Merged PR 9671: Updated images

windows/security/information-protection/bitlocker/bitlocker-using-with-other-programs-faq.md

@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 05/03/2018
+ms.date: 07/10/2018
 ---
 
 # Using BitLocker with other programs FAQ
@@ -89,11 +89,11 @@ Yes. However, shadow copies made prior to enabling BitLocker will be automatical
 
 BitLocker should work like any specific physical machine within its hardware limitations as long as the environment (physical or virtual) meets Windows Operating System requirements to run.
 - With TPM - Yes it is supported
-- Without  TPM - Yes it is supported (with password ) protector
+- Without  TPM - Yes it is supported (with password protector)
 
-BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2.
+BitLocker is also supported on data volume VHDs, such as those used by clusters, if you are running Windows 10, Windows 8.1, Windows 8, Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.
 
 ## Can I use BitLocker with virtual machines (VMs)?
 
-Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (in **Settings** under **Accounts** > **Access work or school** > **Connect** to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.  
+Yes. Password protectors and virtual TPMs can be used with BitLocker to protect virtual machines. VMs can be domain joined, Azure AD-joined, or workplace-joined (via **Settings** > **Accounts** > **Access work or school** > **Connect**) to receive policy. You can enable encryption either while creating the VM or by using other existing management tools such as the BitLocker CSP, or even by using a startup script or logon script delivered by Group Policy. Windows Server 2016 also supports [Shielded VMs and guarded fabric](https://docs.microsoft.com/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node) to protect VMs from malicious administrators.  
 

windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md

@@ -41,10 +41,7 @@ The recovery process included in this topic only works for desktop devices. WIP
     >[!Important]
     >Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
 
-4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as Microsoft Intune or System Center Configuration Manager.
+4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune.md) or [System Center Configuration Manager](create-wip-policy-using-sccm.md).
-
-    >[!Note]
-    >To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic.
 
 ## Verify your data recovery certificate is correctly set up on a WIP client computer
 
@@ -52,7 +49,7 @@ The recovery process included in this topic only works for desktop devices. WIP
 
 2. Open an app on your protected app list, and then create and save a file so that it’s encrypted by WIP.
 
-3.	Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
+3. Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
 
     <code>cipher /c <i>filename</i></code>
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 author: justinha
 ms.author: justinha
 ms.localizationpriority: medium
-ms.date: 05/30/2018
+ms.date: 07/10/2018
 ---
 
 # Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune
@@ -379,7 +379,7 @@ Starting with Windows 10, version 1703, Intune automatically determines your cor
 
 1.	From the **App policy** blade, click the name of your policy, and then click **Required settings**.
 
-2.  If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add additional domains, for example your email domains, you can do it in the **Advanced settings** area.
+2.  If the auto-defined identity isn’t correct, you can change the info in the **Corporate identity** field. If you need to add domains, for example your email domains, you can do it in the **Advanced settings** area.
 
     ![Microsoft Intune, Set your corporate identity for your organization](images/wip-azure-required-settings-corp-identity.png)
 
@@ -487,7 +487,7 @@ After you've decided where your protected apps can access enterprise data on you
     
     - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
         
-        - **On (recommended).** Turns on the feature and provides the additional protection.
+        - **On.** Turns on the feature and provides the additional protection.
         
         - **Off, or not configured.** Doesn't enable this feature.
     
@@ -497,7 +497,7 @@ After you've decided where your protected apps can access enterprise data on you
         
         - **Off.** Stop local encryption keys from being revoked from a device during unenrollment. For example if you’re migrating between Mobile Device Management (MDM) solutions.
         
-    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
+    - **Show the enterprise data protection icon.** Determines whether the Windows Information Protection icon overlay appears on corporate files in the Save As and File Explorer views. The options are:
     
         - **On.** Allows the Windows Information Protection icon overlay to appear on corporate files in the Save As and File Explorer views. Additionally, for unenlightened but protected apps, the icon overlay also appears on the app tile and with Managed text on the app name in the **Start** menu.
         
@@ -509,6 +509,12 @@ After you've decided where your protected apps can access enterprise data on you
         
         - **Off, or not configured.** Stops using Azure Rights Management encryption with WIP.
 
+    - **Allow Windows Search Indexer to search encrypted files.** Determines whether to allow the Windows Search Indexer to index items that are encrypted, such as WIP protected files.
+    
+        - **On.** Starts Windows Search Indexer to index encrypted files.
+    
+        - **Off, or not configured.** Stops Windows Search Indexer from indexing encrypted files.
+
 ## Choose to set up Azure Rights Management with WIP
 WIP can integrate with Microsoft Azure Rights Management to enable secure sharing of files by using removable drives such as USB drives. For more info about Azure Rights Management, see [Microsoft Azure Rights Management](https://products.office.com/business/microsoft-azure-rights-management). To integrate Azure Rights Management with WIP, you must already have Azure Rights Management set up.