diff --git a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index 46f3752dcd..b87c5ceb53 100644
--- a/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/configuration/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 author: brianlic-msft
 ms.author: brianlic-msft
-ms.date: 07/28/2017
+ms.date: 11/21/2017
 ---
 
 # Manage connections from Windows operating system components to Microsoft services
@@ -33,12 +33,13 @@ We are always striving to improve our documentation and welcome your feedback. Y
 
 Not finding content you need? Windows 10 users, tell us what you want on [Feedback Hub](feedback-hub://?referrer=techDocsUcPage&tabid=2&contextid=897&newFeedback=true&topic=manage-connections-from-windows-operating-system-components-to-microsoft-services.md). 
 
-## What's new in Windows 10, version 1709 
+## What's new in Windows 10, version 1709
 
 Here's a list of changes that were made to this article for Windows 10, version 1709:
 
 - Added the Phone calls section.
 - Added the Storage Health section.
+- Added discussion of apps for websites in the Microsoft Store section.
 
 ## What's new in Windows 10, version 1703
 
@@ -1810,6 +1811,10 @@ You can turn off the ability to launch apps from the Microsoft Store that were p
 
     -   Create a new REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsStore!AutoDownload**, with a value of 2 (two).
 
+### <a href="" id="bkmk-apps-for-websites"></a>26.1 Apps for websites
+
+You can turn off apps for websites, preventing customers who visit websites that are registered with their associated app from directly launching the app.
+
 Disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Group Policy** > **Configure web-to-app linking with URI handlers**
 
 ### <a href="" id="bkmk-updates"></a>27. Windows Update Delivery Optimization
diff --git a/windows/device-security/change-history-for-device-security.md b/windows/device-security/change-history-for-device-security.md
index f87ef6a78a..cdc986a04a 100644
--- a/windows/device-security/change-history-for-device-security.md
+++ b/windows/device-security/change-history-for-device-security.md
@@ -11,6 +11,11 @@ author: brianlic-msft
 # Change history for device security
 This topic lists new and updated topics in the [Device security](index.md) documentation.
 
+## November 2017
+|New or changed topic |Description |
+|---------------------|------------|
+| [How to enable virtualization-based protection of code integrity](enable-virtualization-based-protection-of-code-integrity.md)| New. Explains how to enable HVCI.  |
+
 ## October 2017
 |New or changed topic |Description |
 |---------------------|------------|
diff --git a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
index b96f6d2368..2df8404822 100644
--- a/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/device-security/enable-virtualization-based-protection-of-code-integrity.md
@@ -16,11 +16,12 @@ ms.date: 11/07/2017
 - Windows 10
 - Windows Server 2016 
 
-Virtualization-based protection of code integrity (herein referred to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode memory against the injection and execution of malicious or unverified code. Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.  
+Virtualization-based protection of code integrity (herein refered to as HVCI) is a powerful system mitigation, which leverages hardware virtualization and the Windows Hyper-V hypervisor to protect Windows kernel-mode processes against the injection and execution of malicious or unverified code. 
+Code integrity validation is performed in a secure environment that is resistant to attack from malicious software, and page permissions for kernel mode are set and maintained by the Hyper-V hypervisor.  
 
 Some applications, including device drivers, may be incompatible with HVCI. 
 This can cause devices or software to malfunction and in rare cases may result in a Blue Screen. Such issues may occur after HVCI has been turned on or during the enablement process itself. 
-If this happens, see the [Troubleshooting section](#troubleshooting) for remediation steps. 
+If this happens, see [Troubleshooting](#troubleshooting) for remediation steps. 
 
 ## How to Turn on virtualization-based protection of code integrity on the Windows 10 Fall Creators Update (version 1709) 
 
@@ -32,7 +33,7 @@ If your device already has a WDAC policy (SIPolicy.p7b), please contact your IT
 > [!NOTE]
 > You must be an administrator to perform this procedure. 
 
-1. Download the Enable HVCI cabinet file.
+1. Download the [Enable HVCI cabinet file](http://download.microsoft.com/download/7/A/F/7AFBCDD1-578B-49B0-9B27-988EAEA89A8B/EnableHVCI.cab).
 2. Open the cabinet file.
 3. Right-click the SIPolicy.p7b file and extract it. Then move it to the following location: