From 81db6093f6f48ffb56c2158a61ea64ea2334e183 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Thu, 16 Mar 2017 12:36:32 -0700
Subject: [PATCH 1/4] Adding 1 new limitation and 1 important note

---
 ...ange-history-for-keep-windows-10-secure.md |  1 +
 windows/keep-secure/limitations-with-wip.md   | 23 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 858577af50..ccc3240c10 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -18,6 +18,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
 |---------------------|------------|
 |[Protect derived domain credentials with Credential Guard](credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
 |[Requirements and deployment planning guidelines for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|
+|[Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)]|Added note about Azure RMS and USB drives and added new limitation about folder redirection.|
 
 
 ## January 2017
diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md
index 39aaeb8dc5..a9a107a41c 100644
--- a/windows/keep-secure/limitations-with-wip.md
+++ b/windows/keep-secure/limitations-with-wip.md
@@ -27,7 +27,7 @@ This table provides info about the most common problems you might encounter whil
     <tr>
         <td>Your enterprise data on USB drives might be tied to the device it was protected on, based on your Azure RMS configuration.</td>
         <td><strong>If you’re using Azure RMS:</strong> Authenticated users can open enterprise data on USB drives, on computers running the latest build from the Windows Insider Program.<p><strong>If you’re not using Azure RMS:</strong> Data in the new location remains encrypted, but becomes inaccessible on other devices and for other users. For example, the file won't open or the file opens, but doesn't contain readable text.</td>
-        <td>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.</td>
+        <td>Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption.<p><strong>Important</strong><br>If you're running WIP with Azure Rights Management (Azure RMS), you can open any enterprise data copied to a USB drive on computers running Windows 10, version 1703 and later. For more info about how to set up WIP with Azure RMS, see [Create a Windows Information Protection (WIP) policy using Microsoft Intune](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/create-wip-policy-using-intune).</td>
     </tr>
     <tr>
         <td>Direct Access is incompatible with WIP.</td>
@@ -79,6 +79,27 @@ This table provides info about the most common problems you might encounter whil
         <td>Webpages that use ActiveX controls can potentially communicate with other outside processes that aren’t protected by using WIP.</td>
         <td>We recommend that you switch to using Microsoft Edge, the more secure and safer browser that prevents the use of ActiveX controls. We also recommend that you limit the usage of Internet Explorer 11 to only those line-of-business apps that require legacy technology.<p>For more info, see [Out-of-date ActiveX control blocking](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking).</td>
     </tr>
+    <tr>
+        <td>WIP isn’t turned on if any of the following folders have the <strong>MakeFolderAvailableOfflineDisabled</strong> option set to <strong>False</strong>:
+            <ul>
+                <li>AppDataRoaming</li>
+                <li>Desktop</li>
+                <li>StartMenu</li>
+                <li>Documents</li>
+                <li>Pictures</li>
+                <li>Music</li>
+                <li>Videos</li>
+                <li>Favorites</li>
+                <li>Contacts</li>
+                <li>Downloads</li>
+                <li>Links</li>
+                <li>Searches</li>
+                <li>SavedGames</li>
+            </ul>
+        </td>
+        <td>WIP isn’t turned on for employees in your organization.</td>
+        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. For more info about Work Folders and Offline Files see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/).
+    </tr>
 </table>
 
 >[!NOTE]

From 923d474b200719858faa8f0c59b7e6974eedd0c8 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Thu, 16 Mar 2017 14:48:25 -0700
Subject: [PATCH 2/4] Updated with fringe situation and KB article link

---
 windows/keep-secure/limitations-with-wip.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md
index a9a107a41c..7183cc590d 100644
--- a/windows/keep-secure/limitations-with-wip.md
+++ b/windows/keep-secure/limitations-with-wip.md
@@ -98,7 +98,7 @@ This table provides info about the most common problems you might encounter whil
             </ul>
         </td>
         <td>WIP isn’t turned on for employees in your organization.</td>
-        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. For more info about Work Folders and Offline Files see the blog, [Work Folders and Offline Files support for Windows Information Protection](https://blogs.technet.microsoft.com/filecab/2016/08/29/work-folders-and-offline-files-support-for-windows-information-protection/).
+        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). 
     </tr>
 </table>
 

From bb021526dae5d79ad24b312e38c11f6e1498ab3e Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Mon, 20 Mar 2017 12:48:01 -0700
Subject: [PATCH 3/4] Added content

---
 windows/keep-secure/limitations-with-wip.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md
index 7183cc590d..ad8c162569 100644
--- a/windows/keep-secure/limitations-with-wip.md
+++ b/windows/keep-secure/limitations-with-wip.md
@@ -100,6 +100,10 @@ This table provides info about the most common problems you might encounter whil
         <td>WIP isn’t turned on for employees in your organization.</td>
         <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). 
     </tr>
+    <tr>
+        <td>Switching from a mobile application management (MAM) solution to a mobile device management (MDM) solution, while running Windows Home edition, turns WIP off.</td>
+        <td>WIP stops working if your organization switches from MAM to MDM while using Windows Home edition.</td>
+        <td>Continue to use your MAM solution. For more info, see the <strong>Integration with Windows Information Protection</strong> section of the [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management) topic.
 </table>
 
 >[!NOTE]

From e1596347ce08360a8f48d10782b6b7fb0c935324 Mon Sep 17 00:00:00 2001
From: LizRoss <lizross@microsoft.com>
Date: Wed, 29 Mar 2017 08:55:25 -0700
Subject: [PATCH 4/4] Updated content

---
 windows/keep-secure/limitations-with-wip.md       | 6 +-----
 windows/keep-secure/mandatory-settings-for-wip.md | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/windows/keep-secure/limitations-with-wip.md b/windows/keep-secure/limitations-with-wip.md
index ad8c162569..bbb6393ee7 100644
--- a/windows/keep-secure/limitations-with-wip.md
+++ b/windows/keep-secure/limitations-with-wip.md
@@ -98,12 +98,8 @@ This table provides info about the most common problems you might encounter whil
             </ul>
         </td>
         <td>WIP isn’t turned on for employees in your organization.</td>
-        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection). 
+        <td>Don’t set the <strong>MakeFolderAvailableOfflineDisabled</strong> option to <strong>False</strong> for any of the specified folders.<p>If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports WIP, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after WIP is already in place, you might be unable to open your files offline. For more info about these potential access errors, see [Can't open files offline when you use Offline Files and Windows Information Protection](https://support.microsoft.com/en-us/help/3187045/can-t-open-files-offline-when-you-use-offline-files-and-windows-information-protection).</td>
     </tr>
-    <tr>
-        <td>Switching from a mobile application management (MAM) solution to a mobile device management (MDM) solution, while running Windows Home edition, turns WIP off.</td>
-        <td>WIP stops working if your organization switches from MAM to MDM while using Windows Home edition.</td>
-        <td>Continue to use your MAM solution. For more info, see the <strong>Integration with Windows Information Protection</strong> section of the [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management) topic.
 </table>
 
 >[!NOTE]
diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md
index 1c7ea0a9ff..85a6f3d8c9 100644
--- a/windows/keep-secure/mandatory-settings-for-wip.md
+++ b/windows/keep-secure/mandatory-settings-for-wip.md
@@ -18,7 +18,7 @@ localizationpriority: high
 This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise.
 
 >[!IMPORTANT]
->All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md), based on the tool you're using in your enterprise.
+>All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md), based on the tool you're using in your organization.
 
 
 |Task                                |Description               |