diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 340a768d75..34d0f0817f 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -424,7 +424,12 @@
     "master": [
       "Publish",
       "Pdf"
+    ],
+    "msesdemo": [
+      "Publish",
+      "Pdf"
     ]
+	
   },
   "need_generate_pdf_url_template": true,
   "Targets": {
diff --git a/windows/access-protection/credential-guard/credential-guard-considerations.md b/windows/access-protection/credential-guard/credential-guard-considerations.md
index 0adc21dd7f..1663325a24 100644
--- a/windows/access-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/access-protection/credential-guard/credential-guard-considerations.md
@@ -28,9 +28,9 @@ in the Deep Dive into Credential Guard video series.
     -   You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
     - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. 
 
-## NTLM and CHAP Considerations
+## Wi-fi and VPN Considerations
+When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as for NTLMv1. For WiFi and VPN connections, Microsoft recommends that organizations move from MSCHAPv2-based connections such as PEAP-MSCHAPv2 and EAP-MSCHAPv2, to certificate-based authentication such as PEAP-TLS or EAP-TLS. 
 
-When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections.
 
 ## Kerberos Considerations
 
diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json
index 627724bbe5..22574d09a4 100644
--- a/windows/access-protection/docfx.json
+++ b/windows/access-protection/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/access-protection/enterprise-certificate-pinning.md b/windows/access-protection/enterprise-certificate-pinning.md
index 26876a7fac..c1713b7bac 100644
--- a/windows/access-protection/enterprise-certificate-pinning.md
+++ b/windows/access-protection/enterprise-certificate-pinning.md
@@ -6,7 +6,7 @@ author: MikeStephens-MS
 description: Enterprise certificate pinning is a Windows feature for remembering, or “pinning” a root, issuing certificate authority, or end entity certificate to a given domain name.  
 manager: alanth
 ms.prod: w10
-ms.technology: security
+ms.technology: windows
 ms.sitesec: library
 ms.pagetype: security
 localizationpriority: high
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index a0c06828be..cc2687ac6a 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index 107c56cde2..b42d904675 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 07ca5a5dc2..9e4397cd87 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/deployment/docfx.json b/windows/deployment/docfx.json
index 652028bf85..3c58607382 100644
--- a/windows/deployment/docfx.json
+++ b/windows/deployment/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json
index b0f818ea94..c0e36621af 100644
--- a/windows/device-security/docfx.json
+++ b/windows/device-security/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md b/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
index 692ad4696a..6d55050b6b 100644
--- a/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
+++ b/windows/device-security/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md
@@ -65,7 +65,8 @@ This policy setting controls a string that will contain the SDDL of the security
 
 HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictRemoteSam
 
-On comnputers that run earlier versions of Windows, you need to edit the registry setting directly or use Group Policy Preferences.  
+On computers that run earlier versions of Windows, you need to edit the registry setting directly or use Group Policy Preferences. 
+To avoid setting it manually in this case, you can configure the GPO itself on a computer that runs Windows Server 2016 or Windows 10, version 1607 or later and have it apply to all computers within the scope of the GPO because the same registry key exists on every computer after the corresponding KB is installed. 
 
 > [!NOTE] 
 This policy is implemented similarly to other Network access policies in that there is a single policy element at the registry path listed. There is no notion of a local policy versus an enterprise policy; there is just one policy setting and whichever writes last wins. For example, suppose a local administrator configures this setting as part of a local policy using the Local Security Policy snap-in (Secpol.msc), which edits that same registry path. If an enterprise administrator configures this setting as part of an enterprise GPO, that enterprise GPO will overwrite the same registry path. 
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 863fc12d71..e134b0e320 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -34,7 +34,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/threat-protection/docfx.json b/windows/threat-protection/docfx.json
index 5614b0a94c..1078120934 100644
--- a/windows/threat-protection/docfx.json
+++ b/windows/threat-protection/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],
diff --git a/windows/whats-new/docfx.json b/windows/whats-new/docfx.json
index f2cd5d5e8b..3c9739ce2e 100644
--- a/windows/whats-new/docfx.json
+++ b/windows/whats-new/docfx.json
@@ -32,7 +32,8 @@
     "externalReference": [],
     "globalMetadata": {
 		"uhfHeaderId": "MSDocsHeader-WindowsIT", 
-		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json"
+		"breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+		"ms.technology": "windows"
 	},
     "fileMetadata": {},
     "template": [],