Merge pull request #603 from MicrosoftDocs/FromPrivateRepo

From private repo

windows/configuration/configure-windows-diagnostic-data-in-your-organization.md

@@ -15,7 +15,7 @@ ms.date: 10/17/2017
 
 **Applies to**
 
--   Windows 10
+-   Windows 10 Enterprise
 -   Windows 10 Mobile
 -   Windows Server
 

windows/deployment/update/windows-analytics-get-started.md

@@ -76,7 +76,8 @@ The compatibility update scans your devices and enables application usage tracki
 >[!IMPORTANT] 
 >Restart devices after you install the compatibility updates for the first time.
 
->[!NOTE] We recommend you configure your update management tool to automatically install the latest version of these updates. There is a related optional update, [KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513), which can provide updated configuration and definitions for older compatibility updates. For more information about this optional update, see <https://support.microsoft.com/kb/3150513>.
+>[!NOTE] 
+>We recommend you configure your update management tool to automatically install the latest version of these updates. There is a related optional update, [KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513), which can provide updated configuration and definitions for older compatibiltiy updates. For more information about this optional update, see <https://support.microsoft.com/kb/3150513>.
 
 
 

windows/security/threat-protection/security-policy-settings/maximum-password-age.md

@@ -59,15 +59,17 @@ None. Changes to this policy become effective without a computer restart when th
 
 ## Security considerations
 
-This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of implementation.
 
 ### Vulnerability
 
-The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords is a major security risk because that allows a compromised password to be used by the malicious user for as long as the valid user is authorized access.
+The longer a password exists, the higher the likelihood that it will be compromised by a brute force attack, by an attacker gaining general knowledge about the user, or by the user sharing the password. Configuring the **Maximum password age** policy setting to 0 so that users are never required to change their passwords allows a compromised password to be used by the malicious user for as long as the valid user is authorized access. 
 
-### Countermeasure
+### Considerations
 
-Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements.
+Mandated password changes are a long-standing security practice, but current research strongly indicates that password expiration has a negative effect. See [Microsoft Password Guidance](https://www.microsoft.com/en-us/research/publication/password-guidance/) for further information.
+
+Configure the **Maximum password age** policy setting to a value that is suitable for your organization's business requirements. For example, many organisations have compliance or insurance mandates requiring a short lifespan on passwords. Where such a requirement exists, the **Maximum password age** policy setting can be used to meet business requirements.
 
 ### Potential impact