Manager Technical Reference]( http://go.microsoft.com/fwlink/p/?LinkId=619906).
+For more information, see [Windows System Image Manager Technical Reference]( https://go.microsoft.com/fwlink/p/?LinkId=619906).
### Volume Activation Management Tool (VAMT)
@@ -132,7 +132,7 @@ VAMT also can be used to create reports, switch from MAK to KMS, manage Active D
Get-VamtProduct
```
-For more information on the VAMT, see [VAMT technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619230).
+For more information on the VAMT, see [VAMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619230).
### Windows Preinstallation Environment (Windows PE)
@@ -144,7 +144,7 @@ The key thing to know about Windows PE is that, like the operating system, it ne
Figure 7. A machine booted with the Windows ADK default Windows PE boot image.
-For more details on Windows PE, see [Windows PE (WinPE)](http://go.microsoft.com/fwlink/p/?LinkId=619233).
+For more details on Windows PE, see [Windows PE (WinPE)](https://go.microsoft.com/fwlink/p/?LinkId=619233).
## Windows Recovery Environment
@@ -155,7 +155,7 @@ Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset
Figure 8. A Windows 10 client booted into Windows RE, showing Advanced options.
-For more information on Windows RE, see [Windows Recovery Environment](http://go.microsoft.com/fwlink/p/?LinkId=619236).
+For more information on Windows RE, see [Windows Recovery Environment](https://go.microsoft.com/fwlink/p/?LinkId=619236).
## Windows Deployment Services
@@ -166,7 +166,7 @@ Windows Deployment Services (WDS) has been updated and improved in several ways
Figure 9. Windows Deployment Services using multicast to deploy three machines.
-In Windows Server 2012 R2, [Windows Deployment Services](http://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
+In Windows Server 2012 R2, [Windows Deployment Services](https://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
### Trivial File Transfer Protocol (TFTP) configuration
@@ -200,12 +200,12 @@ Lite Touch and Zero Touch are marketing names for the two solutions that MDT 201
Figure 11. The Deployment Workbench in MDT 2013, showing a task sequence.
-For more information on MDT 2013 Update 1, see the [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618117) resource center.
+For more information on MDT 2013 Update 1, see the [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618117) resource center.
## Microsoft Security Compliance Manager 2013
-[Microsoft SCM](http://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
+[Microsoft SCM](https://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.

@@ -228,7 +228,7 @@ The following components are included in the MDOP suite:
- **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, as well as monitor compliance with these policies.
-For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](http://go.microsoft.com/fwlink/p/?LinkId=619247).
+For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](https://go.microsoft.com/fwlink/p/?LinkId=619247).
## Internet Explorer Administration Kit 11
@@ -239,7 +239,7 @@ There has been a version of IEAK for every version of Internet Explorer since 3.
Figure 13. The User Experience selection screen in IEAK 11.
-To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](http://go.microsoft.com/fwlink/p/?LinkId=619248) page.
+To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=619248) page.
## Windows Server Update Services
@@ -250,7 +250,7 @@ WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a l
Figure 14. The Windows Server Update Services console.
-For more information on WSUS, see the [Windows Server Update Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=619249).
+For more information on WSUS, see the [Windows Server Update Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=619249).
## Unified Extensible Firmware Interface
@@ -323,7 +323,7 @@ There are many things that affect operating system deployment as soon as you run
- UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit).
-For more information on UEFI, see the [UEFI firmware](http://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources.
+For more information on UEFI, see the [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources.
## Related topics
diff --git a/windows/deploy/windows-upgrade-and-migration-considerations.md b/windows/deploy/windows-upgrade-and-migration-considerations.md
index fc4c69a980..910efb0f39 100644
--- a/windows/deploy/windows-upgrade-and-migration-considerations.md
+++ b/windows/deploy/windows-upgrade-and-migration-considerations.md
@@ -17,7 +17,7 @@ You can upgrade from an earlier version of Windows, which means you can install
## Migrate files and settings
Migration tools are available to transfer settings from one computer that is running Windows to another. These tools transfer only the program settings, not the programs themselves.
-For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
The User State Migration Tool (USMT) 10.0 is an application intended for administrators who are performing large-scale automated deployments. For deployment to a small number of computers or for individually customized deployments, you can use Windows Easy Transfer.
@@ -33,7 +33,7 @@ You can use USMT to automate migration during large deployments of the Windows o
Whether you are upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
### Application compatibility
-For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
### Multilingual Windows image upgrades
When performing multilingual Windows upgrades, cross-language upgrades are not supported by USMT. If you are upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
diff --git a/windows/index.md b/windows/index.md
index ec5ecb7a39..d5e7f92b8a 100644
--- a/windows/index.md
+++ b/windows/index.md
@@ -27,7 +27,7 @@ This library provides the core content that IT pros need to evaluate, plan, depl
## Related topics
-[Windows 10 TechCenter](http://go.microsoft.com/fwlink/?LinkId=620009)
+[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
diff --git a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
index f6ed6747d4..3565476277 100644
--- a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
+++ b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
@@ -1,5 +1,5 @@
---
-title: Add apps to your Windows Information Protection (WIP) policy by using Microsoft Intune and custom URI functionality (Windows 10)
+title: Add apps to your Windows Information Protection (WIP) policy by using Microsoft Intune custom URI functionality (Windows 10)
description: Add apps to your Windows Information Protection (WIP) allowed app list, by using the Microsoft Intune custom URI functionality and AppLocker.
ms.assetid: b50db35d-a2a9-4b78-a95d-a1b066e66880
keywords: WIP, Enterprise Data Protection, protected apps, protected app list
@@ -17,7 +17,7 @@ localizationpriority: high
- Windows 10, version 1607
- Windows 10 Mobile
-You can add apps to your Windows Information Protection (WIP) protected app list using the Microsoft Intune custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, [Windows 10 custom policy settings in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=691330).
+You can add apps to your Windows Information Protection (WIP) protected app list using the Microsoft Intune custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, [Windows 10 custom policy settings in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=691330).
>**Important**
Results can be unpredictable if you configure your policy using both the UI and the Custom URI method together. We recommend using a single method for each policy.
diff --git a/windows/keep-secure/advanced-security-auditing-faq.md b/windows/keep-secure/advanced-security-auditing-faq.md
index aba6ac5414..9ccd526c9d 100644
--- a/windows/keep-secure/advanced-security-auditing-faq.md
+++ b/windows/keep-secure/advanced-security-auditing-faq.md
@@ -170,8 +170,8 @@ In addition, there are a number of computer management products, such as the Aud
Users who examine the security event log for the first time can be a bit overwhelmed by the number of audit events that are stored there (which can quickly number in the thousands) and by the structured information that is included for each audit event. Additional information about these events, and the settings used to generate them, can be obtained from the following resources:
- [Windows 8 and Windows Server 2012 Security Event Details](http://www.microsoft.com/download/details.aspx?id=35753)
-- [Security Audit Events for Windows 7 and Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?linkid=157780)
-- [Security Audit Events for Windows Server 2008 and Windows Vista](http://go.microsoft.com/fwlink/p/?linkid=121868)
+- [Security Audit Events for Windows 7 and Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?linkid=157780)
+- [Security Audit Events for Windows Server 2008 and Windows Vista](https://go.microsoft.com/fwlink/p/?linkid=121868)
- [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
## Where can I find more detailed information?
@@ -180,7 +180,7 @@ To learn more about security audit policies, see the following resources:
- [Planning and deploying advanced security audit policies](planning-and-deploying-advanced-security-audit-policies.md)
- [Security Monitoring and Attack Detection Planning Guide](http://social.technet.microsoft.com/wiki/contents/articles/325.advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx)
-- [Security Audit Events for Windows 7 and Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?linkid=157780)
-- [Security Audit Events for Windows Server 2008 and Windows Vista](http://go.microsoft.com/fwlink/p/?LinkId=121868)
+- [Security Audit Events for Windows 7 and Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?linkid=157780)
+- [Security Audit Events for Windows Server 2008 and Windows Vista](https://go.microsoft.com/fwlink/p/?LinkId=121868)
diff --git a/windows/keep-secure/applocker-functions.md b/windows/keep-secure/applocker-functions.md
index eaad056c7a..cd1534c55b 100644
--- a/windows/keep-secure/applocker-functions.md
+++ b/windows/keep-secure/applocker-functions.md
@@ -20,14 +20,14 @@ This topic for the IT professional lists the functions and security levels for t
The following list includes the SRP functions beginning with Windows Server 2003 and AppLocker functions beginning with Windows Server 2008 R2 and links to current documentation on MSDN:
-- [SaferGetPolicyInformation Function](http://go.microsoft.com/fwlink/p/?LinkId=159781)
-- [SaferCreateLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159782)
-- [SaferCloseLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159783)
-- [SaferIdentifyLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159784)
-- [SaferComputeTokenFromLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159785)
-- [SaferGetLevelInformation Function](http://go.microsoft.com/fwlink/p/?LinkId=159787)
-- [SaferRecordEventLogEntry Function](http://go.microsoft.com/fwlink/p/?LinkId=159789)
-- [SaferiIsExecutableFileType Function](http://go.microsoft.com/fwlink/p/?LinkId=159790)
+- [SaferGetPolicyInformation Function](https://go.microsoft.com/fwlink/p/?LinkId=159781)
+- [SaferCreateLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159782)
+- [SaferCloseLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159783)
+- [SaferIdentifyLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159784)
+- [SaferComputeTokenFromLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159785)
+- [SaferGetLevelInformation Function](https://go.microsoft.com/fwlink/p/?LinkId=159787)
+- [SaferRecordEventLogEntry Function](https://go.microsoft.com/fwlink/p/?LinkId=159789)
+- [SaferiIsExecutableFileType Function](https://go.microsoft.com/fwlink/p/?LinkId=159790)
## Security level ID
diff --git a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
index 3bd9ddd1b8..d66a9e0a4e 100644
--- a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -74,7 +74,7 @@ When the backup and restore function is used, it creates a copy of the file syst
### Countermeasure
Enable the **Audit: Audit the use of Backup and Restore privilege** setting. Alternatively, implement automatic log backup by configuring the **AutoBackupLogFiles** registry key. If you enable this option when the [Audit privilege use](basic-audit-privilege-use.md) setting is also enabled, an audit event is generated for every file that is backed up or restored. This information could help you to identify an account that was used to accidentally or maliciously restore data in an unauthorized manner.
-For more information about configuring this key, see Microsoft Knowledge Base article [100879](http://go.microsoft.com/fwlink/p/?LinkId=100879).
+For more information about configuring this key, see Microsoft Knowledge Base article [100879](https://go.microsoft.com/fwlink/p/?LinkId=100879).
### Potential impact
diff --git a/windows/keep-secure/bitlocker-frequently-asked-questions.md b/windows/keep-secure/bitlocker-frequently-asked-questions.md
index 29836430fd..c329ed5d14 100644
--- a/windows/keep-secure/bitlocker-frequently-asked-questions.md
+++ b/windows/keep-secure/bitlocker-frequently-asked-questions.md
@@ -139,7 +139,7 @@ The following table lists what action you need to take before you perform an upg
### Can BitLocker deployment be automated in an enterprise environment?
-Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](http://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj649829.aspx).
+Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj649829.aspx).
### Can BitLocker encrypt more than just the operating system drive?
diff --git a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
index 975a2a8c12..8343d2c59e 100644
--- a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
+++ b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
@@ -12,6 +12,12 @@ localizationpriority: high
---
# Block untrusted fonts in an enterprise
+**Applies to:**
+
+- Windows 10
+
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
## What does this mean for me?
@@ -31,7 +37,7 @@ After you turn this feature on, your employees might experience reduced function
- Sending a print job to a remote printer server that uses this feature and where the spooler process hasn’t been specifically excluded. In this situation, any fonts that aren’t already available in the server’s %windir%/Fonts folder won’t be used.
-- Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](http://go.microsoft.com/fwlink/p/?LinkId=522302).
+- Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](https://go.microsoft.com/fwlink/p/?LinkId=522302).
- Using first or third-party apps that use memory-based fonts.
diff --git a/windows/keep-secure/bypass-traverse-checking.md b/windows/keep-secure/bypass-traverse-checking.md
index 60df8885da..5c32eaf5e4 100644
--- a/windows/keep-secure/bypass-traverse-checking.md
+++ b/windows/keep-secure/bypass-traverse-checking.md
@@ -14,6 +14,8 @@ author: brianlic-msft
**Applies to**
- Windows 10
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
Describes the best practices, location, values, policy management, and security considerations for the **Bypass traverse checking** security policy setting.
## Reference
@@ -78,7 +80,7 @@ The default configuration for the **Bypass traverse checking** setting is to all
### Countermeasure
-Organizations that are extremely concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users cannot see any folder or file to which they do not have access. For more info about this feature, see [Access-based Enumeration](http://go.microsoft.com/fwlink/p/?LinkId=100745).
+Organizations that are extremely concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users cannot see any folder or file to which they do not have access. For more info about this feature, see [Access-based Enumeration](https://go.microsoft.com/fwlink/p/?LinkId=100745).
### Potential impact
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index db3058b317..4394da8ab8 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -13,9 +13,11 @@ author: brianlic-msft
This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
## August 2016
-- [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |Updated and added additional scenarios for testing. |
-- [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated to include info from the original What's New and Overview topics. |
-- [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New |
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New |
+|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |Updated and added additional scenarios for testing |
+|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated to include info from the original What's New and Overview topics |
## RELEASE: Windows 10, version 1607
diff --git a/windows/keep-secure/configure-s-mime.md b/windows/keep-secure/configure-s-mime.md
index 7169036152..bce814e3d6 100644
--- a/windows/keep-secure/configure-s-mime.md
+++ b/windows/keep-secure/configure-s-mime.md
@@ -32,11 +32,11 @@ A digitally signed message reassures the recipient that the message hasn't been
## Prerequisites
-- [S/MIME is enabled for Exchange accounts](http://go.microsoft.com/fwlink/p/?LinkId=718217) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
+- [S/MIME is enabled for Exchange accounts](https://go.microsoft.com/fwlink/p/?LinkId=718217) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
- Valid Personal Information Exchange (PFX) certificates are installed on the device.
- - [How to Create PFX Certificate Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=718215)
- - [Enable access to company resources using certificate profiles with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=718216)
+ - [How to Create PFX Certificate Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=718215)
+ - [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=718216)
- [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
## Choose S/MIME settings
diff --git a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
index c623dd725f..ef423697d1 100644
--- a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
@@ -41,10 +41,10 @@ initially. Therefore, you should continue your evaluation until you can verify t
>**Tip:** If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker.
You can create an inventory of Universal Windows apps on a device by using two methods: the **Get-AppxPackage** Windows PowerShell cmdlet or the AppLocker console.
-The following topics in the [AppLocker Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method:
+The following topics in the [AppLocker Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method:
-- [Automatically generating executable rules from a reference computer](http://go.microsoft.com/fwlink/p/?LinkId=160264)
-- [Using auditing to track which apps are used](http://go.microsoft.com/fwlink/p/?LinkId=160281)
+- [Automatically generating executable rules from a reference computer](https://go.microsoft.com/fwlink/p/?LinkId=160264)
+- [Using auditing to track which apps are used](https://go.microsoft.com/fwlink/p/?LinkId=160281)
### Prerequisites to completing the inventory
diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
index 0d428ec0a2..7a107e086c 100644
--- a/windows/keep-secure/create-wip-policy-using-intune.md
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -74,7 +74,7 @@ For this example, we’re going to add Microsoft OneNote, a store app, to the **
If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
**To find the Publisher and Product Name values for Store apps without installing them**
-1. Go to the [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*.
+1. Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*.
>**Note**
If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md) topic.
@@ -327,7 +327,7 @@ We recommend that you start with **Silent** or **Override** while verifying with
|Mode |Description |
|-----|------------|
|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
|Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.
If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
@@ -347,7 +347,7 @@ We recommend that you start with **Silent** or **Override** while verifying with
|Mode |Description |
|-----|------------|
|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
|Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.TPM 2.0
-
@@ -114,7 +114,7 @@ The PC must meet the following hardware and software requirements to use Credent
Windows 10 version 1511 or later
+Windows 10 version 1511, Windows Server 2016, or later
TPM 2.0 or TPM 1.2
-
+
@@ -169,7 +169,7 @@ First, you must add the virtualization-based security features. You can do this
> You can also add these features to an online image by using either DISM or Configuration Manager.
-In Windows 10, version 1607, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
+In Windows 10, version 1607 and Windows Server 2016, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
``` syntax
dism /image:
**Product Name:** Microsoft.Office.OneNote
**App Type:** Universal app |
|Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** microsoft.windowscommunicationsapps
**App Type:** Universal app |
|Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.Windows.Photos
**App Type:** Universal app |
-|Microsoft OneDrive |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** microsoft.microsoftskydrive
**App Type:** Universal app |
|Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneMusic
**App Type:** Universal app |
+|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** onedrive.exe
**App Type:** Desktop app|
|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** notepad.exe
**App Type:** Desktop app |
|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** mspaint.exe
**App Type:** Desktop app |
|Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`
**Product Name:** Microsoft.ZuneVideo
**App Type:** Universal app |
diff --git a/windows/keep-secure/event-4706.md b/windows/keep-secure/event-4706.md
index 936468b4c3..8681185c08 100644
--- a/windows/keep-secure/event-4706.md
+++ b/windows/keep-secure/event-4706.md
@@ -108,7 +108,7 @@ This event is generated only on domain controllers.
|-------|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | TRUST\_TYPE\_DOWNLEVEL | The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000. |
| 2 | TRUST\_TYPE\_UPLEVEL | The domain controller of the trusted domain is a computer running Windows 2000 or later. |
-| 3 | TRUST\_TYPE\_MIT | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
+| 3 | TRUST\_TYPE\_MIT | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
| 4 | TRUST\_TYPE\_DCE | The trusted domain is a DCE realm. Historical reference, this value is not used in Windows. |
- **Trust Direction** \[Type = UInt32\]**:** the direction of new trust. The following table contains possible values for this field:
@@ -131,7 +131,7 @@ This event is generated only on domain controllers.
| 0x10 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
| 0x20 | TRUST\_ATTRIBUTE\_WITHIN\_FOREST | If this bit is set, then the trusted domain is within the same forest.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. |
| 0x40 | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Only evaluated if SID Filtering is used.
Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
-| 0x80 | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](http://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).
Only evaluated on TRUST\_TYPE\_MIT |
+| 0x80 | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).
Only evaluated on TRUST\_TYPE\_MIT |
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.
Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. |
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.
Evaluated only on Windows Server 2016
Evaluated only if SID Filtering is used.
Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
diff --git a/windows/keep-secure/event-4716.md b/windows/keep-secure/event-4716.md
index 65ea86275d..6f8731a019 100644
--- a/windows/keep-secure/event-4716.md
+++ b/windows/keep-secure/event-4716.md
@@ -108,7 +108,7 @@ This event is generated only on domain controllers.
|-------|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 | TRUST\_TYPE\_DOWNLEVEL | The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000. |
| 2 | TRUST\_TYPE\_UPLEVEL | The domain controller of the trusted domain is a computer running Windows 2000 or later. |
-| 3 | TRUST\_TYPE\_MIT | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
+| 3 | TRUST\_TYPE\_MIT | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
| 4 | TRUST\_TYPE\_DCE | The trusted domain is a DCE realm. Historical reference, this value is not used in Windows. |
- **Trust Direction** \[Type = UInt32\]**:** the direction of new trust. If this attribute was not changed, then it will have “**-**“ value or its old value. The following table contains possible values for this field:
@@ -131,7 +131,7 @@ This event is generated only on domain controllers.
| 0x10 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
| 0x20 | TRUST\_ATTRIBUTE\_WITHIN\_FOREST | If this bit is set, then the trusted domain is within the same forest.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. |
| 0x40 | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.
Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.
Only evaluated if SID Filtering is used.
Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
-| 0x80 | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](http://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).
Only evaluated on TRUST\_TYPE\_MIT |
+| 0x80 | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).
Only evaluated on TRUST\_TYPE\_MIT |
| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.
Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. |
| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.
Evaluated only on Windows Server 2016
Evaluated only if SID Filtering is used.
Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.
Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater. |
diff --git a/windows/keep-secure/event-4826.md b/windows/keep-secure/event-4826.md
index 989ba1f6e1..c8213b2290 100644
--- a/windows/keep-secure/event-4826.md
+++ b/windows/keep-secure/event-4826.md
@@ -118,7 +118,7 @@ This event is always logged regardless of the "Audit Other Policy Change Events"
- **HyperVisor Load Options** \[Type = UnicodeString\]**:** shows hypervisor **loadoptions**. See more information here:
Policy
@@ -319,7 +323,7 @@ You’ll need this software to set Windows Hello for Business policies in your e
@@ -357,7 +361,7 @@ Azure AD provides the ability to register devices with your enterprise and to pr
Windows Hello can be managed on personal devices that your employees use for work purposes using MDM. On personal devices, users can create a personal Windows Hello PIN for unlocking the device and used this PIN for access to work resources.
-The PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The PIN can also be managed using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+The PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The PIN can also be managed using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](https://go.microsoft.com/fwlink/p/?LinkID=623244).
## Related topics
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 575bf12fee..11d5fe781d 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -25,7 +25,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
**Warning**
-In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](http://go.microsoft.com/fwlink/p/?LinkId=786764)
+In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
## Install certificates using Microsoft Edge
@@ -38,7 +38,7 @@ The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx
## Install certificates using mobile device management (MDM)
Windows 10 Mobile supports root, CA, and client certificate to be configured via MDM. Using MDM, an administrator can directly add, delete, or query root and CA certificates, and configure the device to enroll a client certificate with a certificate enrollment server that supports Simple Certificate Enrollment Protocol (SCEP). SCEP enrolled client certificates are used by Wi-Fi, VPN, email, and browser for certificate-based client authentication. An MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
-> **Warning:** Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=718216).
+> **Warning:** Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
**Process of installing certificates using MDM**
diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
index 30bcc08dfa..71b7ad88c9 100644
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@@ -24,14 +24,14 @@ In Windows 10, Windows Hello for Business replaces passwords with strong two-fa
Hello addresses the following problems with passwords:
- Passwords can be difficult to remember, and users often reuse passwords on multiple sites.
- Server breaches can expose symmetric network credentials.
-- Passwords can be subject to [replay attacks](http://go.microsoft.com/fwlink/p/?LinkId=615673).
-- Users can inadvertently expose their passwords due to [phishing attacks](http://go.microsoft.com/fwlink/p/?LinkId=615674).
+- Passwords can be subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
+- Users can inadvertently expose their passwords due to [phishing attacks](https://go.microsoft.com/fwlink/p/?LinkId=615674).
Hello lets users authenticate to:
- a Microsoft account.
- an Active Directory account.
- a Microsoft Azure Active Directory (Azure AD) account.
-- Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](http://go.microsoft.com/fwlink/p/?LinkId=533889) authentication
+- Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](https://go.microsoft.com/fwlink/p/?LinkId=533889) authentication
After an initial two-step verification of the user during enrollment, Hello is set up on the user's device and the user is asked to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Hello to authenticate users and help them to access protected resources and services.
@@ -91,21 +91,21 @@ When identity providers such as Active Directory or Azure AD enroll a certificat
## Learn more
-[Introduction to Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
+[Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
-[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](http://go.microsoft.com/fwlink/p/?LinkId=708533)
+[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](https://go.microsoft.com/fwlink/p/?LinkId=708533)
-[Windows Hello face authentication](http://go.microsoft.com/fwlink/p/?LinkId=626024)
+[Windows Hello face authentication](https://go.microsoft.com/fwlink/p/?LinkId=626024)
-[Biometrics hardware guidelines](http://go.microsoft.com/fwlink/p/?LinkId=626995)
+[Biometrics hardware guidelines](https://go.microsoft.com/fwlink/p/?LinkId=626995)
-[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](http://go.microsoft.com/fwlink/p/?LinkId=533890)
+[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](https://go.microsoft.com/fwlink/p/?LinkId=533890)
-[Windows 10: The End Game for Passwords and Credential Theft?](http://go.microsoft.com/fwlink/p/?LinkId=533891)
+[Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891)
-[Authenticating identities without passwords through Microsoft Passport](http://go.microsoft.com/fwlink/p/?LinkId=616778)
+[Authenticating identities without passwords through Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=616778)
-[Microsoft Passport guide](http://go.microsoft.com/fwlink/p/?LinkId=691928)
+[Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928)
## Related topics
diff --git a/windows/keep-secure/manage-tpm-commands.md b/windows/keep-secure/manage-tpm-commands.md
index 0620207ec5..c4b6611da4 100644
--- a/windows/keep-secure/manage-tpm-commands.md
+++ b/windows/keep-secure/manage-tpm-commands.md
@@ -40,7 +40,7 @@ The following procedures describe how to manage the TPM command lists. You must
5. Click **Enabled**, and then click **Show**.
6. For each command that you want to block, click **Add**, enter the command number, and then click **OK**.
- >**Note:** For a list of commands, see the [Trusted Platform Module (TPM) Specifications](http://go.microsoft.com/fwlink/p/?linkid=139770).
+ >**Note:** For a list of commands, see the [Trusted Platform Module (TPM) Specifications](https://go.microsoft.com/fwlink/p/?linkid=139770).
7. After you have added numbers for each command that you want to block, click **OK** twice.
8. Close the Local Group Policy Editor.
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index 8f3d731281..3e4fbfbedf 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -31,8 +31,8 @@ When a user encounters an error when creating the work PIN, advise the user to t
1. Try to create the PIN again. Some errors are transient and resolve themselves.
2. Sign out, sign in, and try to create the PIN again.
3. Reboot the device and then try to create the PIN again.
-4. Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** > **System** > **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](http://go.microsoft.com/fwlink/p/?LinkId=715697).
-5. On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](http://go.microsoft.com/fwlink/p/?LinkId=715697).
+4. Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** > **System** > **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](https://go.microsoft.com/fwlink/p/?LinkId=715697).
+5. On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](https://go.microsoft.com/fwlink/p/?LinkId=715697).
If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
@@ -84,7 +84,7 @@ If the error occurs again, check the error code against the following table to s
0x80090031
NTE_AUTHENTICATION_IGNORED
-Reboot the device. If the error occurs again after rebooting, [reset the TPM]( http://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](http://go.microsoft.com/fwlink/p/?LinkId=629650)
+Reboot the device. If the error occurs again after rebooting, [reset the TPM]( https://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](https://go.microsoft.com/fwlink/p/?LinkId=629650)
0x80090035
@@ -99,7 +99,7 @@ If the error occurs again, check the error code against the following table to s
0x801C000E
Registration quota reached
-
+
0x801C000F
diff --git a/windows/keep-secure/microsoft-passport-guide.md b/windows/keep-secure/microsoft-passport-guide.md
index 6ac1ebfb73..d4bd6e4d33 100644
--- a/windows/keep-secure/microsoft-passport-guide.md
+++ b/windows/keep-secure/microsoft-passport-guide.md
@@ -45,7 +45,7 @@ Most security is a tradeoff between convenience and security: the more secure a
**Password complexity**
-If the major risk to passwords is that an attacker might guess them through brute-force analysis, it might seem reasonable to require users to include a broader character set in their passwords or make them longer, but as a practical matter, password length and complexity requirements have two negative side effects. First, they encourage password reuse. Estimates by [Herley, Florêncio, and van Oorschot](http://go.microsoft.com/fwlink/p/?LinkId=627392) calculate that the stronger a password is, the more likely it is to be reused. Because users put more effort into the creation and memorization of strong passwords, they are much more likely to use the same credential across multiple systems. Second, adding length or character set complexity to passwords does not necessarily make them more difficult to guess. For example, P@ssw0rd1 is nine characters long and includes uppercase and lowercase letters, numbers, and special characters, but it’s easily guessed by many of the common password-cracking tools now available on the Internet. These tools can attack passwords by using a pre-computed dictionary of common passwords, or they can start with a base word such as password, and then apply common character substitutions. A completely random eight-character password might therefore actually take longer to guess than P@ssw0rd123.
+If the major risk to passwords is that an attacker might guess them through brute-force analysis, it might seem reasonable to require users to include a broader character set in their passwords or make them longer, but as a practical matter, password length and complexity requirements have two negative side effects. First, they encourage password reuse. Estimates by [Herley, Florêncio, and van Oorschot](https://go.microsoft.com/fwlink/p/?LinkId=627392) calculate that the stronger a password is, the more likely it is to be reused. Because users put more effort into the creation and memorization of strong passwords, they are much more likely to use the same credential across multiple systems. Second, adding length or character set complexity to passwords does not necessarily make them more difficult to guess. For example, P@ssw0rd1 is nine characters long and includes uppercase and lowercase letters, numbers, and special characters, but it’s easily guessed by many of the common password-cracking tools now available on the Internet. These tools can attack passwords by using a pre-computed dictionary of common passwords, or they can start with a base word such as password, and then apply common character substitutions. A completely random eight-character password might therefore actually take longer to guess than P@ssw0rd123.
**Password expiration**
@@ -109,7 +109,7 @@ Microsoft Passport offers flexibility in the datacenter, too. To deploy it, in s
**It’s standardized**
-Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end. The future lies with open, interoperable systems that allow secure authentication across a variety of devices, LOBs, and external applications and websites. To this end, a group of industry players formed the Fast IDentity Online Alliance (FIDO), a nonprofit organization intended to address the lack of interoperability among strong authentication devices as well as the problems users face when they have to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. For more information, see the [FIDO Alliance website](http://go.microsoft.com/fwlink/p/?LinkId=627393).
+Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end. The future lies with open, interoperable systems that allow secure authentication across a variety of devices, LOBs, and external applications and websites. To this end, a group of industry players formed the Fast IDentity Online Alliance (FIDO), a nonprofit organization intended to address the lack of interoperability among strong authentication devices as well as the problems users face when they have to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. For more information, see the [FIDO Alliance website](https://go.microsoft.com/fwlink/p/?LinkId=627393).
In 2013, Microsoft joined the FIDO Alliance. FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong passwordless authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: passwordless (known as the Universal Authentication Framework \[UAF\]) and 2nd Factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals to combine the best parts of the U2F and UAF FIDO 1.0 standards. Microsoft is actively contributing to the proposals, and Windows 10 is a reference implementation of these concepts. In addition to supporting those protocols, the Windows implementation covers other aspects of the end-to-end experience that the specification does not cover, including user interface to, storage of, and protection for users’ device keys and the tokens issued after authentication; supporting administrator policies; and providing deployment tools. Microsoft expects to continue working with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
@@ -181,7 +181,7 @@ Containers can contain several types of key material:
- *Secure/Multipurpose Internet Mail Extensions (S/MIME) keys and certificates*, which a certification authority (CA) generates. The keys associated with the user’s S/MIME certificate can be stored in a Microsoft Passport container so they’re available to the user whenever the container is unlocked.
- The *IDP key*. These keys can be either symmetric or asymmetric, depending on which IDP you use. A single container may contain zero or more IDP keys, with some restrictions (for example, the enterprise container can contain zero or one IDP keys). IDP keys are stored in the container as illustrated in Figure 3. For certificate-based Microsoft Passport for Work, when the container is unlocked, applications that require access to the IDP key or key pair can request access. IDP keys are used to sign or encrypt authentication requests or tokens sent from this machine to the IDP. IDP keys are typically long lived but could have a shorter lifetime than the authentication key.
Microsoft accounts, Active Directory accounts, and Azure AD accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IDP (which stores it for later verification), and securely stores the private key. For enterprises, the IDP keys can be generated in two ways:
-- The IDP key pair can be associated with an enterprise CA through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](http://go.microsoft.com/fwlink/p/?LinkId=733947). In this case, Microsoft Passport requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Microsoft Passport in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
+- The IDP key pair can be associated with an enterprise CA through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](https://go.microsoft.com/fwlink/p/?LinkId=733947). In this case, Microsoft Passport requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Microsoft Passport in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
- The IDP can generate the IDP key pair directly, which allows quick, lower-overhead deployment of Microsoft Passport in environments that don’t have or need a PKI.
**How keys are protected**
@@ -243,7 +243,7 @@ The major benefit of this approach is that it provides uniform protection for al
The downside to this approach is its complexity. Smaller organizations may find that managing the rollout of a new operating system across all devices is beyond the scope of their experience and capability. For these organizations, users can self-upgrade, and new users may end up with Windows 10 because they get new devices when they join. Larger organizations, especially those that are highly decentralized or have operations across many physical sites, may have more deployment knowledge and resources but face the challenge of coordinating rollout efforts across a larger user base and footprint.
-For more information about desktop deployment of Windows 10, visit the [Windows 10 TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=626581).
+For more information about desktop deployment of Windows 10, visit the [Windows 10 TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=626581).
One key aspect of this deployment strategy is how to get Windows 10 in users’ hands. Because different organizations have wildly differing strategies to refresh hardware and software, there’s no one-size-fits-all strategy. For example, some organizations pursue a coordinated strategy that puts new desktop operating systems in users’ hands every 2–3 years on existing hardware, supplementing with new hardware only where and when required. Others tend to replace hardware and deploy whatever version of the Windows client operating system ships on the purchased devices. In both cases, there are typically separate deployment cycles for servers and server operating systems, and the desktop and server cycles may or may not be coordinated.
@@ -307,7 +307,7 @@ Table 1. Deployment requirements for Microsoft Passport
@@ -337,7 +337,7 @@ Note that the current release of Windows 10 supports the Azure AD–only (RTM)
**Select policy settings**
-Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733877).
+Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733877).
## Implement Microsoft Passport
@@ -366,7 +366,7 @@ As of the initial release of Windows 10, you can control the following settings
- You can define the complexity and length of the PIN that users generate at registration.
- You can control whether Windows Hello use is enabled in your organization.
-These settings can be implemented through GPOs or through configuration service providers (CSPs) in MDM systems, so you have a familiar and flexible set of tools you can use to apply them to exactly the users you want. (For details about the Microsoft Passport for Work CSP, see [PassportForWork CSP)](http://go.microsoft.com/fwlink/p/?LinkId=733876).
+These settings can be implemented through GPOs or through configuration service providers (CSPs) in MDM systems, so you have a familiar and flexible set of tools you can use to apply them to exactly the users you want. (For details about the Microsoft Passport for Work CSP, see [PassportForWork CSP)](https://go.microsoft.com/fwlink/p/?LinkId=733876).
## Roadmap
diff --git a/windows/keep-secure/optimize-applocker-performance.md b/windows/keep-secure/optimize-applocker-performance.md
index ff8f099f2d..5282b92618 100644
--- a/windows/keep-secure/optimize-applocker-performance.md
+++ b/windows/keep-secure/optimize-applocker-performance.md
@@ -20,7 +20,7 @@ This topic for IT professionals describes how to optimize AppLocker policy enfor
AppLocker policies can be implemented by organization unit (OU) using Group Policy. If so, your Group Policy infrastructure should be optimized and retested for performance when AppLocker policies are added to existing Group Policy Objects (GPOs) or new GPOs are created, as you do with adding any policies to your GPOs.
-For more info, see the [Optimizing Group Policy Performance](http://go.microsoft.com/fwlink/p/?LinkId=163238) article in TechNet Magazine.
+For more info, see the [Optimizing Group Policy Performance](https://go.microsoft.com/fwlink/p/?LinkId=163238) article in TechNet Magazine.
### AppLocker rule limitations
diff --git a/windows/keep-secure/plan-for-applocker-policy-management.md b/windows/keep-secure/plan-for-applocker-policy-management.md
index 96d65e5c32..ba66c70d42 100644
--- a/windows/keep-secure/plan-for-applocker-policy-management.md
+++ b/windows/keep-secure/plan-for-applocker-policy-management.md
@@ -64,13 +64,13 @@ AppLocker event log is located in the following path: **Applications and Service
2. **MSI and Script**. Contains events for all files affected by the Windows Installer and script rule collections (.msi, .msp, .ps1, .bat, .cmd, .vbs, and .js).
3. **Packaged app-Deployment** or **Packaged app-Execution**, contains events for all Universal Windows apps affected by the packaged app and packed app installer rule collection (.appx).
-Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](http://go.microsoft.com/fwlink/p/?LinkId=145012).
+Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012).
### Policy maintenance
As new apps are deployed or existing apps are updated by the software publisher, you will need to make revisions to your rule collections to ensure that the policy is current.
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](http://go.microsoft.com/fwlink/p/?LinkId=145013) (http://go.microsoft.com/fwlink/p/?LinkId=145013).
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013).
>**Caution:** You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
@@ -100,7 +100,7 @@ A file could be blocked for three reasons:
- There may be an existing rule that was created for the file that is too restrictive.
- A deny rule, which cannot be overridden, is explicitly blocking the file.
-Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=160269) (http://go.microsoft.com/fwlink/p/?LinkId=160269).
+Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=160269) (https://go.microsoft.com/fwlink/p/?LinkId=160269).
## Next steps
diff --git a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
index 1fa912d181..77613b4101 100644
--- a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
@@ -99,7 +99,7 @@ In addition to your domain model, you should also find out whether your organiza
>**Important:** Including auditing within your organization's security plan also makes it possible to budget your resources on the areas where auditing can achieve the most positive results.
-For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](http://go.microsoft.com/fwlink/p/?LinkId=163432).
+For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](https://go.microsoft.com/fwlink/p/?LinkId=163432).
### Data and resources
@@ -144,7 +144,7 @@ Security and auditing requirements and audit event volume can vary considerably
- If the computers are servers, desktop computers, or portable computers.
- The important applications the computers run, such as Exchange Server, SQL Server, or Forefront Identity Manager.
- >**Note:** If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](http://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](http://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](http://technet.microsoft.com/library/cc280386.aspx).
+ >**Note:** If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](https://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](https://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](http://technet.microsoft.com/library/cc280386.aspx).
- The operating system versions.
@@ -260,7 +260,7 @@ In the majority of cases, these attempts will be legitimate and a network needs
>**Note:** There is no failure event for logoff activity because failed logoffs (such as when a system abruptly shuts down) do not generate an audit record. Logoff events are not 100 percent reliable. For example, the computer can be turned off without a proper logoff and shutdown, and a logoff event is not generated.
-- Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](http://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base.
+- Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](https://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base.
- Object Access\\[Audit Certification Services](audit-certification-services.md). This policy setting allows you to track and monitor a wide variety of activities on a computer that hosts Active Directory Certificate Services (AD CS) role services to ensure that only authorized users are performing or attempting to perform these tasks, and that only authorized or desired tasks are being performed.
- Object Access\\[Audit File System](audit-file-system.md) and Object Access\\[Audit File Share](audit-file-share.md). These policy settings are described in the previous section.
- Object Access\\[Audit Handle Manipulation](audit-handle-manipulation.md). This policy setting and its role in providing "reason for access" audit data is described in the previous section.
@@ -336,7 +336,7 @@ Configuration\\Administrative Templates\\Windows Components\\Event Log Service\\
- **Retain old events**. This policy setting controls event log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, new events overwrite old events.
- **Backup log automatically when full**. This policy setting controls event log behavior when the log file reaches its maximum size and takes effect only if the **Retain old events** policy setting is enabled. If you enable these policy settings, the event log file is automatically closed and renamed when it is full. A new file is then started. If you disable or do not configure this policy setting and the **Retain old events** policy setting is enabled, new events are discarded and the old events are retained.
-In addition, a growing number of organizations are being required to store archived log files for a number of years. You should consult with regulatory compliance officers in your organization to determine whether such guidelines apply to your organization. For more information, see the [IT Compliance Management Guide](http://go.microsoft.com/fwlink/p/?LinkId=163435).
+In addition, a growing number of organizations are being required to store archived log files for a number of years. You should consult with regulatory compliance officers in your organization to determine whether such guidelines apply to your organization. For more information, see the [IT Compliance Management Guide](https://go.microsoft.com/fwlink/p/?LinkId=163435).
## Deploying the security audit policy
diff --git a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
index c30af5a4c1..31c04c1c61 100644
--- a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -120,7 +120,7 @@ For a TPM to be usable by BitLocker, it must contain an endorsement key, which i
An endorsement key can be created at various points in the TPM’s lifecycle, but needs to be created only once for the lifetime of the TPM. If an endorsement key does not exist for the TPM, it must be created before TPM ownership can be taken.
-For more information about the TPM and the TCG, see the Trusted Computing Group: Trusted Platform Module (TPM) Specifications (
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
## How WIP works
WIP helps address your everyday challenges in the enterprise. Including:
@@ -97,38 +126,10 @@ You can set your WIP policy to use 1 of 4 protection and management modes:
|Mode|Description|
|----|-----------|
|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.|
-|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
|Off |WIP is turned off and doesn't help to protect or audit your data.
For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution. |
-## Why use WIP?
-WIP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
-
-- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. WIP helps make sure that your enterprise data is protected on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data.
-
-- **Manage your enterprise documents, apps, and encryption modes.**
-
- - **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using a WIP-protected device, WIP encrypts the data on the device.
-
- - **Using allowed apps.** Managed apps (apps that you've included on the Allowed Apps list in your WIP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP management is set to **Block**, your employees can copy and paste from one protected app to another allowed app, but not to personal apps. Imagine an HR person wants to copy a job description from an allowed app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
-
- - **Managed apps and restrictions.** With WIP you can control which apps can access and use your enterprise data. After adding an app to your allowed apps list, the app is trusted with enterprise data. All apps not on this list are blocked from accessing your enterprise data, depending on your WIP management-mode.
-
- You don’t have to modify line-of-business apps that never touch personal data to list them as allowed apps; just include them in the allowed apps list.
-
- - **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your allowed apps list.
-
- - **Data encryption at rest.** WIP helps protect enterprise data on local files and on removable media.
-
- Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies WIP to the new document.
-
- - **Helping prevent accidental data disclosure to public spaces.** WIP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your allowed apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your allowed apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally.
-
- - **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
-
-- **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
- > **Note**
System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
-
## Turn off WIP
You can turn off all Windows Information Protection and restrictions, reverting to where you were pre-WIP, with no data loss. However, turning off WIP isn't recommended. If you choose to turn it off, you can always turn it back on, but WIP won't retain your decryption and policies info.
diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index d74bdf6189..0ebb719b2e 100644
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -123,7 +123,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
- The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
- The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
- Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Microsoft Passport, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=733948).
+ Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Microsoft Passport, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948).
Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. TPM 2.0 is required for device health attestation.
@@ -183,7 +183,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This means that kernel memory pages can never be Writable and Executable (W+X) and executable code cannot be directly modified.
- >**Note:** Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=691612) blog post.
+ >**Note:** Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=691612) blog post.
The Device Guard Code Integrity feature lets organizations control what code is trusted to run into the Windows kernel and what applications are approved to run in user mode. It’s configurable by using a policy.
Device Guard Code Integrity policy is a binary file that Microsoft recommends you sign. The signing of the Code Integrity policy aids in the protection against a malicious user with Administrator privileges trying to modify or remove the current Code Integrity policy.
@@ -198,7 +198,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
Windows 10 takes measurements of the UEFI firmware and each of the Windows and antimalware components are made as they load during the boot process. Additionally, they are taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and cannot be changed unless the system is reset.
- For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](http://go.microsoft.com/fwlink/p/?LinkId=733950).
+ For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](https://go.microsoft.com/fwlink/p/?LinkId=733950).
During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For additional security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device.
@@ -245,7 +245,7 @@ The trust decision to execute code is performed by using Hyper-V Code Integrity,
Hyper-V Code Integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with Administrator privileges. On x64-based versions of Windows 10 kernel-mode drivers must be digitally signed.
->**Note:** Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](http://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate.
+>**Note:** Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](https://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate.
With Device Guard in Windows 10, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows 10 Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, as well as traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts.
@@ -325,7 +325,7 @@ For more information on device health attestation, see the [Detect an unhealthy
### Hardware requirements
-The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](http://go.microsoft.com/fwlink/p/?LinkId=733951).
+The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](https://go.microsoft.com/fwlink/p/?LinkId=733951).
-
+
The sections that follow describe these improvements in more detail.
-**Prepare for drive and file encryption**
+### Prepare for drive and file encryption
The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid.
Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 10 meets your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth.
-**TPM pre-provisioning**
+#### TPM pre-provisioning
In Windows 7, preparing the TPM for use offered a couple of challenges:
-- You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
-- When you enable the TPM, it may require one or more restarts.
+
+* You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
+* When you enable the TPM, it may require one or more restarts.
+
Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.
+
Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
-**Deploy hard drive encryption**
+### Deploy hard drive encryption
BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.
-**Device encryption**
+#### Device encryption
Beginning in Windows 8.1, Windows automatically enables BitLocker device encryption on devices that support InstantGo. With Windows 10, Microsoft offers device encryption support on a much broader range of devices, including those that are InstantGo. Microsoft expects that most devices in the future will pass the testing requirements, which makes device encryption pervasive across modern Windows devices. Device encryption further protects the system by transparently implementing device-wide data encryption.
Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. The following list outlines how this happens:
-- When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
-- If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
-- If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
-- Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+
+* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
+* If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
+* If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
+* Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+
Microsoft recommends that device encryption be enabled on any systems that support it, but the automatic device encryption process can be prevented by changing the following registry setting:
-- **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
-- **Value**: PreventDeviceEncryption equal to True (1)
-- **Type**: REG\_DWORD
+- **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
+- **Value**: PreventDeviceEncryption equal to True (1)
+- **Type**: REG\_DWORD
+
Administrators can manage domain-joined devices that have device encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, device encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required.
-**Used Disk Space Only encryption**
+#### Used Disk Space Only encryption
BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted, in which case traces of the confidential data could remain on portions of the drive marked as unused.
But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.
-**Encrypted hard drive support**
+#### Encrypted hard drive support
SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.
Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
-For more information about encrypted hard drives, see [Encrypted Hard Drive](http://go.microsoft.com/fwlink/p/?LinkId=733880).
+For more information about encrypted hard drives, see [Encrypted Hard Drive](https://go.microsoft.com/fwlink/p/?LinkId=733880).
-**Preboot information protection**
+### Preboot information protection
An effective information protection implementation, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.
It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.
Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information about how to configure BitLocker for SSO, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
-**Manage passwords and PINs**
+### Manage passwords and PINs
When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files.
+
Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis.
Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, InstantGo devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
For more information about how startup security works and the countermeasures that Windows 10 provides, see [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md).
-**Configure Network Unlock**
+### Configure Network Unlock
Some organizations have location-specific data security requirements. This is most common in environments where high-value data is stored on PCs. The network environment may provide crucial data protection and enforce mandatory authentication; therefore, policy states that those PCs should not leave the building or be disconnected from the corporate network. Safeguards like physical security locks and geofencing may help enforce this policy as reactive controls. Beyond these, a proactive security control that grants data access only when the PC is connected to the corporate network is necessary.
Network Unlock enables BitLocker-protected PCs to start automatically when connected to a wired corporate network on which Windows Deployment Services runs. Anytime the PC is not connected to the corporate network, a user must type a PIN to unlock the drive (if PIN-based unlock is enabled).
Network Unlock requires the following infrastructure:
-- Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
-- A server running Windows Server 2012 with the Windows Deployment Services role
-- A server with the DHCP server role installed
-For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](http://go.microsoft.com/fwlink/p/?LinkId=733905).
-**Microsoft BitLocker Administration and Monitoring**
-Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
-- Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
-- Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
-- Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
-- Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
-- Enables end users to recover encrypted devices independently by using the Self-Service Portal.
-- Enables security officers to easily audit access to recovery key information.
-- Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
-- Enforces the BitLocker encryption policy options that you set for your enterprise.
-- Integrates with existing management tools, such as System Center Configuration Manager.
-- Offers an IT-customizable recovery user experience.
-- Supports Windows 10.
-For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](http://go.microsoft.com/fwlink/p/?LinkId=626935) on the MDOP TechCenter.
+* Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
+* A server running Windows Server 2012 with the Windows Deployment Services role
+* A server with the DHCP server role installed
+
+For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](https://go.microsoft.com/fwlink/p/?LinkId=733905).
+
+### Microsoft BitLocker Administration and Monitoring
+
+>>>>>>> refs/remotes/origin/master
+Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
+
+* Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
+* Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
+* Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
+* Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
+* Enables end users to recover encrypted devices independently by using the Self-Service Portal.
+* Enables security officers to easily audit access to recovery key information.
+* Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
+* Enforces the BitLocker encryption policy options that you set for your enterprise.
+* Integrates with existing management tools, such as System Center Configuration Manager.
+* Offers an IT-customizable recovery user experience.
+* Supports Windows 10.
+
+For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](https://go.microsoft.com/fwlink/p/?LinkId=626935) on the MDOP TechCenter.
## Malware resistance
@@ -340,19 +351,21 @@ In Windows 10 and Windows Server 2016, client connections to the Active Director
This change reduces the likelihood of man-in-the-middle attacks.
- **What works differently?**
If SMB signing and mutual authentication are unavailable, a Windows 10 or Windows Server 2016 computer won’t process domain-based Group Policy and scripts.
-> **Note:** The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
+>[!NOTE]
+>The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
-For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](http://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=789215).
+For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](https://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=789215).
-**Secure hardware**
+#### Secure hardware
Although Windows 10 is designed to run on almost any hardware capable of running Windows 8, Windows 7, or Windows Vista, taking full advantage of Windows 10 security requires advancements in hardware-based security, including UEFI with Secure Boot, CPU virtualization features (for example, Intel VT-x), CPU memory-protection features (for example, Intel VT-d), TPM, and biometric sensors.
-**UEFI with Secure Boot**
+#### UEFI with Secure Boot
When a PC starts, it begins the process of loading the operating system by locating the bootloader on the PC’s hard drive. Without safeguards in place, the PC may simply hand control over to the bootloader without even determining whether it is a trusted operating system or malware.
UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the device.
+
UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the PC’s hardware manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection from firmware bootkits. Thus, UEFI is the first link in the chain of trust.
UEFI with Secure Boot became a hardware requirement starting with Windows 8 devices. If a PC supports UEFI, it must be enabled by default. It is possible to disable the Secure Boot feature on many devices, but Microsoft strongly discourages doing so because it dramatically reduces the security of the startup process.
@@ -360,32 +373,36 @@ UEFI with Secure Boot became a hardware requirement starting with Windows 8 dev
When a PC with UEFI and Secure Boot starts, the UEFI firmware verifies the bootloader’s digital signature to verify that it has not been modified after it was digitally signed. The firmware also verifies that a trusted authority issued the bootloader’s digital signature. This check helps to ensure that the system starts only after checking that the bootloader is both trusted and unmodified since signing.
All Windows 8 certified PCs must meet several requirements related to Secure Boot:
-- They must have Secure Boot enabled by default.
-- They must trust Microsoft’s certification authority (CA) and thus any bootloader Microsoft has signed.
-- They must allow the user to add signatures and hashes to the UEFI database.
-- They must allow the user to completely disable Secure Boot (although administrators can restrict this).
+
+* They must have Secure Boot enabled by default.
+* They must trust Microsoft’s certification authority (CA) and thus any bootloader Microsoft has signed.
+* They must allow the user to add signatures and hashes to the UEFI database.
+* They must allow the user to completely disable Secure Boot (although administrators can restrict this).
This behavior doesn’t limit the choice of operating system. In fact, users typically have three options for running non-Microsoft operating systems:
-- **Use an operating system with a Microsoft-signed bootloader.** Microsoft offers a service to sign non-Microsoft bootloaders so that they can be used on the device. In this case, a signature from the Microsoft third-party UEFI
-CA is used to sign the non-Microsoft bootloader, and the signature itself is added to the UEFI database. Several non-Microsoft operating systems, including several varieties of Linux, have had their bootloaders signed by Microsoft so that they can take advantage of the Secure Boot capability. For more information about the Microsoft third-party UEFI signing policy, read [Microsoft UEFI CA Signing policy updates](http://go.microsoft.com/fwlink/p/?LinkId=626936) and [Pre-submission testing for UEFI submissions](http://go.microsoft.com/fwlink/p/?LinkId=626937).
- **Note**
- PCs configured to use Device Guard boot only a secured version of Windows and do not permit a third-party bootloader. For more information, see the [Device Guard](#device-guard) section of this document.
-
-- **Configure UEFI to trust a non–Microsoft-signed bootloader or hashes.** Some Certified For Windows 8 or later PCs allow users to add noncertified bootloaders through a signature or hashes sent to the UEFI database, which allows them to run any operating system without Microsoft signing it.
-- **Turn off Secure Boot.**Windows 8 certified PCs allow users to turn off Secure Boot so they can run unsigned operating systems. In this mode, the behavior is identical to PCs that have BIOS: The PC simply runs the bootloader without any verification. Microsoft strongly recommends that Secure Boot remain enabled whenever the device starts so that it can help prevent bootkit infections.
+- **Use an operating system with a Microsoft-signed bootloader.** Microsoft offers a service to sign non-Microsoft bootloaders so that they can be used on the device. In this case, a signature from the Microsoft third-party UEFI
+CA is used to sign the non-Microsoft bootloader, and the signature itself is added to the UEFI database. Several non-Microsoft operating systems, including several varieties of Linux, have had their bootloaders signed by Microsoft so that they can take advantage of the Secure Boot capability. For more information about the Microsoft third-party UEFI signing policy, read [Microsoft UEFI CA Signing policy updates](https://go.microsoft.com/fwlink/p/?LinkId=626936) and [Pre-submission testing for UEFI submissions](https://go.microsoft.com/fwlink/p/?LinkId=626937).
- **Note**
- With Windows 10, original equipment manufacturers (OEMs) have the ability to ship built-to-order PCs that lock down UEFI Secure Boot so that it cannot be disabled and allows only the operating system of the customer’s choice to start on the device.
+ >[!NOTE]
+ >PCs configured to use Device Guard boot only a secured version of Windows and do not permit a third-party bootloader. For more information, see the [Device Guard](#device-guard) section of this document.
-Windows, apps, and even malware cannot change the UEFI configuration. Instead, users must be physically present to manually boot a PC into a UEFI shell, and then change UEFI firmware settings. For more information about UEFI Secure Boot, read [Protecting the pre-OS environment with UEFI](http://go.microsoft.com/fwlink/p/?LinkId=626938).
-**Virtualization-based security**
+- **Configure UEFI to trust a non–Microsoft-signed bootloader or hashes.** Some Certified For Windows 8 or later PCs allow users to add noncertified bootloaders through a signature or hashes sent to the UEFI database, which allows them to run any operating system without Microsoft signing it.
+- **Turn off Secure Boot.**Windows 8 certified PCs allow users to turn off Secure Boot so they can run unsigned operating systems. In this mode, the behavior is identical to PCs that have BIOS: The PC simply runs the bootloader without any verification. Microsoft strongly recommends that Secure Boot remain enabled whenever the device starts so that it can help prevent bootkit infections.
+
+>[!NOTE]
+>With Windows 10, original equipment manufacturers (OEMs) have the ability to ship built-to-order PCs that lock down UEFI Secure Boot so that it cannot be disabled and allows only the operating system of the customer’s choice to start on the device.
+
+Windows, apps, and even malware cannot change the UEFI configuration. Instead, users must be physically present to manually boot a PC into a UEFI shell, and then change UEFI firmware settings. For more information about UEFI Secure Boot, read [Protecting the pre-OS environment with UEFI](https://go.microsoft.com/fwlink/p/?LinkId=626938).
+
+#### Virtualization-based security
One of the most powerful changes to Windows 10 is virtual-based security. Virtual-based security (VBS) takes advantage of advances in PC virtualization to change the game when it comes to protecting system components from compromise. VBS is able to isolate some of the most sensitive security components of Windows 10. These security components aren’t just isolated through application programming interface (API) restrictions or a middle-layer: They actually run in a different virtual environment and are isolated from the Windows 10 operating system itself.
VBS and the isolation it provides is accomplished through the novel use of the Hyper V hypervisor. In this case, instead of running other operating systems on top of the hypervisor as virtual guests, the hypervisor supports running the VBS environment in parallel with Windows and enforces a tightly limited set of interactions and access between the environments.
Think of the VBS environment as a miniature operating system: It has its own kernel and processes. Unlike Windows, however, the VBS environment runs a micro-kernel and only two processes called trustlets:
+
- **Local Security Authority (LSA)** enforces Windows authentication and authorization policies. LSA is a well-known security component that has been part of Windows since 1993. Sensitive portions of LSA are isolated within the VBS environment and are protected by a new feature called Credential Guard.
- **Hypervisor-enforced code integrity** verifies the integrity of kernel-mode code prior to execution. This is a part of the [Device Guard](#device-guard) feature described later in this document.
VBS provides two major improvements in Windows 10 security: a new trust boundary between key Windows system components and a secure execution environment within which they run. A trust boundary between key Windows system components is enabled though the VBS environment’s use of platform virtualization to isolate the VBS environment from the Windows operating system. Running the VBS environment and Windows operating system as guests on top of Hyper-V and the processor’s virtualization extensions inherently prevents the guests from interacting with each other outside the limited and highly structured communication channels between the trustlets within the VBS environment and Windows operating system.
@@ -394,23 +411,25 @@ VBS acts as a secure execution environment because the architecture inherently p
The VBS architecture is illustrated in Figure 2.
-
+
Figure 2. The VBS architecture
Note that VBS requires a system that includes:
-- Windows 10 Enterprise Edition
-- A-64-bit processor
-- UEFI with Secure Boot
-- Second-Level Address Translation (SLAT) technologies (for example, Intel Extended Page Tables \[EPT\], AMD Rapid Virtualization Indexing \[RVI\])
-- Virtualization extensions (for example, Intel VT-x, AMD RVI)
-- I/O memory management unit (IOMMU) chipset virtualization (Intel VT-d or AMD-Vi)
-- TPM 2.0
-**Trusted Platform Module**
+* Windows 10 Enterprise Edition
+* A 64-bit processor
+* UEFI with Secure Boot
+* Second-Level Address Translation (SLAT) technologies (for example, Intel Extended Page Tables \[EPT\], AMD Rapid Virtualization Indexing \[RVI\])
+* Virtualization extensions (for example, Intel VT-x, AMD RVI)
+* I/O memory management unit (IOMMU) chipset virtualization (Intel VT-d or AMD-Vi)
+* TPM 2.0
+
+#### Trusted Platform Module
A TPM is a tamper-resistant cryptographic module designed to enhance the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a personal computer, tablet, or phone. The computing platform is specially designed to work with the TPM to support privacy and security scenarios that cannot be achieved through software alone. A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, a key created in a TPM with the property that it can never be exported from the TPM really means the key cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling reliable report of the software used to start a platform.
The functionality a TPM provides includes:
+
- **Cryptographic key management.** Create, store, and permit the use of keys in defined ways.
- **Safeguarding and reporting integrity measurements.** Software used to boot the platform can be recorded in the TPM and used to establish trust in the software running on the platform.
- **Prove a TPM is really a TPM.** The TPM’s capabilities are so central to protecting privacy and security that a TPM needs to be able to differentiate itself from malware that masquerades as a TPM.
@@ -418,95 +437,112 @@ The functionality a TPM provides includes:
Microsoft combined this small list of TPM benefits with Windows 10 and other hardware security technologies to provide practical security and privacy benefits.
Among other functions, Windows 10 uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and the many other keys that the TPM is used to generate. Windows 10 also uses the TPM to securely record and protect integrity-related measurements of select hardware and Windows boot components for the [Measured Boot](#measure-boot) feature described later in this document. In this scenario, Measured Boot measures each component, from firmware up through the drivers, and then stores those measurements in the PC’s TPM. From there, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 PC.
+
Windows 10 supports TPM implementations that comply with either the 1.2 or 2.0 standards. Several improvements have been made in the TPM 2.0 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. At the time the TPM 1.2 standard was created in the early 2000s, these algorithms were considered cryptographically strong. Since that time, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection as well as the ability to plug in algorithms that may be preferred in certain geographies or industries. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
TPM is usually assumed to be implanted in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 supports both discrete and firmware TPM that complies with the 2.0 standard (1.2 can only be discrete). Windows does not differentiate between discrete and firmware-based solutions because they must meet the same requirements; therefore, any Windows feature that can take advantage of TPM can use either implementation.
-**Note**
-Microsoft will not initially require new Windows 10 PCs to include TPM support. Microsoft will require systems to include a TPM 2.0 beginning one year from the launch of Windows 10, however, to give manufacturers enough time to incorporate this critical functionality and to give IT pros enough time to determine which benefits they will leverage.
+>[!NOTE]
+>Microsoft will not initially require new Windows 10 PCs to include TPM support. Microsoft will require systems to include a TPM 2.0 beginning one year from the launch of Windows 10, however, to give manufacturers enough time to incorporate this critical functionality and to give IT pros enough time to determine which benefits they will leverage.
Several Windows 10 security features require TPM:
-- Virtual smart cards
-- Measured Boot
-- Health attestation (requires TPM 2.0 or later)
-- InstantGo (requires TPM 2.0 or later)
+* Virtual smart cards
+* Measured Boot
+* Health attestation (requires TPM 2.0 or later)
+* InstantGo (requires TPM 2.0 or later)
Other Windows 10 security features like BitLocker may take advantage of TPM if it is available but do not require it to work. An example of this is Microsoft Passport.
All of these features are covered in this document.
-**Biometrics**
+#### Biometrics
You read in the [Windows Hello](#windows-hello) section of this document that Windows 10 has built-in support for biometric hardware. Windows has included some amount of built-in biometric support since the Windows XP operating system, so what’s different about this in Windows 10?
+
Windows 10 makes biometrics a core security feature. Biometrics is fully integrated into the Windows 10 security components, not just tacked on as an extra part of a larger scheme. This is a big change. Earlier biometric implementations were largely front-end methods to simplify authentication. Under the hood, biometrics was used to access a password, which was then used for authentication behind the scenes. Biometrics may have provided convenience but not necessarily enterprise-grade authentication.
+
Microsoft has evangelized the importance of enterprise-grade biometric sensors to the OEMs that create Windows PCs and peripherals. Many OEMs already ship systems that have integrated fingerprint sensors and are transitioning from swipe-based to touch-based sensors. Facial-recognition sensors were already available when Windows 10 launched and are becoming more commonplace as integrated system components.
+
In the future, Microsoft expects OEMs to produce even more enterprise-grade biometric sensors and to continue to integrate them into systems as well as provide separate peripherals. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
-**Secure Windows startup**
+#### Secure Windows startup
UEFI Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the devices, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
-**Trusted Boot**
+#### Trusted Boot
When UEFI Secure Boot verifies that the bootloader is trusted and starts Windows, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (for example, signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM component.
+
If a file has been modified (for example, if malware has tampered with it or it has been corrupted), Trusted Boot will detect the problem and automatically repair the corrupted component. When repaired, Windows will start normally after only a brief delay.
-**Early Launch Antimalware**
+#### Early Launch Antimalware
Malware that targeted previous versions of Windows often attempted to start before the antimalware solution. To do this, some types of malware would update or replace a non-Microsoft–related driver that starts during the Windows startup process. The malicious driver would then use its system access privileges to modify critical parts of the system and disguise its presence so it could not be detected when the antimalware solution later started.
+
Early Launch Antimalware (ELAM) is part of the Trusted Boot feature set and is designed to enable the antimalware solution to start before all non-Microsoft drivers and apps. ELAM checks the integrity of non-Microsoft drivers to determine whether the drivers are trustworthy. Because Windows needs to start as fast as possible, ELAM cannot be a complicated process of checking the driver files against known malware signatures; doing so would delay startup too much. Instead, ELAM has the simple task of examining every boot driver and determining whether it is on the list of trusted drivers. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits. ELAM also allows the registered antimalware provider to scan drivers that are loaded after the boot process is complete.
+
The design is simple but effective. ELAM is a component of a full-featured antimalware solution, and it helps prevent malicious drivers and apps from starting before the rest of the antimalware solution starts later during the boot process. Indeed, ELAM runs only for a few seconds each time a PC starts. Windows Defender in Windows 10 supports ELAM, as does Microsoft System Center 2012 Endpoint Protection and several non-Microsoft antimalware apps.
+
If you want to learn how to configure ELAM, you can use Group Policy settings to configure how ELAM responds to potentially malicious boot drivers. In the Group Policy Management Editor, go to Computer Configuration\\Administrative Templates\\System\\Early Launch Antimalware, and enable the **Boot-Start Driver Initialization Policy** setting. Now, you can select which driver classifications ELAM loads. When you select the **Good Only** setting, it provides the highest level of security, but test it thoroughly to ensure that it does not prevent users with healthy PCs from starting.
-###
-
-**Measured Boot**
+#### Measured Boot
The biggest challenge with rootkits and bootkits in earlier versions of Windows is that they can frequently be undetectable to the client. Because they often start before Windows defenses and the antimalware solution and they have system-level privileges, rootkits and bootkits can completely disguise themselves while continuing to access system resources. Although UEFI Secure Boot and Trusted Boot can prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (for example, if UEFI with Secure Boot is disabled or if the signature used to sign a boot component, such as a non-Microsoft driver, has been compromised and is used to sign a malicious one).
+
Windows 10 implements the Measured Boot feature, which uses the TPM hardware component built into newer PCs to record a series of measurements for critical startup-related components, including firmware, Windows boot components, drivers, and even the ELAM driver. Because Measured Boot leverages the hardware-based security capabilities of TPM, which isolates and protects the measurement data from malware attacks, the log data is well protected against even sophisticated attacks.
Measured Boot focuses on acquiring the measurement data and protecting it from tampering. It must be coupled with a service that can analyze the data to determine device health and provide a more complete security service. The next section introduces just such a service.
-**Verify device compliance for conditional access to corporate resources**
+#### Verify device compliance for conditional access to corporate resources
Measured Boot itself does not prevent malware from loading during the startup process – that is the job of Secure Boot, Device Guard, and ELAM. Instead, Measured Boot provides a TPM-protected audit log that allows a trusted remote health attestation service to evaluate the PC’s startup components, state, and overall configuration. If the health attestation service detects that the PC loaded an untrustworthy component and is therefore out of compliance, the service can block the PC’s access to specific network resources or the entire network. You can even couple a health attestation service with a management system to facilitate conditional access capabilities that can initiate the quarantine and remediation processes to fix an infected PC and return it to a compliant state.
-
+
Figure 3. Health Attestation in Windows 10
Figure 3 illustrates the following process for device compliance verification and conditional access implementation:
1. The PC uses the TPM to record measurements of the bootloader, boot drivers, and ELAM driver. The TPM prevents anyone from tampering with these measurements, so even if malware is successfully loaded, it will not be able to modify the measurements. These measurements are signed with an Attestation Identity Key (AIK) that is stored in the TPM. Because the TPM hardware has signed the measurements, malware cannot modify them without being detected.
+
2. Health Attestation is not enabled by default and requires an enrollment with a mobile device management (MDM) server in order to enable it. If it is enabled, the health attestation client will contact a remote server, called a health attestation server. Microsoft provides a cloud-based Windows Health Attestation service that can help evaluate the health of a device. The health attestation client sends the signed measurements, the device’s TPM boot log, and an AIK certificate (if present), which lets the health attestation server verify that the key used to sign the measurements was issued to a trusted TPM.
+
3. The health attestation server analyzes the measurements and boot log and creates a statement of device health. This statement is encrypted to help ensure the confidentiality of the data.
+
4. A management system, such as an MDM server, can request that an enrolled device present a statement of device health. Windows 10 supports both Microsoft and non-Microsoft MDM server requests for device health. To prevent theft of device health statements and reuse from other devices, an MDM server sends the enrolled device a “number used only once” (nonce) request along with this request for the device health statement.
+
5. The enrolled device digitally signs the nonce with its AIK (which is stored in the TPM) and sends the MDM server the encrypted statement of device health, the digitally signed nonce, and a signed boot counter, which asserts that the device has not been restarted since it obtained the statement of health.
+
6. The MDM server can send the same data to the health attestation server. The server decrypts the statement of health, asserts that the boot counter in the statement matches the boot counter that was sent to the MDM server, and compiles a list of health attributes.
+
7. The health attestation server sends this list of health attributes back to the MDM server. The MDM server now enforces access and compliance policies if configured to do so.
+
For a list of data points that the health attestation server verifies, along with a description of the data, see the [HealthAttestation CSP article on MSDN](http://go.microsoft.com/fwlink/p/?LinkId=626940).
+
The management system’s implementation determines which attributes within the statement of device health are evaluated when assessing a device’s health. Broadly speaking, the management server receives information about how the device booted, what kind of policy is enforced on the device, and how data on the device is secured. Depending on the implementation, the management server may add checks that go beyond what the statement of device health provides—for example, Windows patch level and other device attributes.
+
Based on these data points, the management server can determine whether the client is healthy and grant it access to either a limited quarantine network or to the full network. Individual network resources, such as servers, can also grant or deny access based on whether the remote attestation client were able to retrieve a valid health certification from the remote attestation server.
+
Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider the implementation of a management system, like Microsoft Intune, or any management solutions that take advantage of the Windows 10 cloud-based Health Attestation Server feature to detect and block devices that have been infected with advanced malware from network resources.
-## Secure the Windows core
+### Secure the Windows core
Applications built for Windows are designed to be secure and free of defects, but the reality is that as long as human beings are writing code, vulnerabilities will continue to crop up. When identified, malicious users and software may attempt to exploit vulnerabilities by manipulating data in memory in the hope that they can bootstrap a successful exploit.
+
To mitigate these risks, Windows 10 includes core improvements to make it more difficult for malware to perform buffer overflow, heap spraying, and other low-level attacks and even which code is allowed to run on the PC. In addition, these improvements dramatically reduce the likelihood that newly discovered vulnerabilities result in a successful exploit. It takes detailed knowledge of operating system architecture and malware exploit techniques to fully appreciate the impact of these improvements, but the sections that follow explain them at a high level.
-###
-
-**Device Guard**
+#### Device Guard
Today’s security threat landscape is more aggressive than ever before. Modern malicious attacks are focused on revenue generation, intellectual property theft, and targeted system degradation resulting in financial loss. Many of these nefarious attackers are sponsored by nation states that have ulterior motives and large cyber-terrorism budgets. These threats can enter a company through something as simple as an email and can permanently damage the organization’s reputation for securing employee and customer data and intellectual property, not to mention having a significant financial impact. The Windows 10 operating system introduces several new security features that help mitigate a large percentage of today’s known threats.
It is estimated that more than 300,000 new malware variants are discovered daily. Unfortunately, companies currently use an ancient method to discover this infectious software and prevent its use. In fact, current PCs trust everything that runs until antimalware signatures determine whether a threat exists; then, the antimalware software attempts to clean the PC, often after the malicious software’s effect has already occurred. This signature-based system focuses on reacting to an infection and then ensuring that that particular infection does not happen again. In this model, the system that drives malware detection relies on the discovery of malicious software; only then can a signature be provided to the client to remediate it, which implies that a computer has often already been infected. The time between detection of the malware and a client being issued a signature could mean the difference between losing data and staying safe.
In addition to antimalware solutions, “app control” or “whitelisting” technologies are available, including AppLocker. These perform single-instance or blanket allow or deny rules for running applications. In Windows 10, these types of solutions are most effective when deployed alongside the Windows 10 Device Guard feature.
+
Device Guard breaks the current model of detection first-block later and allows only trusted applications to run, period. This methodology is consistent with the successful prevention strategy for mobile phone security. With Device Guard, Microsoft has changed how the Windows operating system handles untrusted applications, which makes its defenses difficult for malware to penetrate. This new prevention versus detection model will provide Windows clients with the necessary security for modern threats and, when implemented, mitigates many of today’s threats from day one.
-**Device Guard overview**
+#### Device Guard overview
Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features revolutionize the Windows operating system’s security by taking advantage of new VBS options to protect the system core and the processes and drivers running in kernel mode—the trust-nothing model you see in mobile device operating systems. A key feature used with Device Guard is *configurable code integrity*, which allows your organization to choose exactly which software from trusted software publishers is allowed to run code on your client machines—exactly what has made mobile phone security on some platforms, such as Windows Mobile, so successful. Trusted applications are those signed directly (in other words, binaries) or indirectly by using a signed file that lists the hash values for application binaries that are considered trustworthy. In addition, Device Guard offers organizations a way to sign existing LOB applications so that they can trust their own code without the requirement that the application be rebuilt or packaged. Also, this same method of signing can provide organizations a way to trust non-Microsoft applications, including those that may not have been signed directly. Device Guard with configurable code integrity, Credential Guard, and AppLocker present the most complete security defense that any Microsoft product has ever been able to offer a Windows client.
@@ -526,7 +562,7 @@ To deliver this additional security, Device Guard has the following hardware and
Along with these new features, some components of Device Guard are existing tools or technologies that have been included in this strategic security offering to provide customers with the most secure Windows operating system possible. Device Guard is intended as a set of client security features to be used in conjunction with the other threat-resistance features available in the Windows operating system, some of which are mentioned in this guide.
-**Configurable code integrity**
+#### Configurable code integrity
The Windows operating system consists of two operating modes: user mode and kernel mode. The base of the operating system runs within the kernel mode, which is where the Windows operating system directly interfaces with hardware resources. User mode is primarily responsible for running applications and brokering information to and from the kernel mode for hardware resource requests. For example, when an application running in user mode needs additional memory, the user mode process must request the resources from the kernel, not directly from RAM.
@@ -534,33 +570,32 @@ Code integrity is the component of the Windows operating system that verifies th
Historically, most malware has been unsigned. Simply by deploying code integrity policies, organizations will immediately protect themselves against unsigned malware, which is estimated to be responsible for the vast majority of current attacks. By using code integrity policies, an enterprise can also select exactly which binaries are allowed to run in both user mode and kernel mode based on the signer, binary hash, or both. When completely enforced, it makes user mode in Windows function like some mobile platforms, trusting and running only specific applications or specific signatures. This feature alone fundamentally changes security in an enterprise. This additional security is *not* limited to Windows apps and does *not* require an application rewrite to be compatible with your existing and possibly unsigned applications. You can run configurable code integrity independent of Device Guard, thus making it available to devices that don’t meet Device Guard hardware requirements.
-**Hardware security features and VBS**
+#### Hardware security features and VBS
The core functionality and protection of Device Guard starts at the hardware level. Devices that have processors equipped with SLAT technologies and virtualization extensions, such as Intel VT x and AMD V, will be able to take advantage of a VBS environment that dramatically enhances Windows security by isolating critical Windows services from the operating system itself. This isolation is necessary, because you must assume that the operating system kernel will be compromised, and you need assurance that some processes will remain secure.
-Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can’t happen in the first place.
+Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can't happen in the first place.
+
Another Windows 10 feature that employs VBS is Credential Guard. Credential Guard protects credentials by running the Windows authentication service known as LSA, and then storing the user’s derived credentials (for example, NTLM hashes; Kerberos tickets) within the same VBS environment that Device Guard uses to protect its HVCI service. By isolating the LSA service and the user’s derived credentials from both user mode and kernel mode, an attacker that has compromised the operating system core will still be unable to tamper with authentication or access derived credential data. Credential Guard prevents pass-the-hash and ticket types of attacks, which are central to the success of nearly every major network breach you’ve read about, which makes Credential Guard one of the most impactful and important features to deploy within your environment. For more information about how Credential Guard complements Device Guard, see the [Device Guard with Credential Guard](#dgwithcg) section.
-**Device Guard with AppLocker**
+#### Device Guard with AppLocker
Although AppLocker is not considered a new Device Guard feature, you can use it to complement configurable code integrity functionality when enforced code integrity cannot be fully implemented or its functionality does not cover every desired scenario. There are many scenarios in which you could use code integrity policies alongside AppLocker rules. As a best practice, enforce code integrity policies at the most restrictive level possible for your organization, and then use AppLocker to fine-tune the restrictions to an even lower level.
-**Note**
-One example in which Device Guard functionality needs AppLocker supplementation is when your organization would like to limit which universal applications from the Windows Store users can install on a device. Microsoft has already validated universal applications from the Windows Store as trustworthy to run, but an organization may not want to allow specific universal applications to run in its environment. You could use an AppLocker rule to enforce such a stance.
+>[!NOTE]
+>One example in which Device Guard functionality needs AppLocker supplementation is when your organization would like to limit which universal applications from the Windows Store users can install on a device. Microsoft has already validated universal applications from the Windows Store as trustworthy to run, but an organization may not want to allow specific universal applications to run in its environment. You could use an AppLocker rule to enforce such a stance.
In another example, you could enable a configurable code integrity policy to allow users to run all the apps from a specific publisher. To do so, you would add the publisher’s signature to the policy. If your organization decides that only specific apps from that publisher should be allowed to run, you would add the signature for the publisher to the configurable code integrity policy, and then use AppLocker to determine which specific apps can run.
AppLocker and Device Guard can run side-by-side in your organization, which offers the best of both security features at the same time and provides the most comprehensive security to as many devices as possible. In addition to these features, Microsoft recommends that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio.
-###
-
-**Device Guard with Credential Guard**
+#### Device Guard with Credential Guard
Although Credential Guard isn’t a feature within Device Guard, many organizations will likely deploy Credential Guard alongside Device Guard for additional protection against derived credential theft. Similar to virtualization-based protection of kernel mode through the Device Guard HVCI service, Credential Guard leverages hypervisor technology to protect the Windows authentication service (the LSA) and users’ derived credentials. This mitigation is targeted at preventing the use of pass-the-hash and pass-the-ticket techniques.
Because Credential Guard uses VBS, it is decisive in its ability to prevent pass-the-hash and pass-the-ticket attacks from occurring on Windows 10 devices. Microsoft recognizes, however, that most organizations will have a blend of Windows versions running in their environments. Mitigations for devices not capable of running Credential Guard on both the client side and the server side are available to help with this scenario. Microsoft will be releasing details to TechNet regarding these additional mitigations in the near future.
-**Unified manageability through Device Guard**
+#### Unified manageability through Device Guard
You can easily manage Device Guard features through the familiar enterprise and client-management tools that IT pros use every day. Use the following management tools to enable and manage Device Guard:
- **Group Policy.**Windows 10 provides an administrative template that you can use to configure and deploy the configurable code integrity policies for your organization. This template also allows you to specify which hardware-based security features you would like to enable and deploy. You can manage these settings with your existing Group Policy objects, which makes it simple to implement Device Guard features. In addition to the code integrity and hardware-based security features, Group Policy can help you manage your catalog files.
@@ -569,19 +604,19 @@ You can easily manage Device Guard features through the familiar enterprise and
- **Windows PowerShell.** You use Windows PowerShell primarily to create and service code integrity policies. These policies represent the most impactful component of Device Guard.
These options provide the same experience you’re used to for management of your existing enterprise management solutions.
-**Address Space Layout Randomization**
+#### Address Space Layout Randomization
One of the most common techniques used to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data have been placed, and then overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 4 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts.
-
+
Figure 4. ASLR at work
Although the ASLR implementation in Windows 7 was effective, it wasn’t applied holistically across the operating system, and the level of entropy (cryptographic randomization) wasn’t always at the highest possible level. To decrease the likelihood that sophisticated attacks such as heap spraying could succeed in the Windows 8 operating system, Microsoft applied ASLR holistically across the system and increased the level of entropy many times.
The ASLR implementation in Windows 8 and Windows 10 is greatly improved over Windows 7, especially with 64-bit system and application processes that can take advantage of a vastly increased memory space, which makes it even more difficult for malware to predict where Windows 10 stores vital data. When used on systems that have TPMs, ASLR memory randomization will be increasingly unique across devices, which makes it even more difficult for a successful exploit that works on one system to work reliably on another.
-**Data Execution Prevention**
+#### Data Execution Prevention
Malware depends on its ability to put a malicious payload into memory with the hope that it will be executed later, and ASLR will make that much more difficult. Wouldn’t it be great if you could prevent malware from running if it wrote to an area that has been allocated solely for the storage of information?
@@ -598,11 +633,11 @@ If you want to see which apps use DEP, complete these steps:
You can now see which processes have DEP enabled. Figure 5 shows the processes running on a Windows 10 PC with a single process that does not support DEP.
-
+
Figure 5. Processes on which DEP has been enabled in Windows 10
-**Windows Heap**
+#### Windows Heap
The *heap* is a location in memory that Windows uses to store dynamic application data. Windows 10 continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that could be used as part of an attack.
@@ -613,17 +648,19 @@ Windows 10 has several important improvements to the security of the heap over
Windows 10 resolves known heap attacks that could be used to compromise a PC running previous versions of Windows.
-**Memory reservations**
+#### Memory reservations
The lowest 64 KB of process memory is reserved for the system. Apps are no longer allowed to allocate that portion of the memory, which makes it more difficult for malware to overwrite critical system data structures in memory.
-**Control Flow Guard**
+#### Control Flow Guard
When applications are loaded into memory, they are allocated space based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships between the code locations are well known—they are written in the code itself—but previous to Windows 10, the flow between these locations was not enforced, which gives attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
+
This kind of threat is mitigated in Windows 10 through the Control Flow Guard (CFG) feature. When a trusted application that was compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If the location is not trusted, the application is immediately terminated as a potential security risk.
+
An administrator cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when the application is compiled. Administrators should consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. Of course, browsers are a key entry point for attacks; thus Microsoft Edge, IE, and other Windows features take full advantage of CFG.
-**Protected Processes**
+#### Protected Processes
Benjamin Franklin once said that "an ounce of prevention is worth a pound of cure." His wisdom directly applies to PC security. Most security controls are designed to prevent the initial infection point. The reasoning is that if malware cannot infect the system, the system is immune to malware.
@@ -633,12 +670,12 @@ The key security scenario is to assume that malware is running on a system but l
With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and for the first time, you can put antimalware solutions into the protected process space, which helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system.
-## Secure the Windows desktop
+### Secure the Windows desktop
Windows 10 includes critical improvements to the Windows core and the desktop environment, where attacks and malware most frequently enter. The desktop environment is now more resistant to malware thanks to significant improvements to Windows Defender and SmartScreen Filters. Internet browsing is a safer experience because of Microsoft Edge, a completely new browser. The Windows Store reduces the likelihood that malware will infect devices by ensuring that all applications that enter the Windows Store ecosystem have been thoroughly reviewed before being made available. Universal Windows apps are inherently more secure than typical applications because they are sandboxed. Sandboxing restricts the application’s risk of being compromised or tampered with in a way that would put the system, data, and other applications at risk.
The sections that follow describe Windows 10 improvements to application security in more detail.
-**Microsoft Edge and Internet Explorer 11**
+### Microsoft Edge and Internet Explorer 11
Browser security is a critical component of any security strategy, and for good reason: The browser is the user’s interface to the Internet, an environment that is quite literally overwhelmed with malicious sites and content waiting to attack. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
@@ -653,45 +690,49 @@ Microsoft includes an entirely new browser, Microsoft Edge, in Windows 10. Micr
In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10 primarily for backwards-compatibility with websites and binary extensions that do not work with Microsoft Edge. It should not be configured as the primary browser but rather as an optional or automatic switchover, as shown in Figure 6.
-
+
Figure 6. Configure Windows 10 to switch from Microsoft Edge to IE11 for backwards-compatibility.
Microsoft’s recommendation is to use Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. For sites that require IE11 compatibility, including those that require binary extensions and plug ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. When configured, when users use Microsoft Edge and it identifies a site that requires IE11, they will automatically be switched to IE11.
-**The SmartScreen Filter**
+### The SmartScreen Filter
Recent versions of Windows have many effective techniques to prevent malware from installing itself without the user’s knowledge. To work around those restrictions, malware attacks often use social engineering techniques to trick users into running software. For example, malware known as a Trojan horse pretends to be something useful, such as a utility, but carries an additional, malicious payload.
+
Starting with Windows Internet Explorer 8, the SmartScreen Filter has helped protect users from both malicious applications and nefarious websites by using the SmartScreen Filter’s application and URL reputation services. The SmartScreen Filter in Internet Explorer would check URLs and newly downloaded apps against an online reputation service that Microsoft maintained. If the app or URL were not known to be safe, SmartScreen Filter would warn the user or even prevent the app or URL from loading, depending on how systems administrators had configured Group Policy settings.
+
For Windows 10, Microsoft further developed the SmartScreen Filter by integrating its app reputation abilities into the operating system itself, which allows the filter to protect users regardless of the web browser they are using or the path that the app uses to arrive on the device (for example, email, USB flash drive). The first time a user runs an app that originates from the Internet, even if the user copied it from another PC, the SmartScreen Filter checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, the SmartScreen Filter warns the user or blocks execution entirely, depending on how the administrator has configured Group Policy (see Figure 7).
-
+
Figure 7. The SmartScreen Filter at work in Windows 10
By default, users have the option to bypass SmartScreen Filter protection so that it will not prevent a user from running a legitimate app. You can use Control Panel or Group Policy settings to disable the SmartScreen Filter or to completely prevent users from running apps that the SmartScreen Filter does not recognize. The Control Panel settings are shown in Figure 8.
-
+
Figure 8. The Windows SmartScreen configuration options in Control Panel
-If you want to try the SmartScreen Filter, use Windows 7 to download this simulated (but not dangerous) malware file:[freevideo.exe](http://go.microsoft.com/fwlink/p/?LinkId=626943). Save it to your computer, and then run it from Windows Explorer. As shown in Figure 9, Windows runs the app without much warning. In Windows 7, you might receive a warning message about the app not having a certificate, but you can easily bypass it.
+If you want to try the SmartScreen Filter, use Windows 7 to download this simulated (but not dangerous) malware file:[freevideo.exe](https://go.microsoft.com/fwlink/p/?LinkId=626943). Save it to your computer, and then run it from Windows Explorer. As shown in Figure 9, Windows runs the app without much warning. In Windows 7, you might receive a warning message about the app not having a certificate, but you can easily bypass it.
-
+
Figure 9. Windows 7 allows the app to run
Now, repeat the test on a computer running Windows 10 by copying the file to a Windows 10 PC or by downloading the file again and saving it to your local computer. Run the file directly from File Explorer, and the SmartScreen Filter will warn you before it allows it to run. Microsoft’s data shows that for a vast majority of users, that extra warning is enough to save them from a malware infection.
-**Universal Windows apps**
+### Universal Windows apps
The good news is that the download and use of Universal Windows apps or even Windows Classic applications (Win32) from the Windows Store will dramatically reduce the likelihood that you encounter malware on your PC because all apps go through a careful screening process before being made available in the store. Apps that organizations build and distribute through sideloading processes will need to be reviewed internally to ensure that they meet organizational security requirements.
Regardless of how users acquire Universal Windows apps, they can use them with increased confidence. Unlike Windows Classic applications, which can run with elevated privileges and have potentially sweeping access to the system and data, Universal Windows apps run in an AppContainer sandbox with limited privileges and capabilities. For example, Universal Windows apps have no system-level access, have tightly controlled interactions with other apps, and have no access to data unless the user explicitly grants the application permission.
+
In addition, all Universal Windows apps follow the security principle of least privilege. Apps receive only the minimum privileges they need to perform their legitimate tasks, so even if an attacker exploits an app, the damage the exploit can do is severely limited and should be contained within the sandbox. The Windows Store displays the exact capabilities the app requires (for example, access to the camera), along with the app’s age rating and publisher.
+
In the end, the Windows Store app distribution process and the app sandboxing capabilities of Windows 10 will dramatically reduce the likelihood that users encounter malicious apps on the system.
-**Windows Defender**
+### Windows Defender
Antimalware software, also generically called virus scanners, antivirus, and a host of other names, has been around for a long time. Microsoft shipped its first program in this category, Microsoft Anti-Virus, in 1993 for MS DOS 6.0. At the time, the approach of running a standalone MS DOS program to locate and remove viruses was sufficient.
@@ -720,9 +761,9 @@ Figure 10. Windows Defender opt-in settings in Windows 10
Of course, system administrators have centralized control of all Windows Defender settings through Group Policy. The Windows Defender configuration settings are shown under Computer Configuration/Windows Components/Windows Defender, as shown in Figure 11.
-
+
-Figure 11. Windows Defender settings in Group Policy– the sample submission options are listed under MAPS
+Figure 11. Windows Defender settings in Group Policy – the sample submission options are listed under MAPS
**Tamper proofing** is the safeguarding of Windows Defender itself against malware attacks. Malware creators assume that antimalware software is implemented on most PCs. Many malware creators choose to overcome that obstacle by designing malware that modifies the antimalware software in some way, such as disabling real-time scanning or by hiding specific processes. Some malware goes as far as completely disabling the antimalware software while making it appear fully functional to the user.
@@ -730,11 +771,12 @@ Windows Defender is designed to resist tampering; it uses several security techn
**Empowerment of IT security professionals** means that Windows Defender gives IT pros the tools and configuration options necessary to make it an enterprise-class antimalware solution. It has numerous enterprise-level features
that put it on par with the top products in this category:
-- Integration with centralized management software, including Microsoft Intune, System Center Configuration Manager, and Microsoft System Center Operations Manager. Unlike Windows 8.1, no additional client is necessary, because Windows Defender is now integrated into Windows and only a management layer needs to be added.
-- Windows Defender supports the Open Mobile Alliance Device Management standard for centralized management by many non-Microsoft device management solutions.
-- It includes integrated classic command-line and Windows PowerShell cmdlet support.
-- Support for Windows Management Instrumentation reporting and application management is built in.
-- Full integration with Group Policy offers complete IT configuration management.
+
+* Integration with centralized management software, including Microsoft Intune, System Center Configuration Manager, and Microsoft System Center Operations Manager. Unlike Windows 8.1, no additional client is necessary, because Windows Defender is now integrated into Windows and only a management layer needs to be added.
+* Windows Defender supports the Open Mobile Alliance Device Management standard for centralized management by many non-Microsoft device management solutions.
+* It includes integrated classic command-line and Windows PowerShell cmdlet support.
+* Support for Windows Management Instrumentation reporting and application management is built in.
+* Full integration with Group Policy offers complete IT configuration management.
In addition, Windows Defender now integrates the Windows Defender Offline Tool, which formerly required the creation of a bootable, standalone version of Windows Defender into the Windows Recovery Environment. This simplifies the process of remediating low-level malware infections, which may prove difficult to detect and remove with the antimalware solution running on the Windows desktop. You can update signatures for this environment automatically from within the Windows Defender Offline experience.
@@ -747,16 +789,16 @@ Another security threat that customers face particularly in consumer and bring y
Whenever non-Microsoft real-time protection is in an inoperable state (for example, disabled, expired) for 24 hours, Windows Defender automatically turns on to ensure that the device is protected. Windows attempts to help the user remediate the issue with the non-Microsoft antimalware solution by notifying him or her as early as 5 days before the software expires. If the solution expires, Windows enables Windows Defender and continues to remind the user to renew the non-Microsoft solution. When the user updates or reactivates the solution, Windows Defender is automatically disabled. In the end, the goal is to make sure that an operable antimalware solution is running at all times.
-## Conclusion
+#### Conclusion
Windows 10 is the culmination of many years of effort from Microsoft, and its impact from a security perspective will be significant. Many of us still remember the years of Windows XP, when the attacks on the Windows operating system, applications, and data increased in volume and matured into serious threats. With the existing platforms and security solutions that you’ve likely deployed, you’re better defended than ever. But as attackers have become more advanced, there is no doubt that they have exceeded your ability to defend your organization and users. Evidence of this fact can be found in the news virtually every day as yet another major organization falls victim. Microsoft specifically designed Windows 10 to address these modern threats and tactics from the most advanced adversaries. It can truly change the game for your organization, and it can restore your advantage against those would like to make you their next victim.
## Related topics
-[Windows 10 Specifications](http://go.microsoft.com/fwlink/p/?LinkId=625077 )
+[Windows 10 Specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077 )
-[HealthAttestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=626940 )
+[HealthAttestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=626940 )
-[Making Windows 10 More Personal and More Secure with Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=626945)
+[Making Windows 10 More Personal and More Secure with Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=626945)
[Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md)
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index bf62da150c..01fccfad1a 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -15,7 +15,7 @@ localizationpriority: high
**Applies to:**
-- Windows 10 Enterprise, let's change back
+- Windows 10 Enterprise
- Windows 10 Enterprise for Education
- Windows 10 Pro
- Windows 10 Pro Education
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index c70e57a4b1..9b54a7e5a7 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -624,37 +624,37 @@ New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction I
For more information about Windows PowerShell concepts, see the following topics.
-- [Windows PowerShell Getting Started Guide](http://go.microsoft.com/fwlink/p/?linkid=113440)
+- [Windows PowerShell Getting Started Guide](https://go.microsoft.com/fwlink/p/?linkid=113440)
-- [Windows PowerShell User Guide](http://go.microsoft.com/fwlink/p/?linkid=113441)
+- [Windows PowerShell User Guide](https://go.microsoft.com/fwlink/p/?linkid=113441)
-- [Windows PowerShell About Help Topics](http://go.microsoft.com/fwlink/p/?linkid=113206)
+- [Windows PowerShell About Help Topics](https://go.microsoft.com/fwlink/p/?linkid=113206)
-- [about\_Functions](http://go.microsoft.com/fwlink/p/?linkid=113231)
+- [about\_Functions](https://go.microsoft.com/fwlink/p/?linkid=113231)
-- [about\_Functions\_Advanced](http://go.microsoft.com/fwlink/p/?linkid=144511)
+- [about\_Functions\_Advanced](https://go.microsoft.com/fwlink/p/?linkid=144511)
-- [about\_Execution\_Policies](http://go.microsoft.com/fwlink/p/?linkid=135170)
+- [about\_Execution\_Policies](https://go.microsoft.com/fwlink/p/?linkid=135170)
-- [about\_Foreach](http://go.microsoft.com/fwlink/p/?linkid=113229)
+- [about\_Foreach](https://go.microsoft.com/fwlink/p/?linkid=113229)
-- [about\_Objects](http://go.microsoft.com/fwlink/p/?linkid=113241)
+- [about\_Objects](https://go.microsoft.com/fwlink/p/?linkid=113241)
-- [about\_Properties](http://go.microsoft.com/fwlink/p/?linkid=113249)
+- [about\_Properties](https://go.microsoft.com/fwlink/p/?linkid=113249)
-- [about\_While](http://go.microsoft.com/fwlink/p/?linkid=113275)
+- [about\_While](https://go.microsoft.com/fwlink/p/?linkid=113275)
-- [about\_Scripts](http://go.microsoft.com/fwlink/p/?linkid=144310)
+- [about\_Scripts](https://go.microsoft.com/fwlink/p/?linkid=144310)
-- [about\_Signing](http://go.microsoft.com/fwlink/p/?linkid=113268)
+- [about\_Signing](https://go.microsoft.com/fwlink/p/?linkid=113268)
-- [about\_Throw](http://go.microsoft.com/fwlink/p/?linkid=145153)
+- [about\_Throw](https://go.microsoft.com/fwlink/p/?linkid=145153)
-- [about\_PSSessions](http://go.microsoft.com/fwlink/p/?linkid=135181)
+- [about\_PSSessions](https://go.microsoft.com/fwlink/p/?linkid=135181)
-- [about\_Modules](http://go.microsoft.com/fwlink/p/?linkid=144311)
+- [about\_Modules](https://go.microsoft.com/fwlink/p/?linkid=144311)
-- [about\_Command\_Precedence](http://go.microsoft.com/fwlink/p/?linkid=113214)
+- [about\_Command\_Precedence](https://go.microsoft.com/fwlink/p/?linkid=113214)
diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md
index 28fed4cfd5..ca368e846f 100644
--- a/windows/keep-secure/windows-hello-in-enterprise.md
+++ b/windows/keep-secure/windows-hello-in-enterprise.md
@@ -79,7 +79,7 @@ To allow facial recognition, you must have devices with integrated special infra
- [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
- [Microsoft Passport guide](microsoft-passport-guide.md)
- [Prepare people to use Windows Hello for Work](prepare-people-to-use-microsoft-passport.md)
-- [PassportforWork CSP](http://go.microsoft.com/fwlink/p/?LinkId=708219)
+- [PassportforWork CSP](https://go.microsoft.com/fwlink/p/?LinkId=708219)
diff --git a/windows/keep-secure/windows-security-baselines.md b/windows/keep-secure/windows-security-baselines.md
index f0db2dc596..ee48d1325c 100644
--- a/windows/keep-secure/windows-security-baselines.md
+++ b/windows/keep-secure/windows-security-baselines.md
@@ -51,13 +51,13 @@ To help faster deployments and increase the ease of managing Windows, Microsoft
### Windows 10 security baselines
- - [Windows 10, Version 1511 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799381)
- - [Windows 10, Version 1507 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799380)
+ - [Windows 10, Version 1511 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799381)
+ - [Windows 10, Version 1507 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799380)
### Windows Server security baselines
- - [Windows Server 2012 R2 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799382)
+ - [Windows Server 2012 R2 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799382)
## How can I monitor security baseline deployments?
diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md
index 15f4e3b2bf..19a65a7a57 100644
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@@ -16,6 +16,7 @@
### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
### [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
### [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+## [Create mandatory user profiles](mandatory-user-profile.md)
## [Lock down Windows 10](lock-down-windows-10.md)
### [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md)
### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
diff --git a/windows/manage/administrative-tools-in-windows-10.md b/windows/manage/administrative-tools-in-windows-10.md
index ba99073d18..0166bbda73 100644
--- a/windows/manage/administrative-tools-in-windows-10.md
+++ b/windows/manage/administrative-tools-in-windows-10.md
@@ -31,23 +31,23 @@ If the content that is linked to a tool in the following list doesn't provide th
-- [Component Services]( http://go.microsoft.com/fwlink/p/?LinkId=708489)
-- [Computer Management](http://go.microsoft.com/fwlink/p/?LinkId=708490)
-- [Defragment and Optimize Drives](http://go.microsoft.com/fwlink/p/?LinkId=708488)
-- [Disk Cleanup](http://go.microsoft.com/fwlink/p/?LinkID=698648)
-- [Event Viewer](http://go.microsoft.com/fwlink/p/?LinkId=708491)
-- [iSCSI Initiator](http://go.microsoft.com/fwlink/p/?LinkId=708492)
-- [Local Security Policy](http://go.microsoft.com/fwlink/p/?LinkId=708493)
-- [ODBC Data Sources]( http://go.microsoft.com/fwlink/p/?LinkId=708494)
-- [Performance Monitor](http://go.microsoft.com/fwlink/p/?LinkId=708495)
-- [Print Management](http://go.microsoft.com/fwlink/p/?LinkId=708496)
-- [Resource Monitor](http://go.microsoft.com/fwlink/p/?LinkId=708497)
-- [Services](http://go.microsoft.com/fwlink/p/?LinkId=708498)
-- [System Configuration](http://go.microsoft.com/fwlink/p/?LinkId=708499)
-- [System Information]( http://go.microsoft.com/fwlink/p/?LinkId=708500)
-- [Task Scheduler](http://go.microsoft.com/fwlink/p/?LinkId=708501)
-- [Windows Firewall with Advanced Security](http://go.microsoft.com/fwlink/p/?LinkId=708503)
-- [Windows Memory Diagnostic]( http://go.microsoft.com/fwlink/p/?LinkId=708507)
+- [Component Services]( https://go.microsoft.com/fwlink/p/?LinkId=708489)
+- [Computer Management](https://go.microsoft.com/fwlink/p/?LinkId=708490)
+- [Defragment and Optimize Drives](https://go.microsoft.com/fwlink/p/?LinkId=708488)
+- [Disk Cleanup](https://go.microsoft.com/fwlink/p/?LinkID=698648)
+- [Event Viewer](https://go.microsoft.com/fwlink/p/?LinkId=708491)
+- [iSCSI Initiator](https://go.microsoft.com/fwlink/p/?LinkId=708492)
+- [Local Security Policy](https://go.microsoft.com/fwlink/p/?LinkId=708493)
+- [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494)
+- [Performance Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708495)
+- [Print Management](https://go.microsoft.com/fwlink/p/?LinkId=708496)
+- [Resource Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708497)
+- [Services](https://go.microsoft.com/fwlink/p/?LinkId=708498)
+- [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499)
+- [System Information]( https://go.microsoft.com/fwlink/p/?LinkId=708500)
+- [Task Scheduler](https://go.microsoft.com/fwlink/p/?LinkId=708501)
+- [Windows Firewall with Advanced Security](https://go.microsoft.com/fwlink/p/?LinkId=708503)
+- [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
diff --git a/windows/manage/app-inventory-management-windows-store-for-business.md b/windows/manage/app-inventory-management-windows-store-for-business.md
index 2472c4a967..ec263eede3 100644
--- a/windows/manage/app-inventory-management-windows-store-for-business.md
+++ b/windows/manage/app-inventory-management-windows-store-for-business.md
@@ -169,7 +169,7 @@ For each app in your inventory, you can view and manage license details. This gi
**To view license details**
-1. Sign in to [Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=691845)
+1. Sign in to [Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845)
2. Click **Manage**, and then choose **Inventory**.
diff --git a/windows/manage/application-development-for-windows-as-a-service.md b/windows/manage/application-development-for-windows-as-a-service.md
index 40b757275b..080fccc711 100644
--- a/windows/manage/application-development-for-windows-as-a-service.md
+++ b/windows/manage/application-development-for-windows-as-a-service.md
@@ -47,7 +47,7 @@ The traditional approach for supporting apps has been to release a new app versi
In the Windows as a service model, Microsoft is making a commitment to maintaining the compatibility of the underlying OS. This means Microsoft will make a concerted effort to ensure that there are no breaking changes that impact the app ecosystem negatively. In this scenario, when there is a release of a Windows build, most apps (those with no kernel dependencies) will continue to work.
-In view of this change, Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds. Our mutual customers are better served by an application lifecycle approach. This means when an application version is released it will be supported for a certain period of time irrespective of however many Windows builds are released in the interim. The ISV makes a commitment to provide support for that specific version of the app as long as it is supported in the lifecycle. Microsoft follows a similar lifecycle approach for Windows that can be referenced [here](http://go.microsoft.com/fwlink/?LinkID=780549).
+In view of this change, Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds. Our mutual customers are better served by an application lifecycle approach. This means when an application version is released it will be supported for a certain period of time irrespective of however many Windows builds are released in the interim. The ISV makes a commitment to provide support for that specific version of the app as long as it is supported in the lifecycle. Microsoft follows a similar lifecycle approach for Windows that can be referenced [here](https://go.microsoft.com/fwlink/?LinkID=780549).
This approach will reduce the burden of maintaining an app schedule that aligns with Windows releases. ISV partners should be free to release features or updates at their own cadence. We feel that our partners can keep their customer base updated with the latest app updates independent of a Windows release. In addition, our customers do not have to seek an explicit support statement whenever a Windows build is released. Here is an example of a support statement that covers how an app may be supported across different versions of the OS:
@@ -89,7 +89,7 @@ Some apps perform a version check and simply pass a warning to users. However, t
- If the app is dependent on specific API functionality, ensure you target the correct API version.
- Ensure you detect the change via APISet or another public API, and do not use the version as a proxy for some feature or fix. If there are breaking changes and a proper check is not exposed, then that is a bug.
- Ensure the app does NOT check for version in odd ways, such as via the registry, file versions, offsets, kernel mode, drivers, or other means. If the app absolutely needs to check the version, use the GetVersion APIs, which should return the major, minor, and build number.
-- If you are using the [GetVersion](http://go.microsoft.com/fwlink/?LinkID=780555) API, remember that the behavior of this API has changed since Windows 8.1.
+- If you are using the [GetVersion](https://go.microsoft.com/fwlink/?LinkID=780555) API, remember that the behavior of this API has changed since Windows 8.1.
If you own apps such as antimalware or firewall apps, you should work through your usual feedback channels and via the Windows Insider program.
@@ -99,9 +99,9 @@ Your apps should not call undocumented Windows APIs, or take dependency on speci
### Develop Universal Windows Platform (UWP) and Centennial apps
-We encourage all Win32 app ISVs to develop [Universal Windows Platform (UWP)](http://go.microsoft.com/fwlink/?LinkID=780560) and, specifically, [Centennial](http://go.microsoft.com/fwlink/?LinkID=780562) apps moving forward. There are great benefits to developing these app packages rather than using traditional Win32 installers. UWP apps are also supported in the [Windows Store](http://go.microsoft.com/fwlink/?LinkID=780563), so it’s easier for you to update your users to a consistent version automatically, lowering your support costs.
+We encourage all Win32 app ISVs to develop [Universal Windows Platform (UWP)](https://go.microsoft.com/fwlink/?LinkID=780560) and, specifically, [Centennial](https://go.microsoft.com/fwlink/?LinkID=780562) apps moving forward. There are great benefits to developing these app packages rather than using traditional Win32 installers. UWP apps are also supported in the [Windows Store](https://go.microsoft.com/fwlink/?LinkID=780563), so it’s easier for you to update your users to a consistent version automatically, lowering your support costs.
-If your Win32 app types do not work with the Centennial model, we highly recommend that you use the right installer and ensure this is fully tested. An installer is your user or customer’s first experience with your app, so ensure that this works well. All too often, this doesn’t work well or it hasn’t been fully tested for all scenarios. The [Windows App Certification Kit](http://go.microsoft.com/fwlink/?LinkID=780565) can help you test the install and uninstall of your Win32 app and help you identify use of undocumented APIs, as well as other basic performance-related best-practice issues, before your users do.
+If your Win32 app types do not work with the Centennial model, we highly recommend that you use the right installer and ensure this is fully tested. An installer is your user or customer’s first experience with your app, so ensure that this works well. All too often, this doesn’t work well or it hasn’t been fully tested for all scenarios. The [Windows App Certification Kit](https://go.microsoft.com/fwlink/?LinkID=780565) can help you test the install and uninstall of your Win32 app and help you identify use of undocumented APIs, as well as other basic performance-related best-practice issues, before your users do.
**Best practices:**
- Use installers that work for both 32-bit and 64-bit versions of Windows.
@@ -116,7 +116,7 @@ Windows OS flighting refers to the interim builds available to Windows Insiders
If your app is in the Store, you can flight your app via the Store, which means that your app will be available for our Windows Insider population to install. Users can install your app and you can receive preliminary feedback on your app before you release it to the general population. The follow sections outline the steps for testing your apps against Windows flighted builds.
### Step 1: Become a Windows Insider and participate in flighting
-As a [Windows Insider,](http://go.microsoft.com/fwlink/p/?LinkId=521639) you can help shape the future of Windows—your feedback will help us improve features and functionality in the platform. This is a vibrant community where you can connect with other enthusiasts, join forums, trade advice, and learn about upcoming Insider-only events.
+As a [Windows Insider,](https://go.microsoft.com/fwlink/p/?LinkId=521639) you can help shape the future of Windows—your feedback will help us improve features and functionality in the platform. This is a vibrant community where you can connect with other enthusiasts, join forums, trade advice, and learn about upcoming Insider-only events.
Since you’ll have access to preview builds of Windows 10, Windows 10 Mobile, and the latest Windows SDK and Emulator, you’ll have all the tools at your disposal to develop great apps and explore what's new in the Universal Windows Platform and the Windows Store.
@@ -157,7 +157,7 @@ If after investigation, the former is the case, be sure to use the Windows Insid
Let us know how your app is performing against flighted builds. As you discover issues with your app during testing, please log bugs via the partner portal if you have access, or through your Microsoft representative. We encourage this information so that we can build a quality experience for our users together.
### Step 4: Register on Windows 10
-The [Ready for Windows 10](http://go.microsoft.com/fwlink/?LinkID=780580) website is a directory of software that supports Windows 10. It’s intended for IT administrators at companies and organizations worldwide that are considering Windows 10 for their deployments. IT administrators can check the site to see whether software deployed in their enterprise is supported in Windows 10.
+The [Ready for Windows 10](https://go.microsoft.com/fwlink/?LinkID=780580) website is a directory of software that supports Windows 10. It’s intended for IT administrators at companies and organizations worldwide that are considering Windows 10 for their deployments. IT administrators can check the site to see whether software deployed in their enterprise is supported in Windows 10.
## Related topics
[Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md)
diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md
index 31ace970ff..ca6912ebd6 100644
--- a/windows/manage/appv-application-publishing-and-client-interaction.md
+++ b/windows/manage/appv-application-publishing-and-client-interaction.md
@@ -23,8 +23,8 @@ The Sequencer creates App-V packages and produces a virtualized application. The
@@ -1291,8 +1291,8 @@ Description of the error.
@@ -1505,13 +1505,13 @@ Description of the error.
@@ -2323,7 +2323,7 @@ Description of the error.
-
@@ -2499,7 +2499,7 @@ or Hang
-
@@ -2754,8 +2754,8 @@ Use the information in these tables to help troubleshoot Windows Defender error