diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 893c06b098..4fed1981ec 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -45,6 +45,7 @@
### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
+## [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md)
## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
## [Windows 10 upgrade paths](windows-10-upgrade-paths.md)
## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index d09519574f..f7e67993e5 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -11,6 +11,11 @@ author: greg-lindsay
# Change history for Deploy Windows 10
This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+## October 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) | New |
+
## September 2016
| New or changed topic | Description |
|----------------------|-------------|
diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index 504b8b4dc8..38c64b3abc 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -21,6 +21,7 @@ Learn about deploying Windows 10 for IT professionals.
|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
|[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) 2013 Update 2 task sequence to completely automate the process. |
|[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. |
+|[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
|[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
| [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md) | Create a provisioning package to apply commonly used settings to a PC running Windows 10. |
diff --git a/windows/deploy/resolve-windows-10-upgrade-errors.md b/windows/deploy/resolve-windows-10-upgrade-errors.md
new file mode 100644
index 0000000000..8ce1abe2e0
--- /dev/null
+++ b/windows/deploy/resolve-windows-10-upgrade-errors.md
@@ -0,0 +1,890 @@
+---
+title: Resolve Windows 10 upgrade errors
+description: Resolve Windows 10 upgrade errors
+ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+localizationpriority: high
+---
+
+# Resolve Windows 10 upgrade errors
+
+**Applies to**
+- Windows 10
+
+This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade.
+
+## In this topic
+
+The following sections and procedures are provided in this guide:
+
+- [The Windows 10 upgrade process](#the-windows-10-upgrade-process): An explanation of phases used during the upgrade process.
+- [Quick fixes](#quick-fixes): Steps you can take to eliminate many Windows upgrade errors.
+- [Upgrade error codes](#upgrade-error-codes): The components of an error code are explained.
+ - [Result codes](#result-codes): Information about result codes.
+ - [Extend codes](#extend-codes): Information about extend codes.
+- [Log files](#log-files): A list and description of log files useful for troubleshooting.
+ - [Log entry structure](#log-entry-structure): The format of a log entry is described.
+ - [Analyze log files](#analyze-log-files): General procedures for log file analysis, and an example.
+- [Resolution procedures](#resolution-procedures): Causes and mitigation procedures associated with specific error codes.
+ - [0xC1900101](#0xC1900101): Information about the 0xC1900101 result code.
+ - [0x800xxxxx](#0x800xxxxx): Information about result codes that start with 0x800.
+ - [Other result codes](#other-result-codes): Additional causes and mitigation procedures are provided for some result codes.
+ - [Other error codes](#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
+
+## The Windows 10 upgrade process
+
+The Windows Setup application is used to upgrade a computer to Windows 10, or to perform a clean installation. Windows Setup starts and restarts the computer, gathers information, copies files, and creates or adjusts configuration settings. When performing an operating system upgrade, Windows Setup uses the following phases:
+
+1. **Downlevel phase**: The downlevel phase is run within the previous operating system. Installation components are gathered.
+2. **Safe OS phase**: A recovery partition is configured and updates are installed. An OS rollback is prepared if needed.
+ - Example error codes: 0x2000C, 0x20017
+3. **First boot phase**: Initial settings are applied.
+ - Example error codes: 0x30018, 0x3000D
+4. **Second boot phase**: Final settings are applied. This is also called the **OOBE boot phase**.
+ - Example error: 0x4000D, 0x40017
+5. **Uninstall phase**: This phase occurs if upgrade is unsuccessful.
+ - Example error: 0x50000
+
+**Figure 1**: Phases of a successful Windows 10 upgrade (uninstall is not shown):
+
+
+
+DU = Driver/device updates.
+OOBE = Out of box experience.
+WIM = Windows image (Microsoft)
+
+## Quick fixes
+
+The following steps can resolve many Windows upgrade problems.
+
+
+- Check all hard drives for errors and attempt repairs. To automatically repair hard drives, open an elevated command prompt, switch to the drive you wish to repair, and type the following command. You will be required to reboot the computer if the hard drive being repaired is also the system drive.
+
+
+- Attept to restore and repair system files by typing the following commands at an elevated command prompt. It may take several minutes for the command operations to be completed. For more information, see [Repair a Windows Image](https://msdn.microsoft.com/windows/hardware/commercialize/manufacture/desktop/repair-a-windows-image).
+
+- DISM.exe /Online /Cleanup-image /Restorehealth
+- sfc /scannow
+
+
+- Update Windows so that all available recommended updates are installed.
+- Uninstall non-Microsoft antivirus software.
+
+ - Use Windows Defender for protection during the upgrade.
+
- Verify compatibility information and re-install antivirus applications after the upgrade.
+
+- Uninstall all nonessential software.
+- Remove nonessential external hardware, such as docks and USB devices.
+- Update firmware and drivers.
+- Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.
+- Verify at least 16 GB of free space is available to upgrade a 32-bit OS, or 20 GB for a 64-bit OS.
+
+
+
+
+## Upgrade error codes
+
+If the upgrade process is not successful, Windows Setup will return two codes:
+
+1. **A result code**: The result code corresponds to a specific Win32 error.
+2. **An extend code**: The extend code contains information about both the *phase* in which an error occurred, and the *operation* that was being performed when the error occurred.
+
+>For example, a result code of **0xC1900101** with an extend code of **0x4000D** will be returned as: **0xC1900101 - 0x4000D**.
+
+Note: If only a result code is returned, this can be because a tool is being used that was not able to capture the extend code. For example, if you are using the [Windows 10 Upgrade Assistant](https://support.microsoft.com/en-us/kb/3159635) then only a result code might be returned.
+
+### Result codes
+
+>A result code of **0xC1900101** is generic and indicates that a rollback occurred. In most cases, the cause is a driver compatibility issue.
To troubleshoot a failed upgrade that has returned a result code of 0xC1900101, analyze the extend code to determine the Windows Setup phase, and see the [Resolution procedures](#resolution-procedures) section later in this topic.
+
+Result codes can be matched to the type of error encountered. To match a result code to an error:
+
+1. Identify the error code type, either Win32 or NTSTATUS, using the first hexidecimal digit:
+
8 = Win32 error code (ex: 0x**8**0070070)
+
C = NTSTATUS value (ex: 0x**C**1900107)
+2. Write down the last 4 digits of the error code (ex: 0x8007**0070** = 0070). These digits correspond to the last 16 bits of the [HRESULT](https://msdn.microsoft.com/en-us/library/cc231198.aspx) or the [NTSTATUS](https://msdn.microsoft.com/en-us/library/cc231200.aspx) structure.
+3. Based on the type of error code determined in the first step, match the 4 digits derived from the second step to either a [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx), or an [NTSTATUS value](https://msdn.microsoft.com/en-us/library/cc704588.aspx).
+
+For example:
+- 0x80070070 = Win32 = 0070 = 0x00000070 = ERROR_DISK_FULL
+- 0xC1900107 = NTSTATUS = 0107 = 0x00000107 = STATUS_SOME_NOT_MAPPED
+
+Some result codes are self-explanatory, whereas others are more generic and require further analysis. In the examples shown above, ERROR_DISK_FULL indicates that the hard drive is full and additional room is needed to complete Windows upgrade. The message STATUS_SOME_NOT_MAPPED is more ambiguous, and means that an action is pending. In this case, the action pending is often the cleanup operation from a previous installation attempt, which can be resolved with a system reboot.
+
+### Extend codes
+
+>Important: Extend codes reflect the current Windows 10 upgrade process, and might change in future releases of Windows 10. The codes discussed in this section apply to Windows 10 version 1607, also known as the Anniversary Update.
+
+Extend codes can be matched to the phase and operation when an error occurred. To match an extend code to the phase and operation:
+
+1. Use the first digit to identify the phase (ex: 0x4000D = 4).
+2. Use the last two digits to identify the operation (ex: 0x4000D = 0D).
+3. Match the phase and operation to values in the tables provided below.
+
+The following tables provide the corresponding phase and operation for values of an extend code:
+
+
+| Extend code: phase |
+
| Hex | Phase
+| 0 | SP_EXECUTION_UNKNOWN
+| 1 | SP_EXECUTION_DOWNLEVEL
+| 2 | SP_EXECUTION_SAFE_OS
+| 3 | SP_EXECUTION_FIRST_BOOT
+| 4 | SP_EXECUTION_OOBE_BOOT
+| 5 | SP_EXECUTION_UNINSTALL
+ | | | | | | |
+
+
+| Extend code: operation |
+
+
+| Hex | Operation
+| 0 | SP_EXECUTION_OP_UNKNOWN
+| 1 | SP_EXECUTION_OP_COPY_PAYLOAD
+| 2 | SP_EXECUTION_OP_DOWNLOAD_UPDATES
+| 3 | SP_EXECUTION_OP_INSTALL_UPDATES
+| 4 | SP_EXECUTION_OP_INSTALL_RECOVERY_ENVIRONMENT
+| 5 | SP_EXECUTION_OP_INSTALL_RECOVERY_IMAGE
+| 6 | SP_EXECUTION_OP_REPLICATE_OC
+| 7 | SP_EXECUTION_OP_INSTALL_DRVIERS
+| 8 | SP_EXECUTION_OP_PREPARE_SAFE_OS
+| 9 | SP_EXECUTION_OP_PREPARE_ROLLBACK
+| A | SP_EXECUTION_OP_PREPARE_FIRST_BOOT
+| B | SP_EXECUTION_OP_PREPARE_OOBE_BOOT
+| C | SP_EXECUTION_OP_APPLY_IMAGE
+| D | SP_EXECUTION_OP_MIGRATE_DATA
+| E | SP_EXECUTION_OP_SET_PRODUCT_KEY
+| F | SP_EXECUTION_OP_ADD_UNATTEND
+ | | | | | | | | | | | | | | | | |
+ |
+
+
+| Hex | Operation
+ | | 10 | SP_EXECUTION_OP_ADD_DRIVER
+| 11 | SP_EXECUTION_OP_ENABLE_FEATURE
+| 12 | SP_EXECUTION_OP_DISABLE_FEATURE
+| 13 | SP_EXECUTION_OP_REGISTER_ASYNC_PROCESS
+| 14 | SP_EXECUTION_OP_REGISTER_SYNC_PROCESS
+| 15 | SP_EXECUTION_OP_CREATE_FILE
+| 16 | SP_EXECUTION_OP_CREATE_REGISTRY
+| 17 | SP_EXECUTION_OP_BOOT
+| 18 | SP_EXECUTION_OP_SYSPREP
+| 19 | SP_EXECUTION_OP_OOBE
+| 1A | SP_EXECUTION_OP_BEGIN_FIRST_BOOT
+| 1B | SP_EXECUTION_OP_END_FIRST_BOOT
+| 1C | SP_EXECUTION_OP_BEGIN_OOBE_BOOT
+| 1D | SP_EXECUTION_OP_END_OOBE_BOOT
+| 1E | SP_EXECUTION_OP_PRE_OOBE
+| 1F | SP_EXECUTION_OP_POST_OOBE
+| 20 | SP_EXECUTION_OP_ADD_PROVISIONING_PACKAGE
+ | | | | | | | | | | | | | | | | |
+ |
+
+
+
+For example: An extend code of **0x4000D**, represents a problem during phase 4 (**0x4**) with data migration (**000D**).
+
+## Log files
+
+Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code.
+
+The following table describes some log files and how to use them for troubleshooting purposes:
+
+
+
+| Log file | Phase: Location | Description | When to use
+
+| setupact.log | Down-Level:
$Windows.~BT\Sources\Panther | Contains information about setup actions during the downlevel phase.
+ | All down-level failures and starting point for rollback investigations.
This is the most important log for diagnosing setup issues.
+ | OOBE:
$Windows.~BT\Sources\Panther\UnattendGC
+ | Contains information about actions during the OOBE phase. | Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.
+ | Rollback:
$Windows.~BT\Sources\Rollback | Contains information about actions during rollback. | Investigating generic rollbacks - 0xC1900101.
+ | Pre-initialization (prior to downlevel):
Windows | Contains information about initializing setup. | If setup fails to launch.
+ | Post-upgrade (after OOBE):
Windows\Panther | Contains information about setup actions during the installation. | Investigate post-upgrade related issues.
+
+ | | setuperr.log | Same as setupact.log | Contains information about setup errors during the installation. | Review all errors encountered during the installation phase.
+
+ | | miglog.xml | Post-upgrade (after OOBE):
Windows\Panther | Contains information about what was migrated during the installation. | Identify post upgrade data migration issues.
+
+ | | BlueBox.log | Down-Level:
Windows\Logs\Mosetup | Contains information communication between setup.exe and Windows Update. | Use during WSUS and WU down-level failures or for 0xC1900107.
+
+ | Supplemental rollback logs:
+Setupmem.dmp
+setupapi.dev.log
+Event logs (*.evtx)
+
+
+ | $Windows.~BT\Sources\Rollback | Additional logs collected during rollback.
+ |
+Setupmem.dmp: If OS bugchecks during upgrade, setup will attempt to extract a mini-dump.
+Setupapi: Device install issues - 0x30018
+Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.
+
+ | |
+
+### Log entry structure
+
+A setupact.log or setuperr.log entry includes the following elements:
+
+
+- The date and time - 2016-09-08 09:20:05.
+
- The log level - Info, Warning, Error, Fatal Error.
+
- The logging component - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
+
+- The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
+
+ - The message - Operation completed successfully.
+
+
+See the following example:
+
+| Date/Time | Log level | Component | Message |
+|------|------------|------------|------------|
+|2016-09-08 09:23:50,| Warning | MIG | Could not replace object C:\Users\name\Cookies. Target Object cannot be removed.|
+
+
+### Analyze log files
+
+To analyze Windows Setup log files:
+
+
+- Determine the Windows Setup error code.
+
- Based on the [extend code](#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
+
- Open the log file in a text editor, such as notepad.
+
- Using the result code portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+
- To find the last occurrence of the result code:
+
+ - Scroll to the bottom of the file and click after the last character.
+
- Click **Edit**.
+
- Click **Find**.
+
- Type the result code.
+
- Under **Direction** select **Up**.
+
- Click **Find Next**.
+
+ - When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
+
- Search for the following important text strings:
+
+ - Shell application requested abort
+
- Abandoning apply due to error for object
+
+ - Decode Win32 errors that appear in this section.
+
- Write down the timestamp for the observed errors in this section.
+
- Search other log files for additional information matching these timestamps or errors.
+
+
+For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
+
+>Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
+
+setuperr.log content:
+
+
+27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
+27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
+27:08, Error Gather failed. Last error: 0x00000000
+27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
+27:09, Error SP CMigrateFramework: Gather framework failed. Status: 44
+27:09, Error SP Operation failed: Migrate framework (Full). Error: 0x8007042B[gle=0x000000b7]
+27:09, Error SP Operation execution failed: 13. hr = 0x8007042B[gle=0x000000b7]
+27:09, Error SP CSetupPlatformPrivate::Execute: Execution of operations queue failed, abandoning. Error: 0x8007042B[gle=0x000000b7]
+
+
+The first line indicates there was an error **0x00000570** with the file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]** (shown below):
+
+
+27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
+
+
+The error 0x00000570 is a [Win32 error code](https://msdn.microsoft.com/en-us/library/cc231199.aspx) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
+
+Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**. This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
+
+setupact.log content:
+
+
+27:00, Info Gather started at 10/5/2016 23:27:00
+27:00, Info [0x080489] MIG Setting system object filter context (System)
+27:00, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped
+27:00, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped
+27:00, Info SP ExecuteProgress: Elapsed events:1 of 4, Percent: 12
+27:00, Info [0x0802c6] MIG Processing GATHER for migration unit: \UpgradeFramework (CMXEAgent)
+27:08, Error SP Error READ, 0x00000570 while gathering/applying object: File, C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Will return 0[gle=0x00000570]
+27:08, Error MIG Error 1392 while gathering object C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 [CN]. Shell application requested abort![gle=0x00000570]
+27:08, Info SP ExecuteProgress: Elapsed events:2 of 4, Percent: 25
+27:08, Info SP ExecuteProgress: Elapsed events:3 of 4, Percent: 37
+27:08, Info [0x080489] MIG Setting system object filter context (System)
+27:08, Info [0x0803e5] MIG Not unmapping HKCU\Software\Classes; it is not mapped
+27:08, Info [0x0803e5] MIG Not unmapping HKCU; it is not mapped
+27:08, Info MIG COutOfProcPluginFactory::FreeSurrogateHost: Shutdown in progress.
+27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost::CommandLine: -shortened-
+27:08, Info MIG COutOfProcPluginFactory::LaunchSurrogateHost: Successfully launched host and got control object.
+27:08, Error Gather failed. Last error: 0x00000000
+27:08, Info Gather ended at 10/5/2016 23:27:08 with result 44
+27:08, Info Leaving MigGather method
+27:08, Error SP SPDoFrameworkGather: Gather operation failed. Error: 0x0000002C
+
+
+This analysis indicates that the Windows upgrade error can be resolved by deleting the C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN] file. Note: In this example, the full, unshortened file name is C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f.
+
+## Resolution procedures
+
+### 0xC1900101
+
+A frequently observed result code is 0xC1900101. This result code can be thrown at any stage of the upgrade process, with the exception of the downlevel phase. 0xC1900101 is a generic rollback code, and usually indicates that an incompatible driver is present. The incompatible driver can cause blue screens, system hangs, and unexpected reboots. Analysis of supplemental log files is often helpful, such as:
+
+- The minidump file: $Windows.~bt\Sources\Rollback\setupmem.dmp,
+- Event logs: $Windows.~bt\Sources\Rollback\*.evtx
+- The device install log: $Windows.~bt\Sources\Rollback\setupapi\setupapi.dev.log
+
+The device install log is particularly helpful if rollback occurs during the sysprep operation (extend code 0x30018). To resolve a rollback due to driver conflicts, try running setup using a minimal set of drivers and startup programs by performing a [clean boot](https://support.microsoft.com/en-us/kb/929135) before initiating the upgrade process.
+
+
See the following general troubleshooting procedures associated with a result code of 0xC1900101:
+
+
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x20004
+ |
+
+
+| Cause
+ | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation
+
This is generally caused by out-of-date drivers.
+ |
+ |
+
+
+
+
+| Mitigation
+ | Uninstall antivirus applications.
+
Remove all unused SATA devices.
+
Remove all unused devices and drivers.
+
Update drivers and BIOS.
+ |
+ |
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x2000c
+ |
+
+
+| Cause
+ | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.
+
This is generally caused by out-of-date drivers.
+ |
+ |
+
+
+
+
+| Mitigation
+ | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
+
Contact your hardware vendor to obtain updated device drivers.
+
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.
+ |
+ |
+
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x20017
+
+ |
+
+
+| Cause
+ | A driver has caused an illegal operation.
+
Windows was not able to migrate the driver, resulting in a rollback of the operating system.
+This is a safeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software.
+ |
+ |
+
+
+
+
+| Mitigation
+ |
+Ensure that all that drivers are updated.
+Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.
+
For more information, see [Understanding Failures and Log Files](https://technet.microsoft.com/en-us/library/ee851579.aspx).
+
Update or uninstall the problem drivers.
+ |
+ |
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x30018
+ |
+
+
+| Cause
+ | | A device driver has stopped responding to setup.exe during the upgrade process.
+ |
+ |
+
+
+
+
+| Mitigation
+ |
+Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
+
Contact your hardware vendor to obtain updated device drivers.
+
Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.
+ |
+ |
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x3000D
+ |
+
+
+| Cause
+ | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.
+
This can occur due to a problem with a display driver.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ |
+Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.
+
Update or uninstall the display driver.
+ |
+ |
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x4000D
+ |
+
+
+| Cause
+ | | A rollback occurred due to a driver configuration issue.
+ Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
+
+ This can occur due to incompatible drivers.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ | |
+ Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.
+ Review the rollback log and determine the stop code.
+
The rollback log is located in the **C:\$Windows.~BT\Sources\Panther** folder. An example analysis is shown below. This example is not representative of all cases:
+ Info SP Crash 0x0000007E detected
+
Info SP Module name :
+
Info SP Bugcheck parameter 1 : 0xFFFFFFFFC0000005
+
Info SP Bugcheck parameter 2 : 0xFFFFF8015BC0036A
+
Info SP Bugcheck parameter 3 : 0xFFFFD000E5D23728
+
Info SP Bugcheck parameter 4 : 0xFFFFD000E5D22F40
+
Info SP Cannot recover the system.
+
Info SP Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.
+
+
+ Typically there is a a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:
+
+1. Make sure you have enough disk space.
+2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.
+3. Try changing video adapters.
+4. Check with your hardware vendor for any BIOS updates.
+5. Disable BIOS memory options such as caching or shadowing.
+
+ |
+ |
+
+
+
+
+
+
+| Code
+ | | 0xC1900101 - 0x40017
+ |
+
+
+| Cause
+ | Windows 10 upgrade failed after the second reboot.
+
This is usually caused by a faulty driver. For example: antivirus filter drivers or encryption drivers.
+ |
+ |
+
+
+
+
+| Mitigation
+ | Clean boot into Windows, and then attempt the upgrade to Windows 10.
+
+For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135).
+
+Ensure you select the option to "Download and install updates (recommended)."
+ |
+ |
+
+
+
+
+### 0x800xxxxx
+
+Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
+
+See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+
+
+
+
+
+
+| Code
+ | |
+
+8000405 - 0x20007
+
+ |
+
+
+| Cause
+ | |
+
+An unspecified error occurred with a driver during the SafeOS phase.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ | |
+
+This error has more than one possible cause. Attempt [quick fixes](#quick-fixes), and if not successful, [analyze log files](#analyze-log-files) in order to determine the problem and solution.
+
+ |
+ |
+
+
+
+
+
+| Code
+ | |
+
+800704B8 - 0x3001A
+
+ |
+
+
+| Cause
+ | |
+
+An extended error has occurred during the first boot phase.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ | |
+
+Disable or uninstall non-Microsoft antivirus applications, disconnect all unnecessary devices, and perform a [clean boot](https://support.microsoft.com/en-us/kb/929135).
+
+ |
+ |
+
+
+
+
+
+| Code
+ | |
+
+8007042B - 0x4000D
+
+ |
+
+
+| Cause
+ |
+
+The installation failed during the second boot phase while attempting the MIGRATE_DATA operation.
+
This issue can occur due to file system, application, or driver issues.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ | |
+
+[Analyze log files](#analyze-log-files) in order to determine the file, application, or driver that is not able to be migrated. Disconnect, update, remove, or replace the device or object.
+
+ |
+ |
+
+
+
+
+
+| Code
+ | |
+
+8007001F - 0x4000D
+
+ |
+
+
+| Cause
+ | |
+
+General failure, a device attached to the system is not functioning.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ | |
+
+[Analyze log files](#analyze-log-files) in order to determine the device that is not functioning properly. Disconnect, update, or replace the device.
+
+ |
+ |
+
+
+
+
+
+| Code
+ | |
+
+8007042B - 0x4001E
+
+ |
+
+
+| Cause
+ | |
+
+The installation failed during the second boot phase while attempting the PRE_OOBE operation.
+
+ |
+ |
+
+
+
+
+| Mitigation
+ | |
+
+This error has more than one possible cause. Attempt [quick fixes](#quick-fixes), and if not successful, [analyze log files](#analyze-log-files) in order to determine the problem and solution.
+
+ |
+ |
+
+
+
+
+
+### Other result codes
+
+
+
+
+| Error code
+ | Cause
+ | Mitigation
+ |
+
+
+| 0xC1900200 |
+Setup.exe has detected that the machine does not meet the minimum system requirements. |
+Ensure the system you are trying to upgrade meets the minimum system requirements. See [Windows 10 specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) for information. |
+
+
+
+
+| 0x80090011 |
+A device driver error occurred during user data migration. |
+Contact your hardware vendor and get all the device drivers updated. It is recommended to have an active internet connection during upgrade process.
+ Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. |
+
+
+| 0xC7700112 |
+Failure to complete writing data to the system drive, possibly due to write access failure on the hard disk. |
+This issue is resolved in the latest version of Upgrade Assistant.
+ Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process. |
+
+
+
+| 0x80190001 |
+An unexpected error was encountered while attempting to download files required for upgrade. |
+To resolve this issue, download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10).
+ |
+
+
+| 0x80246007 |
+The update was not downloaded successfully. |
+Attempt other methods of upgrading the operatign system.
+Download and run the media creation tool. See [Download windows 10](https://www.microsoft.com/en-us/software-download/windows10).
+
Attempt to upgrade using .ISO or USB.
+**Note**: Windows 10 Enterprise isn’t available in the media creation tool. For more information, go to the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx).
+ |
+
+
+| 0xC1900201 |
+The system did not pass the minimum requirements to install the update. |
+Contact the hardware vendor to get the latest updates. |
+
+
+| 0x80240017 |
+The upgrade is unavailable for this edition of Windows. |
+Administrative policies enforced by your organization might be preventing the upgrade. Contact your IT administrator. |
+
+
+
+| 0x80070020 |
+The existing process cannot access the file because it is being used by another process. |
+Use the MSCONFIG tool to perform a clean boot on the machine and then try to perform the update again. For more information, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/kb/929135). |
+
+
+| 0x80070522 |
+The user doesn’t have required privilege or credentials to upgrade. |
+Ensure that you have signed in as a local administrator or have local administrator privileges. |
+
+
+| 0xC1900107 |
+A cleanup operation from a previous installation attempt is still pending and a system reboot is required in order to continue the upgrade.
+ |
+Reboot the device and run setup again. If restarting device does not resolve the issue, then use the Disk Cleanup utility and cleanup the temporary as well as the System files. For more information, see [Disk cleanup in Windows 10](https://support.microsoft.com/en-us/instantanswers/8fef4121-711b-4be1-996f-99e02c7301c2/disk-cleanup-in-windows-10). |
+
+
+| 0xC1900209 |
+The user has chosen to cancel because the system does not pass the compatibility scan to install the update. Setup.exe will report this error when it can upgrade the machine with user data but cannot migrate installed applications. |
+Incompatible software is blocking the upgrade process. Uninstall the application and try the upgrade again. See [Windows 10 Pre-Upgrade Validation using SETUP.EXE](https://blogs.technet.microsoft.com/mniehaus/2015/08/23/windows-10-pre-upgrade-validation-using-setup-exe/) for more information.
+
+ You can also download the [Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740) and install Application Compatibility Tools.
+ |
+
+
+
+
+| 0x8007002 |
+This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403) |
+Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
+
+ The error 80072efe means that the connection with the server was terminated abnormally.
+
+ To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
+ |
+
+
+
+
+### Other error codes
+
+
+
+| Error Codes | Cause | Mitigation |
+| 0x80070003- 0x20007
+ | This is a failure during SafeOS phase driver installation.
+
+ | [Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](#analyze-log-files) to determine the problem driver.
+ |
+| 0x8007025D - 0x2000C
+ | This error occurs if the ISO file's metadata is corrupt. | "Re-download the ISO/Media and re-attempt the upgrade.
+
+Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/en-us/software-download/windows10).
+
+ |
+| 0x80070490 - 0x20007 | An incompatible device driver is present.
+
+ | [Verify device drivers](https://msdn.microsoft.com/windows/hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](#analyze-log-files) to determine the problem driver.
+
+ |
+| 0xC1900101 - 0x2000c
+ | An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.
+ | Run checkdisk to repair the file system. For more information, see the [quick fixes](#quick-fixes) section in this guide.
+ Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display. |
+| 0xC1900200 - 0x20008
+
+ | The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.
+
+ | See [Windows 10 Specifications](https://www.microsoft.com/en-us/windows/windows-10-specifications) and verify the computer meets minimum requirements.
+
+
Review logs for [compatibility information](https://blogs.technet.microsoft.com/askcore/2016/01/21/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues/). |
+| 0x80070004 - 0x3000D
+ | This is a problem with data migration during the first boot phase. There are multiple possible causes.
+
+ | [Analyze log files](#analyze-log-files) to determine the issue. |
+| 0xC1900101 - 0x4001E
+ | Installation failed in the SECOND_BOOT phase with an error during PRE_OOBE operation.
+ | This is a generic error that occurs during the OOBE phase of setup. See the [0xC1900101](#0xC1900101) section of this guide and review general troubleshooting procedures described in that section. |
+| 0x80070005 - 0x4000D
+ | The installation failed in the SECOND_BOOT phase with an error in during MIGRATE_DATA operation. This error indicates that access was denied while attempting to migrate data.
+ | [Analyze log files](#analyze-log-files) to determine the data point that is reporting access denied. |
+| 0x80070004 - 0x50012
+ | Windows Setup failed to open a file.
+ | [Analyze log files](#analyze-log-files) to determine the data point that is reporting access problems. |
+0xC190020e
+
0x80070070 - 0x50011
+
0x80070070 - 0x50012
+
0x80070070 - 0x60000
+ | These errors indicate the computer does not have enough free space available to install the upgrade.
+ | To upgrade a computer to Windows 10, it requires 16 GB of free hard drive space for a 32-bit OS, and 20 GB for a 64-bit OS. If there is not enough space, attempt to [free up drive space](https://support.microsoft.com/en-us/help/17421/windows-free-up-drive-space) before proceeding with the upgrade.
+
+ Note: If your device allows it, you can use an external USB drive for the upgrade process. Windows setup will back up the previous version of Windows to a USB external drive. The external drive must be at least 8GB (16GB is recommended). The external drive should be formatted using NTFS. Drives that are formatted in FAT32 may run into errors due to FAT32 file size limitations. USB drives are preferred over SD cards because drivers for SD cards are not migrated if the device does not support Connected Standby.
+ |
+
+
+
+
+
+
+## Related topics
+
+[Windows 10 FAQ for IT professionals](https://technet.microsoft.com/en-us/windows/dn798755.aspx)
+
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
+
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
+
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)
+
[Fix Windows Update errors by using the DISM or System Update Readiness tool](https://support.microsoft.com/kb/947821)
diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md
index 070a9e137c..8307a9bfbf 100644
--- a/windows/deploy/upgrade-analytics-get-started.md
+++ b/windows/deploy/upgrade-analytics-get-started.md
@@ -101,7 +101,7 @@ IMPORTANT: Restart user computers after you install the compatibility update KBs
| **Site discovery** | **KB** |
|----------------------|-----------------------------------------------------------------------------|
-| [Review site discovery](upgrade-analytics-review-site-discovery.md) | [KB 3170106](https://support.microsoft.com/en-us/kb/3170106)
Site discovery requires July 2016 security update for Internet Explorer. |
+| [Review site discovery](upgrade-analytics-review-site-discovery.md) | Site discovery requires the [July 2016 security update for Internet Explorer](https://support.microsoft.com/en-us/kb/3170106) (KB3170106) or later. |
### Automate data collection
diff --git a/windows/deploy/upgrade-analytics-review-site-discovery.md b/windows/deploy/upgrade-analytics-review-site-discovery.md
index 33b5bdac0e..f236d85945 100644
--- a/windows/deploy/upgrade-analytics-review-site-discovery.md
+++ b/windows/deploy/upgrade-analytics-review-site-discovery.md
@@ -15,7 +15,7 @@ This section of the Upgrade Analytics workflow provides an inventory of web site
Ensure the following prerequisites are met before using site discovery:
-1. Install the latest Internet Explorer 11 Cumulative Update. This update provides the capability for site discovery and is available in the [July 2016 cumulative update (KB3170106)](https://support.microsoft.com/kb/3170106) and later.
+1. Install the latest Internet Explorer 11 Cumulative Update. This update provides the capability for site discovery and is available in the [July 2016 cumulative update](https://support.microsoft.com/kb/3170106) and later.
2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it.
diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index c43b7b759f..c2f86a7621 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -38,7 +38,15 @@
#### [Limitations while using Windows Information Protection (WIP)](limitations-with-wip.md)
## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
-## [VPN profile options](vpn-profile-options.md)
+## [VPN technical guide](vpn-guide.md)
+### [VPN connection types](vpn-connection-type.md)
+### [VPN routing decisions](vpn-routing.md)
+### [VPN authentication options](vpn-authentication.md)
+### [VPN and conditional access](vpn-conditional-access.md)
+### [VPN name resolution](vpn-name-resolution.md)
+### [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+### [VPN security features](vpn-security-features.md)
+### [VPN profile options](vpn-profile-options.md)
## [Windows security baselines](windows-security-baselines.md)
## [Security technologies](security-technologies.md)
### [Access Control Overview](access-control.md)
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index db02131f0c..ee3f4325ff 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -12,6 +12,12 @@ author: brianlic-msft
# Change history for Keep Windows 10 secure
This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
+## October 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [VPN technical guide](vpn-guide.md) | Multiple new topics, replacing previous **VPN profile options** topic |
+
## September 2016
| New or changed topic | Description |
diff --git a/windows/keep-secure/images/vpn-app-rules.png b/windows/keep-secure/images/vpn-app-rules.png
new file mode 100644
index 0000000000..edc4a24209
Binary files /dev/null and b/windows/keep-secure/images/vpn-app-rules.png differ
diff --git a/windows/keep-secure/images/vpn-app-trigger.PNG b/windows/keep-secure/images/vpn-app-trigger.PNG
new file mode 100644
index 0000000000..aebd913df5
Binary files /dev/null and b/windows/keep-secure/images/vpn-app-trigger.PNG differ
diff --git a/windows/keep-secure/images/vpn-conditional-access-intune.png b/windows/keep-secure/images/vpn-conditional-access-intune.png
new file mode 100644
index 0000000000..9f4efabc3f
Binary files /dev/null and b/windows/keep-secure/images/vpn-conditional-access-intune.png differ
diff --git a/windows/keep-secure/images/vpn-connection-intune.png b/windows/keep-secure/images/vpn-connection-intune.png
new file mode 100644
index 0000000000..bf551eabb7
Binary files /dev/null and b/windows/keep-secure/images/vpn-connection-intune.png differ
diff --git a/windows/keep-secure/images/vpn-connection.png b/windows/keep-secure/images/vpn-connection.png
new file mode 100644
index 0000000000..c7d7a0d274
Binary files /dev/null and b/windows/keep-secure/images/vpn-connection.png differ
diff --git a/windows/keep-secure/images/vpn-custom-xml-intune.png b/windows/keep-secure/images/vpn-custom-xml-intune.png
new file mode 100644
index 0000000000..94cbb2c5cb
Binary files /dev/null and b/windows/keep-secure/images/vpn-custom-xml-intune.png differ
diff --git a/windows/keep-secure/images/vpn-device-compliance.png b/windows/keep-secure/images/vpn-device-compliance.png
new file mode 100644
index 0000000000..d33ccba508
Binary files /dev/null and b/windows/keep-secure/images/vpn-device-compliance.png differ
diff --git a/windows/keep-secure/images/vpn-eap-xml.png b/windows/keep-secure/images/vpn-eap-xml.png
new file mode 100644
index 0000000000..9a90401c88
Binary files /dev/null and b/windows/keep-secure/images/vpn-eap-xml.png differ
diff --git a/windows/keep-secure/images/vpn-intune-policy.png b/windows/keep-secure/images/vpn-intune-policy.png
new file mode 100644
index 0000000000..4224979bbd
Binary files /dev/null and b/windows/keep-secure/images/vpn-intune-policy.png differ
diff --git a/windows/keep-secure/images/vpn-name-intune.png b/windows/keep-secure/images/vpn-name-intune.png
new file mode 100644
index 0000000000..a7b3bfe3b4
Binary files /dev/null and b/windows/keep-secure/images/vpn-name-intune.png differ
diff --git a/windows/keep-secure/images/vpn-profilexml-intune.png b/windows/keep-secure/images/vpn-profilexml-intune.png
new file mode 100644
index 0000000000..7277b7a598
Binary files /dev/null and b/windows/keep-secure/images/vpn-profilexml-intune.png differ
diff --git a/windows/keep-secure/images/vpn-split-route.png b/windows/keep-secure/images/vpn-split-route.png
new file mode 100644
index 0000000000..12c3fe64d6
Binary files /dev/null and b/windows/keep-secure/images/vpn-split-route.png differ
diff --git a/windows/keep-secure/images/vpn-split.png b/windows/keep-secure/images/vpn-split.png
new file mode 100644
index 0000000000..b4143ab1e5
Binary files /dev/null and b/windows/keep-secure/images/vpn-split.png differ
diff --git a/windows/keep-secure/images/vpn-traffic-rules.png b/windows/keep-secure/images/vpn-traffic-rules.png
new file mode 100644
index 0000000000..fa7b526e80
Binary files /dev/null and b/windows/keep-secure/images/vpn-traffic-rules.png differ
diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
index b9e72308cc..d56e60b02a 100644
--- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
+++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
@@ -312,7 +312,6 @@ You’ll need this software to set Windows Hello for Business policies in your e
@@ -321,11 +320,6 @@ You’ll need this software to set Windows Hello for Business policies in your e
Key-based authentication |
Azure AD subscription |
-- Active Directory Federation Service (AD FS) (Windows Server 2016)
-- A few Windows Server 2016 domain controllers on-site
-- Microsoft System Center 2012 R2 Configuration Manager SP2
- |
-
- Azure AD subscription
- [Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)
- A few Windows Server 2016 domain controllers on-site
@@ -341,12 +335,6 @@ You’ll need this software to set Windows Hello for Business policies in your e
- PKI infrastructure
|
-- ADFS (Windows Server 2016)
-- Active Directory Domain Services (AD DS) Windows Server 2016 schema
-- PKI infrastructure
-- Configuration Manager SP2, Intune, or non-Microsoft MDM solution
- |
- |