Merging changes synced from https://github.com/MicrosoftDocs/windows-docs-pr (branch live)

devices/hololens/hololens2-maintenance.md

@@ -3,7 +3,7 @@ title: HoloLens 2 device care and cleaning FAQ
 description: 
 author: Teresa-Motiv
 ms.author: v-tea
-ms.date: 3/26/2020
+ms.date: 4/14/2020
 ms.prod: hololens
 ms.topic: article
 ms.custom: 
@@ -69,10 +69,10 @@ To clean the brow pad, wipe it by using a cloth that's moistened by using water
 
 ## Can I use ultraviolet (UV) light to sanitize the device?
 
-UV germicidal irradiation has not been tested on HoloLens 2.
+UV-C germicidal irradiation has not been tested on HoloLens 2.
 
 > [!CAUTION]  
-> High levels of UV exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV radiation has the following effects, in order of the duration and intensity of exposure:
+> High levels of UV-A and UV-B exposure can degrade the display quality of the device and damage the visor coating. Over-exposure to UV-A and UV-B radiation has the following effects, in order of the duration and intensity of exposure:
 >  
 > 1. The brow pad and device closures become discolored.
 > 1. Defects appear in the anti-reflective (AR) coating on the visor and on the sensor windows.

devices/surface/windows-autopilot-and-surface-devices.md

@@ -55,7 +55,7 @@ Surface partners that are enabled for Windows Autopilot include:
 | * [Insight](https://www.insight.com/en_US/buy/partner/microsoft/surface/windows-autopilot.html)  | * [Bechtle](https://www.bechtle.com/marken/microsoft/microsoft-windows-autopilot) |    |
 | * [SHI](https://www.shi.com/Surface) | * [Cancom](https://www.cancom.de/) |    |
 | * [LDI Connect](https://www.myldi.com/managed-it/)  | * [Computacenter](https://www.computacenter.com/uk) |    |
-| * [F1](https://www.functionone.com/#empower)  |   |
+| * [F1](https://www.functiononeit.com/#empower)  |   |
 
 ## Learn more
 

windows/deployment/windows-10-poc-sc-config-mgr.md

@@ -463,7 +463,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
 
 11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
 
-12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo.
+12. Click the **Task Sequence** tab. Under **State Restore** click **Tattoo** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo.
 
 13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again.
 
@@ -775,7 +775,7 @@ In this first deployment scenario, we will deploy Windows 10 using PXE. This sce
 
 9. Close the Map Network Drive window, the Explorer window, and the command prompt.
 
-10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequenc Wizard. Click **Next** to continue with the deployment.
+10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequence Wizard. Click **Next** to continue with the deployment.
 
 11. The task sequence will require several minutes to complete. You can monitor progress of the task sequence using the MDT Deployment Workbench under Deployment Shares > MDTProduction > Monitoring. The task sequence will:
     - Install Windows 10
@@ -1027,7 +1027,7 @@ In the Configuration Manager console, in the Software Library workspace under Op
 
 ### Deploy the new computer
 
-1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows Powershell prompt on the Hyper-V host:
+1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
 
     ```
     Start-VM PC4

windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md

@@ -47,7 +47,8 @@ Windows Hello provides many benefits, including:
 ## Where is Windows Hello data stored?
 The biometric data used to support Windows Hello is stored on the local device only. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data. Additionally, even if an attacker was actually able to get the biometric data from a device, it cannot be converted back into a raw biometric sample that could be recognized by the biometric sensor.
 
-Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.
+> [!NOTE]
+>Each sensor on a device will have its own biometric database file where template data is stored. Each database has a unique, randomly generated key that is encrypted to the system. The template data for the sensor will be encrypted with this per-database key using AES with CBC chaining mode. The hash is SHA256. Some fingerprint sensors have the capability to complete matching on the fingerprint sensor module instead of in the OS. These sensors will store biometric data on the fingerprint module instead of in the database file.
 
 ## Has Microsoft set any device requirements for Windows Hello?
 We've been working with the device manufacturers to help ensure a high-level of performance and protection is met by each sensor and device, based on these requirements:

windows/security/identity-protection/hello-for-business/hello-how-it-works.md

@@ -18,16 +18,23 @@ ms.reviewer:
 # How Windows Hello for Business works
 
 **Applies to**
+
 -   Windows 10
 
-Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords.  Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you.  For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices.  Windows Hello for Business also works for domain joined devices. 
+Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords.  Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you.  For cloud deployments, you can use Windows Hello for Business with Azure Active Directory joined, Hybrid Azure Active Directory joined, or Azure Active Directory registered devices.  Windows Hello for Business also works for domain joined devices.
 
 Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features.
 > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8]
 
 ## Technical Deep Dive
+
 Windows Hello for Business is a distributed system that uses several components to accomplish device registration, provisioning, and authentication. Use this section to gain a better understanding of each of the components and how they support Windows Hello for Business.
 
+Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning and authentication work.
+
+> [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s]
+> [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek]
+
 - [Technology and Terminology](hello-how-it-works-technology.md)
 - [Device Registration](hello-how-it-works-device-registration.md)
 - [Provisioning](hello-how-it-works-provisioning.md)

windows/security/identity-protection/hello-for-business/hello-videos.md

@@ -24,14 +24,33 @@ ms.reviewer:
 ## Overview of Windows Hello for Business and Features
 
 Watch Pieter Wigleven explain Windows Hello for Business, Multi-factor Unlock, and Dynamic Lock
+
 > [!VIDEO https://www.youtube.com/embed/G-GJuDWbBE8]
 
+## Why PIN is more secure than a password
+
+Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password.
+
+> [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA]
+
 ## Microsoft's passwordless strategy
 
 Watch Karanbir Singh's Ignite 2017 presentation **Microsoft's guide for going password-less**
 
 > [!VIDEO https://www.youtube.com/embed/mXJS615IGLM]
 
+## Windows Hello for Business Provisioning
+
+Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business provisioning works.
+
+> [!VIDEO https://www.youtube.com/embed/RImGsIjSJ1s]
+
+## Windows Hello for Business Authentication
+
+Watch Matthew Palko and Ravi Vennapusa explain how Windows Hello for Business authentication works.
+
+> [!VIDEO https://www.youtube.com/embed/WPmzoP_vMek]
+
 ## Windows Hello for Business user enrollment experience
 
 The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment.

windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md

@@ -21,13 +21,18 @@ ms.date: 10/23/2017
 # Why a PIN is better than a password
 
 **Applies to**
+
 -   Windows 10
 
 Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a password?
 On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than a password, it's how it works.
 
+Watch Dana Huang explain why a Windows Hello for Business PIN is more secure than a password.
+
+> [!VIDEO https://www.youtube.com/embed/cC24rPBvdhA]
 
 ## PIN is tied to the device
+
 One important difference between a password and a Hello PIN is that the PIN is tied to the specific device on which it was set up. That PIN is useless to anyone without that specific hardware. Someone who steals your password can sign in to your account from anywhere, but if they steal your PIN, they'd have to steal your physical device too!
 
 Even you can't use that PIN anywhere except on that specific device. If you want to sign in on multiple devices, you have to set up Hello on each device.
@@ -44,7 +49,7 @@ When the PIN is created, it establishes a trusted relationship with the identity
 
 The Hello PIN is backed by a Trusted Platform Module (TPM) chip, which is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM. All Windows 10 Mobile phones and many modern laptops have TPM.
 
-User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
+User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Because Hello uses asymmetric key pairs, users credentials can't be stolen in cases where the identity provider or websites the user accesses have been compromised.
 
 The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. After too many incorrect guesses, the device is locked.
 
@@ -54,10 +59,11 @@ The Windows Hello for Business PIN is subject to the same set of IT management p
 
 ## What if someone steals the laptop or phone?
 
-To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
+To compromise a Windows Hello credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user's biometrics or guess his or her PIN—and all of this must be done before [TPM anti-hammering](/windows/device-security/tpm/tpm-fundamentals#anti-hammering) protection locks the device.
 You can provide additional protection for laptops that don't have TPM by enabling BitLocker and setting a policy to limit failed sign-ins.
 
 **Configure BitLocker without TPM**
+
 1.  Use the Local Group Policy Editor (gpedit.msc) to enable the following policy:
 
     **Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup**
@@ -72,7 +78,8 @@ You can provide additional protection for laptops that don't have TPM by enablin
 2.  Set the number of invalid logon attempts to allow, and then click OK.
 
 ## Why do you need a PIN to use biometrics?
-Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can’t use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.
+
+Windows Hello enables biometric sign-in for Windows 10: fingerprint, iris, or facial recognition. When you set up Windows Hello, you're asked to create a PIN first. This PIN enables you to sign in using the PIN when you can't use your preferred biometric because of an injury or because the sensor is unavailable or not working properly.
 
 If you only had a biometric sign-in configured and, for any reason, were unable to use that method to sign in, you would have to sign in using your account and password, which doesn't provide you the same level of protection as Hello.