removing ref to Windows 10 Mobile

windows/security/identity-protection/TOC.yml

@@ -101,11 +101,9 @@
               href: virtual-smart-cards\virtual-smart-card-tpmvscmgr.md
     - name: Enterprise Certificate Pinning
       href: enterprise-certificate-pinning.md
-    - name: Install digital certificates on Windows 10 Mobile
-      href: installing-digital-certificates-on-windows-10-mobile.md
     - name: Windows 10 credential theft mitigation guide abstract
       href: windows-credential-theft-mitigation-guide-abstract.md
-    - name: Configure S/MIME for Windows 10 and Windows 10 Mobile
+    - name: Configure S/MIME for Windows 10
       href: configure-s-mime.md
     - name: VPN technical guide
       href: vpn\vpn-guide.md

windows/security/identity-protection/change-history-for-access-protection.md

@@ -1,6 +1,6 @@
 ---
 title: Change history for access protection (Windows 10)
-description: This topic lists new and updated topics in the Windows 10 access protection documentation for Windows 10 and Windows 10 Mobile.
+description: This topic lists new and updated topics in the Windows 10 access protection documentation for Windows 10.
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library

windows/security/identity-protection/configure-s-mime.md

@@ -1,5 +1,5 @@
 ---
-title: Configure S/MIME for Windows 10 and Windows 10 Mobile (Windows 10)
+title: Configure S/MIME for Windows 10
 description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, aka a certificate, can read them.
 ms.assetid: 7F9C2A99-42EB-4BCC-BB53-41C04FBBBF05
 ms.reviewer: 
@@ -19,11 +19,10 @@ ms.date: 07/27/2017
 ---
 
 
-# Configure S/MIME for Windows 10 and Windows 10 Mobile
+# Configure S/MIME for Windows 10
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
 
 S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an added layer of security for email sent to and from an Exchange ActiveSync (EAS) account. In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with.
 
@@ -44,7 +43,6 @@ A digitally signed message reassures the recipient that the message hasn't been
 
     -   [How to Create PFX Certificate Profiles in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/mt131410(v=technet.10))
     -   [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=718216)
-    -   [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
 
 ## Choose S/MIME settings
 

windows/security/identity-protection/index.md

@@ -23,8 +23,7 @@ Learn more about identity and access management technologies in Windows 10 and
 |-|-|
 | [Technical support policy for lost or forgotten passwords](password-support-policy.md)| Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so. |
 | [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
-| [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
+| [Configure S/MIME for Windows 10](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
-| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information. Certificates are issued by a certification authority (CA) that vouches for the identity of the certificate holder, and they enable secure client communications with websites and services. |
 | [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) | Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard helps prevent these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. |
 | [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
 | [User Account Control](user-account-control/user-account-control-overview.md)| Provides information about User Account Control (UAC), which helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. UAC can help block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.|

windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md

@@ -92,6 +92,5 @@ You need IP connectivity to a DNS server and domain controller over the network
 The domain controllers will need to have appropriate KDC certificates for the client to trust them as domain controllers, and since phones are not domain-joined, the root CA of the KDC’s certificate must be in the Third-Party Root CA or Smart Card Trusted Roots store.
 
 The domain controllers must be using certificates based on the updated KDC certificate template Kerberos Authentication.
-This is because Windows 10 Mobile requires strict KDC validation to be enabled.
 This requires that all authenticating domain controllers run Windows Server 2016, or you'll need to enable strict KDC validation on domain controllers that run previous versions of Windows Server.
 For more information, see [Enabling Strict KDC Validation in Windows Kerberos](https://www.microsoft.com/download/details.aspx?id=6382).

windows/security/identity-protection/vpn/vpn-guide.md

@@ -18,7 +18,6 @@ ms.author: dansimp
 **Applies to**
 
 - Windows 10
-- Windows 10 Mobile
 
 This guide will walk you through the decisions you will make for Windows 10 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10.
 

windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md

@@ -156,9 +156,6 @@ Here are a few examples of responses from the Reporting CSP.
 ## Collect WIP audit logs by using Windows Event Forwarding (for Windows desktop domain-joined devices only)
 Use Windows Event Forwarding to collect and aggregate your WIP audit events. You can view your audit events in the Event Viewer.
 
->[!NOTE]
->Windows 10 Mobile requires you to use the [Reporting CSP process](#collect-wip-audit-logs-by-using-the-reporting-configuration-service-provider-csp) instead.
-
 **To view the WIP events in the Event Viewer**
 1. Open Event Viewer.
 

windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md

@@ -25,8 +25,6 @@ ms.reviewer:
 
 If you don't already have an EFS DRA certificate, you'll need to create and extract one from your system before you can use Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your organization. For the purposes of this section, we'll use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.
 
-The recovery process included in this topic only works for desktop devices. WIP deletes the data on Windows 10 Mobile devices.   
-
 >[!IMPORTANT]
 >If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy. For more info about when to use a PKI and the general strategy you should use to deploy DRA certificates, see the [Security Watch Deploying EFS: Part 1](/previous-versions/technet-magazine/cc162507(v=msdn.10)) article on TechNet. For more general info about EFS protection, see [Protecting Data by Using EFS to Encrypt Hard Drives](/previous-versions/tn-archive/cc875821(v=technet.10)).<br><br>If your DRA certificate has expired, you won't be able to encrypt your files with it. To fix this, you'll need to create a new certificate, using the steps in this topic, and then deploy it through policy.
 

windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md

@@ -22,7 +22,6 @@ ms.date: 01/09/2020
 **Applies to:**
 
 - Windows 10, version 1607 and later
-- Windows 10 Mobile, version 1607 and later
 - Microsoft Endpoint Configuration Manager
 
 Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
@@ -96,7 +95,7 @@ For this example, we're going to add Microsoft OneNote, a store app, to the **Ap
 
 5.  Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
 
-If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
+If you don't know the publisher or product name, you can find them for both desktop devices by following these steps.
 
 **To find the Publisher and Product Name values for Store apps without installing them**
 
@@ -129,35 +128,6 @@ If you don't know the publisher or product name, you can find them for both desk
    >     }
    > ```
 
-**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
-1. If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
-
-   >[!NOTE]
-   >Your PC and phone must be on the same wireless network.
-
-2. On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
-
-3. On the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
-
-4. Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
-
-5. In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
-
-6. On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
-
-7. Start the app for which you're looking for the publisher and product name values.
-
-8. Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
-
-   > [!IMPORTANT]
-   > The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that's using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as "CN=" followed by the `windowsPhoneLegacyId`.
-   > For example:<p>
-   > ```json
-   >     {
-   >         "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-   >     }
-   > ```
-
 ### Add a desktop app rule to your policy
 For this example, we're going to add Internet Explorer, a desktop app, to the **App Rules** list.
 
@@ -466,12 +436,6 @@ After you've decided where your protected apps can access enterprise data on you
 **To set your optional settings**
 1.  Choose to set any or all of the optional settings:
 
-    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
-
-        - **Yes (recommended).** Turns on the feature and provides the additional protection.
-
-        - **No, or not configured.**  Doesn't enable this feature.
-
     - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
 
         - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.

windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md

@@ -124,10 +124,6 @@ If you don't know the Store app publisher or product name, you can find them by
     >The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.<br><br>For example:<br>
     <code>{<br>"windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",<br>}</code>
 
-<!-- Go Kamatsu says the following info about Windows Mobile can be removed after Windows Mobile EOL at end of 2019
--->
-
-If you need to add Windows 10 mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
 
 > [!NOTE]
 > Your PC and phone must be on the same wireless network.
@@ -570,12 +566,6 @@ After you've decided where your protected apps can access enterprise data on you
 
 ![Advanced optional settings](images/wip-azure-advanced-settings-optional.png)
    
-**Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile.** Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
-        
-- **On.** Turns on the feature and provides the additional protection.
-        
-- **Off, or not configured.** Doesn't enable this feature.
-    
 **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
     
 - **On, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.

windows/security/information-protection/windows-information-protection/limitations-with-wip.md

@@ -21,7 +21,6 @@ ms.localizationpriority: medium
 
 **Applies to:**
 -   Windows 10, version 1607 and later
--   Windows 10 Mobile, version 1607 and later
 
 This table provides info about the most common problems you might encounter while running WIP in your organization.
 

windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md

@@ -22,7 +22,6 @@ ms.date: 03/05/2019
 **Applies to:**
 
 - Windows 10, version 1607 and later
-- Windows 10 Mobile, version 1607 and later
 
 We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
 
@@ -164,14 +163,7 @@ You can try any of the processes included in these scenarios, but you should foc
             </ul>
         </td>
     </tr>
-    <tr>
+   
-        <td>Verify that app content is protected when a Windows 10 Mobile phone is locked.</td>
-        <td>
-            <ul>
-                <li>Check that protected app data doesn&#39;t appear on the Lock screen of a Windows 10 Mobile phone.</li>
-            </ul>
-        </td>
-    </tr>
     
 </table>
 

windows/security/threat-protection/TOC.yml

@@ -1408,5 +1408,3 @@
                   href: windows-security-configuration-framework/security-compliance-toolkit-10.md
                 - name: Get support
                   href: windows-security-configuration-framework/get-support-for-security-baselines.md
-        - name: Windows 10 Mobile security guide
-          href: windows-10-mobile-security-guide.md

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings.md

@@ -18,7 +18,6 @@ ms.technology: mde
 **Applies to:**
 
 - Windows 10
-- Windows 10 Mobile
 
 Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
 
@@ -77,7 +76,7 @@ SmartScreen uses registry-based Administrative Template policy settings.
 </table>
 
 ## MDM settings
-If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.  <br><br> 
+If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support  desktop computers running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune.  <br><br> 
 For Microsoft Defender SmartScreen Edge MDM policies, see [Policy CSP - Browser](/windows/client-management/mdm/policy-csp-browser).
 <table>
 <tr>

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md

@@ -20,7 +20,6 @@ ms.technology: mde
 **Applies to:**
 
 - Windows 10
-- Windows 10 Mobile
 - Microsoft Edge
 
 Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.

windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-set-individual-device.md

@@ -19,7 +19,6 @@ ms.technology: mde
 
 **Applies to:**
 - Windows 10, version 1703
-- Windows 10 Mobile
 - Microsoft Edge
 
 Microsoft Defender SmartScreen helps to protect users if they try to visit sites previously reported as phishing or malware websites, or if a user tries to download potentially malicious files.

windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md

@@ -591,18 +591,7 @@ The following table presents some key items that can be reported back to MDM dep
 </tr>
 </thead>
 <tbody>
-<tr class="odd">
+
-<td align="left"><p>Windows 10 Mobile</p></td>
-<td align="left"><ul>
-<li><p>PCR0 measurement</p></li>
-<li><p>Secure Boot enabled</p></li>
-<li><p>Secure Boot db is default</p></li>
-<li><p>Secure Boot dbx is up to date</p></li>
-<li><p>Secure Boot policy GUID is default</p></li>
-<li><p>Device Encryption enabled</p></li>
-<li><p>Code Integrity revocation list timestamp/version is up to date</p></li>
-</ul></td>
-</tr>
 <tr class="even">
 <td align="left"><p>Windows 10 for desktop editions</p></td>
 <td align="left"><ul>