Merge pull request #416 from Justinha/VSTS10978597

Vsts10978597

windows/keep-secure/credential-guard.md

@@ -82,14 +82,15 @@ Applications may cause performance issues when they attempt to hook the isolated
 
 ### Security considerations
 
-The following tables provide more information about the hardware, firmware, and software required for deployment of Credential Guard. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, available in 2016, and announced as options for 2017.
+All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. 
+Computers that meet additional qualifications can provide additional protections to further reduce the attack surface.  
+The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
 
 > [!NOTE]  
-> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. This requirement is not restated in the tables that follow.<br>
+> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers. <br>
 > If you are an OEM, see the requirements information at [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).<br>
-> Starting in Widows 10, 1607, TPM 2.0 is required.
 
-#### Baseline protection recommendations
+#### Baseline protections
 
 |Baseline Protections                   | Description                                        |
 |---------------------------------------------|----------------------------------------------------|
@@ -103,7 +104,7 @@ The following tables provide more information about the hardware, firmware, and
 > [!IMPORTANT]
 > The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Credential Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security to significantly strengthen the level of security that Credential Guard can provide.
 
-#### 2015 Additional Security Recommendations (starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4)
+#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4
 
 | Protections for Improved Security          | Description                                        |
 |---------------------------------------------|----------------------------------------------------|
@@ -113,7 +114,7 @@ The following tables provide more information about the hardware, firmware, and
 
 <br>
 
-#### 2016 Additional Security Recommendations (starting with Windows 10, version 1607, and Windows Server 2016)
+#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016
 
 > [!IMPORTANT]
 > The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Credential Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them.
@@ -126,7 +127,7 @@ The following tables provide more information about the hardware, firmware, and
 
 <br>
 
-#### 2017 Additional security requirements starting with Windows 10, version 1703 
+#### 2017 Additional security qualifications starting with Windows 10, version 1703 
 
 The following table lists requirements for Windows 10, version 1703, which are in addition to all preceding requirements. 
 

windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md

@@ -39,9 +39,9 @@ You can deploy Device Guard in phases, and plan these phases in relation to the
 > [!WARNING]
 >  Virtualization-based protection of code integrity may be incompatible with some devices and applications. We strongly recommend testing this configuration in your lab before enabling virtualization-based protection of code integrity on production systems. Failure to do so may result in unexpected failures up to and including data loss or a blue screen error (also called a stop error).
 
-The following tables provide more information about the hardware, firmware, and software required for deployment of various Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, available in 2016, and announced as options for 2017.
+The following tables provide more information about the hardware, firmware, and software required for deployment of various Device Guard features. The tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017.
 
-> **Notes**
+> **Notes**<br>
 > • To understand the requirements in the following tables, you will need to be familiar with the main features in Device Guard: configurable code integrity policies, virtualization-based security (VBS), and Universal Extensible Firmware Interface (UEFI) Secure Boot. For information about these features, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).<br>
 > • Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new computers.